Logo Questions Linux Laravel Mysql Ubuntu Git Menu
 

Is Django a good choice for a security critical application?

Tags:

Is Django a good choice for a security critical application?

I am asking this because most of the online banking software is built using Java. Is there any real reason for this?

like image 895
Andrei Savu Avatar asked Jan 31 '09 10:01

Andrei Savu


People also ask

Is Django good for security?

Django is a solid framework when it comes to security. However, there are a couple of minor issues. First, even though querysets prevent SQL injection by default, functions still exist that allow developers to create raw SQL queries.

Which Django application is used to provide security?

Django contains clickjacking protection in the form of the X-Frame-Options middleware which, in a supporting browser, can prevent a site from being rendered inside a frame.

Is Django more secure than flask?

When compared to Flask, Django embraces stability as well as a "batteries included" approach where a number of batteries (i.e., tools, patterns, features, and functionality) are provided out-of-the-box. In terms of stability, Django generally has longer, more rigid release cycles.


2 Answers

Actually, the security in Java and Python is the same. Digest-only password handling, cookies that timeout rapidly, careful deletion of sessions, multi-factor authentication. None of this is unique to a Java framework or a Python framework like Django.

Django, indeed, has a security backend architecture that allows you to add your own LDAP (or AD) connection, possibly changing the digest technique used.

Django has a Profile model where you can keep additional authentication factors.

Django offers a few standard decorators for view function authorization checking. Since Python is so flexible, you can trivially write your own decorator functions to layer in different or additional authentication checking.

Security is a number of first-class features in Django.

like image 77
S.Lott Avatar answered Oct 21 '22 04:10

S.Lott


Probably the reason behind Java is not in the in the security. I think Java is more used in large development companies and banks usually resort to them for their development needs (which probably are not only related to the web site but creep deeper in the backend).

So, I see no security reasons, mostly cultural ones.

like image 43
piro Avatar answered Oct 21 '22 05:10

piro