Hacker News new | past | comments | ask | show | jobs | submit login

> Rails should take care of most of this for you

I often found myself falling into the "I'm not using PHP, so I don't have to worry about any security holes" trap. CSRF is something you really need to watch out for if you are constructing forms manually!




And while you are bashing PHP, actual professionals use it all the time and don't fall for those noob mistakes. Learn some Symfony2.


No bashing intended. I started off writing bad applications in plain PHP that were full of security holes, and moved on to writing better applications in Python with the help of frameworks - at the time I didn't realise there were helper frameworks for PHP too and thought Python was infallible.


Giving OP benefit of the doubt I think s/he meant to say "When I'm not using a framework."


No need to construct forms manually, Rails form helpers take care of authenticity tokens automatically.


I use Python myself and had this problem until I discovered WTForms.




Guidelines | FAQ | Lists | API | Security | Legal | Apply to YC | Contact

Search: