In a normal situation I will be totally, absolutely agree with you But I have 2 drawbacks with this rule in my case:
1.- I'm building a programming language: seems so crazy build it with a framework. Which framework would you recommend to Guido if he was asking the same in the moment of building python? (sorry for comparing me with him) 2.- My core code has 875 lines and the code that runs the tree 146. Could you point me a framework that isn't, at least, bigger than mine who solve my security needs? I know this could seem a huge task to achieve for myself but some people said the same when I begin to program the lenguage and here I am with the base finished and taking care about security issues... I have an idea about what I need to take care but would like to have a check list to fill before contract a security auditor. Don't like to fail with the script kiddies holes and I don't have to much money to fail with the most basic tests Thanks! On 17 dic, 01:58, Graham Dumpleton <[email protected]> wrote: > There is one good simple rule for WSGI. Do not do WSGI stuff from scratch. > Use a reputable Python web framework that has already done all the hard > work as far as addressing the most common application side security issues. > > What Python web framework are you using? > > Graham > > On Saturday, 17 December 2011, Garito <[email protected]> wrote: > > Thanks Drew! > > As I said I'm reading the developing guide from OWASP but they cover > > mostly PHP, ASP.NET and Java > > Nothing about Python nor WSGI > > > On 16 dic, 22:23, Drew Yeaton <[email protected]> wrote: > >> Hey Garito, > > >> This probably isn't the mailing list you need; it's for modwsgi > > specifically, not general purpose development questions. It appears that a > OWASP-specific mailing exists here: > > > > > > > > > > >>https://lists.owasp.org/mailman/listinfo > > >> Drew > > >> On Dec 16, 2011, at 4:16 PM, Garito wrote: > > >> > Everything! > >> > Ideally will be a guide who covers the whole process (from systems to > >> > developing) but I know this is idealistic > > >> > Now I'm reading the OWASP developing guide but this is a generic > >> > developing security guide > > >> > Thanks! > > >> > On 16 dic, 22:01, Graham Dumpleton <[email protected]> wrote: > >> >> On 17 December 2011 07:51, Garito <[email protected]> wrote: > > >> >>> Hi all! > >> >>> I'm in the last stage of developing my programming language (?) > called > >> >>> Yanged (I consider it a programming language but not sure at all) > > >> >>> It's based on mindmaps. I mean I use mindmaps as source code in > Yanged > > >> >>> To test it, I'm developing an ecommerce plataform very basic but good > >> >>> enought for people who don't need special sell processes and don't > >> >>> like magnetos and this other tipical more hard ecommerce solutions > > >> >>> I hope I could finish it next month or sometime near that > > >> >>> So, I begin to put the security layer to the language but I'm not a > >> >>> security expert so far > > >> >>> Here is my question part off topic, part not: could you point me to a > >> >>> good documentation about security (the off topic?) that talks about > >> >>> wsgi (the non off topic) in particular? > > >> >> Are you talking about WSGI in general or Apache/mod_wsgi in > particular? > > >> >> You may also have to be a bit more specific as the question is quite > vague. > > >> >> Graham > > >> > -- > >> > You received this message because you are subscribed to the Google > > Groups "modwsgi" group.>> > To post to this group, send email to > [email protected]. > >> > To unsubscribe from this group, send email to > > [email protected].>> > For more options, visit this group > athttp:// > > groups.google.com/group/modwsgi?hl=en. > > > -- > > You received this message because you are subscribed to the Google Groups > "modwsgi" group. > > To post to this group, send email to [email protected]. > > To unsubscribe from this group, send email to > > [email protected].> For more options, visit this group at > > http://groups.google.com/group/modwsgi?hl=en. > > > > > > > > -- You received this message because you are subscribed to the Google Groups "modwsgi" group. To post to this group, send email to [email protected]. To unsubscribe from this group, send email to [email protected]. For more options, visit this group at http://groups.google.com/group/modwsgi?hl=en.
