Open Source Web Frameworks : Security
- by trappedIntoCode
How secure are popular open source web frameworks?
I am particularly interested in popular frameworks like Rails and DJango.
If I am building a site which is going to do heavy e-commerce, is it Ok to use
frameworks like DJango and Satchmo?
Is security compromised because their open architecture ?
I know being OS does not mean being down right open to hackers, Linux uses superb authentication mechanism, but web is a different game.
What can be done in this regard?
UPDATE:
Thanks for answers guys.
I understand that I will have to find a suitable hosting service for a secure e-commerce application and that additional layers of security will be needed.
I understand that Django and Rails have been designed keeping security aspects in mind, the most common form attacks like XSS, Injections etc.
(Django book has a ch on Security)
I was expecting comments from security Gurus. If you are a security Guru, would you recommend an important site, which is likely going to be popular, to be built on DJango
or Rails?