XP is just a number | |
PerlMonks |
comment on |
( [id://3333]=superdoc: print w/replies, xml ) | Need Help?? |
Track record of incidents? Dancer: none, mojolicious: five in the CVE database. But that might just mean that somebody tracks the mojolicious bugs and nobody tracks the Dancer bugs in CVE. Which framework advocates more defensive/secure programming and stricter default template language? Both allow you to use arbitrary template engines. Mojo::Template makes it easier to interpolate escaped strings <%= ... %> than unescaped strings <%== ... %>. I don't know much about Dancer in this regard. Does the framework work under strict, warnings, strictures, taint mode, setuid setup? Both work with strinctures. In fact Mojolicious::Lite enables them by default. (By default?) protection against: XSS, XSRF, SQL injection? Mojolicious doesn't generate HTML for you by default, so there are neither vulnerabilities nor safeguards against XSRF. default admin user/password You're kidding, aren't you? In reply to Re: Mojolicious vs Dancer (security-wise)?
by moritz
|
|