Logo Questions Linux Laravel Mysql Ubuntu Git Menu
HTML CSS JAVASCRIPT SQL PYTHON PHP BOOTSTRAP JAVA JQUERY R React Kotlin
 

Is Django a good choice for a security critical application?

Tags:

Is Django a good choice for a security critical application?

I am asking this because most of the online banking software is built using Java. Is there any real reason for this?

like image 895
Andrei Savu Avatar asked Jan 31 '09 10:01

Andrei Savu

People also ask

Is Django good for security?

Django is a solid framework when it comes to security. However, there are a couple of minor issues. First, even though querysets prevent SQL injection by default, functions still exist that allow developers to create raw SQL queries.

Which Django application is used to provide security?

Django contains clickjacking protection in the form of the X-Frame-Options middleware which, in a supporting browser, can prevent a site from being rendered inside a frame.

Is Django more secure than flask?

When compared to Flask, Django embraces stability as well as a "batteries included" approach where a number of batteries (i.e., tools, patterns, features, and functionality) are provided out-of-the-box. In terms of stability, Django generally has longer, more rigid release cycles.

2 Answers

Actually, the security in Java and Python is the same. Digest-only password handling, cookies that timeout rapidly, careful deletion of sessions, multi-factor authentication. None of this is unique to a Java framework or a Python framework like Django.

Django, indeed, has a security backend architecture that allows you to add your own LDAP (or AD) connection, possibly changing the digest technique used.

Django has a Profile model where you can keep additional authentication factors.

Django offers a few standard decorators for view function authorization checking. Since Python is so flexible, you can trivially write your own decorator functions to layer in different or additional authentication checking.

Security is a number of first-class features in Django.

like image 77
S.Lott Avatar answered Oct 21 '22 04:10

S.Lott

Probably the reason behind Java is not in the in the security. I think Java is more used in large development companies and banks usually resort to them for their development needs (which probably are not only related to the web site but creep deeper in the backend).

So, I see no security reasons, mostly cultural ones.

like image 43
piro Avatar answered Oct 21 '22 05:10

piro
Sign in to Comment

Related questions

Can I get the absolute path to the current script in KornShell?
where to put break in switch/case statement with blocks
Designing tables for storing various requirements and stats for multiplayer game
iPhone - How to draw text in the middle of a rect
MySQL COUNT() and nulls
AutoComplete TextBox Control
Change default prompt and output line prefix in R?
how does the stl's multimap insert respect orderings?
Examples or Uses Cases to explain EJB Transaction Attributes
Why is this faster on 64 bit than 32 bit?
iPhone UITextField background color
PHP & mySQL: When exactly to use htmlentities?

Donate For Us

If you love us? You can donate to us via Paypal or buy me a coffee so we can maintain and grow! Thank you!