I guess I need to add a sample application for @luckyframework :P
BTW, what would you classify as common attacks? SQL injection? XSS? Just wondering what constitutes common in your eyes.
When announcing a web framework can we please: - Include a warning if you don't handle common attacks for browser based applications by default - Include a substantial example application? At least a blog or a todo app? How do I use a conn pool? Can I convert LibErrror into 404?
-
-
-
Depends on the scope of a web framework. CSRF and Session hijacking/fixation for sure. CSRF protection should still be token based not just header based. If DB access is involved, then yes SQL injection. If templating is involved then yes XSS
- 3 more replies
New conversation -
-
-
* Not use the terms "modern" and "lightweight"
-
Seriously though "lightweight" these days appears to mean "you should not use this unless you are a security researcher"
- 1 more reply
New conversation -
-
-
I think a mandatory "it's not ready for use" section would be useful
-
Coincidentally, let me talk to you about my new Web framework which is much better than all the others (.rs - it's a long URL)
End of conversation
New conversation -
Loading seems to be taking a while.
Twitter may be over capacity or experiencing a momentary hiccup. Try again or visit Twitter Status for more information.