Date: Wed, 08 Dec 2010 10:14:56 -0800 From: Chuck Swiger <cswiger@mac.com> To: Da Rock <freebsd-questions@herveybayaustralia.com.au> Cc: freebsd-questions@freebsd.org Subject: Re: Shopping cart other than OSCommerce? Message-ID: <2BE7EA7A-8604-4D21-801C-309447CD54F9@mac.com> In-Reply-To: <4CFF8A29.2030202@herveybayaustralia.com.au> References: <3374599093-437630056@intranet.com.mx> <DB1524B8-BBC3-446C-A72A-59E981DD29B3@mac.com> <4CFED0D4.3090108@herveybayaustralia.com.au> <BFB6697B-9EB5-456B-8C10-481C8DF174AA@mac.com> <4CFF8A29.2030202@herveybayaustralia.com.au>
next in thread | previous in thread | raw e-mail | index | archive | help
On Dec 8, 2010, at 5:37 AM, Da Rock wrote: > Thanks for the heads up. What language do you recommend then based on these security reports? Well, I've been implementing online stores and content-management/publishing systems written in Java and Objective-C for quite a while, so I'm biased towards those. If I were starting over from scratch today, Ruby or Python would probably enter into the picture for consideration. (Of course, Python threading runs into the GIL issue limiting true concurrency, and the only Ruby implementation around which does better is JRuby, which is Ruby implemented on top of Java.) You don't magically get immunity from SQL injection by using JDBC or EOF or whatever, but using bound variables in queries rather than feeding user input into raw SQL, or invoking stored procedures or user-defined functions instead will mitigate one of the more common security problems. Regards, -- -Chuck
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?2BE7EA7A-8604-4D21-801C-309447CD54F9>