Claude Moore wrote:Ok, but what are your currently skills ? Doesn't the language really matter at all ?
Junilu Lacar wrote:Big Red Flag: "need language/technology that inherently protects against SQL injection or similar threats"
IMO, that's the wrong thing to be looking for if you'e concerned about security. Application security is not free; it's something you have to carefully consider and deliberately build in to your application from the start and all throughout. All languages/technologies have security issues. Choose your language/technology platform first, then do a risk assessment. If SQL injection is a risk you want to address, then learn how to do that in the language/platform that you choose. Come up with a plan/strategy for developing your application with as much security as you are willing/able to build in and see to it that developers know and follow the plan/strategy. Most of all, test, test, test. Lastly, poor quality code is virtually guaranteed to be insecure code. Well-factored, readable, and maintainable code is easier to secure and verify than poorly written code.
The secret of how to be miserable is to constantly expect things are going to happen the way that they are "supposed" to happen.
You can have faith, which carries the understanding that you may be disappointed. Then there's being a willfully-blind idiot, which virtually guarantees it.
Tim Holloway wrote:Node.js and PHP are good for quick-and-dirty projects, but I wouldn't entrust either JavaScript frameworks or PHP on critical security matters. In fact, I wouldn't trust any language that didn't enforce strong typing for the simple reason that loose/dynamic-typed code doesn't reveal many of its possible bugs until runtime.
Yes, of course, and I accept that blame. In fact, i covet that blame. As does this tiny ad:
a bit of art, as a gift, the permaculture playing cards
https://gardener-gift.com
|