From owner-freebsd-questions@FreeBSD.ORG Wed Dec 8 18:14:58 2010 Return-Path: Delivered-To: freebsd-questions@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34]) by hub.freebsd.org (Postfix) with ESMTP id 418D41065670 for ; Wed, 8 Dec 2010 18:14:58 +0000 (UTC) (envelope-from cswiger@mac.com) Received: from asmtpout030.mac.com (asmtpout030.mac.com [17.148.16.105]) by mx1.freebsd.org (Postfix) with ESMTP id 266628FC16 for ; Wed, 8 Dec 2010 18:14:57 +0000 (UTC) MIME-version: 1.0 Content-transfer-encoding: 7BIT Content-type: text/plain; charset=us-ascii Received: from cswiger1.apple.com ([17.209.4.71]) by asmtp030.mac.com (Sun Java(tm) System Messaging Server 6.3-8.01 (built Dec 16 2008; 32bit)) with ESMTPSA id <0LD400IJ0G0XLN80@asmtp030.mac.com> for freebsd-questions@freebsd.org; Wed, 08 Dec 2010 10:14:57 -0800 (PST) X-Proofpoint-Spam-Details: rule=notspam policy=default score=0 spamscore=0 ipscore=0 suspectscore=0 phishscore=0 bulkscore=0 adultscore=0 classifier=spam adjust=0 reason=mlx engine=6.0.2-1010190000 definitions=main-1012080109 X-Proofpoint-Virus-Version: vendor=fsecure engine=2.50.10432:5.2.15,1.0.148,0.0.0000 definitions=2010-12-08_09:2010-12-08, 2010-12-08, 1970-01-01 signatures=0 From: Chuck Swiger In-reply-to: <4CFF8A29.2030202@herveybayaustralia.com.au> Date: Wed, 08 Dec 2010 10:14:56 -0800 Message-id: <2BE7EA7A-8604-4D21-801C-309447CD54F9@mac.com> References: <3374599093-437630056@intranet.com.mx> <4CFED0D4.3090108@herveybayaustralia.com.au> <4CFF8A29.2030202@herveybayaustralia.com.au> To: Da Rock X-Mailer: Apple Mail (2.1082) Cc: freebsd-questions@freebsd.org Subject: Re: Shopping cart other than OSCommerce? X-BeenThere: freebsd-questions@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: User questions List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Wed, 08 Dec 2010 18:14:58 -0000 On Dec 8, 2010, at 5:37 AM, Da Rock wrote: > Thanks for the heads up. What language do you recommend then based on these security reports? Well, I've been implementing online stores and content-management/publishing systems written in Java and Objective-C for quite a while, so I'm biased towards those. If I were starting over from scratch today, Ruby or Python would probably enter into the picture for consideration. (Of course, Python threading runs into the GIL issue limiting true concurrency, and the only Ruby implementation around which does better is JRuby, which is Ruby implemented on top of Java.) You don't magically get immunity from SQL injection by using JDBC or EOF or whatever, but using bound variables in queries rather than feeding user input into raw SQL, or invoking stored procedures or user-defined functions instead will mitigate one of the more common security problems. Regards, -- -Chuck