We're evaluating Mojolicious vs Dancer (Catalyst might still come back into the picture but currently the project is small and we prefer simpler and smaller framework).
Our main concern is more with security instead of speed or other factors. Would be nice if someone can compare the two, security-wise, for example:
- Track record of incidents?
- Coding style (in relation to robustness)?
- Size of code base (with/without dependencies)?
- Which framework advocates more defensive/secure programming and stricter default template language?
- Which framework encodes/escapes input and output more, by default?
- Does the framework work under strict, warnings, strictures, taint mode, setuid setup?
- (By default?) protection against: XSS, XSRF, SQL injection?
- Other difference in security practice (default URL, default admin user/password, and so on)?
-
Are you posting in the right place? Check out Where do I post X? to know for sure.
-
Posts may use any of the Perl Monks Approved HTML tags. Currently these include the following:
<code> <a> <b> <big>
<blockquote> <br /> <dd>
<dl> <dt> <em> <font>
<h1> <h2> <h3> <h4>
<h5> <h6> <hr /> <i>
<li> <nbsp> <ol> <p>
<small> <strike> <strong>
<sub> <sup> <table>
<td> <th> <tr> <tt>
<u> <ul>
-
Snippets of code should be wrapped in
<code> tags not
<pre> tags. In fact, <pre>
tags should generally be avoided. If they must
be used, extreme care should be
taken to ensure that their contents do not
have long lines (<70 chars), in order to prevent
horizontal scrolling (and possible janitor
intervention).
-
Want more info? How to link
or How to display code and escape characters
are good places to start.
|