Why would I rely on something that keeps being re-invented by everyone every month, with unknown future support?
I'm not insane. I'm writing my own web application framework. If I'm the one writing it, I know it inside-out. If I use it, I update it myself. That's the only way to be sure.
Truly, you are correct. In fact, why would you rely on a programming language that keeps being changed every few months. I am writing my own programming language. If I'm the one writing it, I know it inside-out. If I use it, I update it myself. That's the only way to be sure.
In fact, why would you rely on an operating system that keeps being changed every few months? I am writing my own operating system (written in the programming language I created of course). If I'm the one writing it, I know it inside
You don't need to worry as much about security vulnerabilities
It's mantras like these that lead to so much insecure web code being written. You should always be equally worried about security no matter if you're using a framework or homegrown code.
If you are using a popular framework, there are many people who can discover and fix vulnerabilities. If you write your own framework, you are responsible for handling that all yourself.
I think it would be better phrase "It allows you to be more confident in your application's security". You're semantically correct, a developer's level of concern for security shouldn't change.
less worried != more confident
Ok. I will make sure to be more confident that my applications are secure, while still maintaining the same level of worry that they may be insecure.
But we are not comparing PHP to Zope or Linux to Open BSD. We are comparing a solid, mature framework, built and maintained by professionals, used on hundreds or thousands of sites, with a public bug reporting system to an ad hoc collection of code written by one person so your analogy doesn't hold.
We are comparing a solid, mature framework, built and maintained by professionals, used on hundreds or thousands of sites, with a public bug reporting system to an ad hoc collection of code written by one person
Web application framework? (Score:0)
Why would I rely on something that keeps being re-invented by everyone every month, with unknown future support?
I'm not insane. I'm writing my own web application framework. If I'm the one writing it, I know it inside-out. If I use it, I update it myself. That's the only way to be sure.
Re: (Score:0, Redundant)
Re: (Score:5, Insightful)
You don't need to worry as much about security vulnerabilities
It's mantras like these that lead to so much insecure web code being written. You should always be equally worried about security no matter if you're using a framework or homegrown code.
Re:Web application framework? (Score:3, Insightful)
Re: (Score:0, Redundant)
If you are using a popular framework, there are many people who can discover and fix vulnerabilities.
And? How does this in any way entail that you should be less worried about security issues?
Re: (Score:1)
Re: (Score:2)
Re: (Score:1)
less worried != more confident Ok. I will make sure to be more confident that my applications are secure, while still maintaining the same level of worry that they may be insecure.
Re: (Score:2)
As with any programming, you can still create security problems for yourself even using a popular framework.
That's like claiming there's fewer security errors in PHP websites than Zope sites because PHP is more popular.
In fact, popular rarely equates to secure.
Linux is more popular, OpenBSD is arguably more secure. Security often offends the sensibilities that would make a thing popular.
Re: (Score:1)
Re: (Score:2)
We are comparing a solid, mature framework, built and maintained by professionals, used on hundreds or thousands of sites, with a public bug reporting system to an ad hoc collection of code written by one person
Sounds like Linux vs OpenBSD to me!
Re: (Score:2)
Your incomplete understanding of my analogy does not invalidate it.