Claude Moore wrote:Ok, but what are your currently skills ? Doesn't the language really matter at all ?
Junilu Lacar wrote:Big Red Flag: "need language/technology that inherently protects against SQL injection or similar threats"
IMO, that's the wrong thing to be looking for if you'e concerned about security. Application security is not free; it's something you have to carefully consider and deliberately build in to your application from the start and all throughout. All languages/technologies have security issues. Choose your language/technology platform first, then do a risk assessment. If SQL injection is a risk you want to address, then learn how to do that in the language/platform that you choose. Come up with a plan/strategy for developing your application with as much security as you are willing/able to build in and see to it that developers know and follow the plan/strategy. Most of all, test, test, test. Lastly, poor quality code is virtually guaranteed to be insecure code. Well-factored, readable, and maintainable code is easier to secure and verify than poorly written code.
"Disappointing" and "Utterly Horrible" are not equal.
Tim Holloway wrote:Node.js and PHP are good for quick-and-dirty projects, but I wouldn't entrust either JavaScript frameworks or PHP on critical security matters. In fact, I wouldn't trust any language that didn't enforce strong typing for the simple reason that loose/dynamic-typed code doesn't reveal many of its possible bugs until runtime.
Anything worth doing well is worth doing poorly first. Just look at this tiny ad:
We need your help - Coderanch server fundraiser
https://coderanch.com/wiki/782867/Coderanch-server-fundraiser
|