[development] Turbogears: Python framework

Carl Parrish lists at pcl-consulting.com
Wed Mar 15 02:35:58 UTC 2006


Bèr Kessels wrote:

>Op dinsdag 7 maart 2006 20:02, schreef Adrian Rossouw:
>  
>
>>>Also, we /suffer/ from pitfalls; most of these framework take care  
>>>of everything security (input validation, XSS injection) whereas  
>>>with Drupal, thou shalt not forget check_plain() and friends.
>>>      
>>>
>>how could we fix that ?
>>    
>>
>
>IMO with two steps:
>
>1. Let go the current 'guideline' that everything needs a purpose. That every 
>function must be used. Core should provide an autocomplete_return_nodes() 
>even if that is not *used* in core, for example. Core should be more of a 
>handy bundle of APIs, rather then a self contained, complete functioning 
>toolset. 
>2. Add a far more complete database abstraction layer. Maybe even port Active 
>Record to Drupal. AR, is AFAIK the only reason why RoR is secure. 
>
>Bèr
>  
>
I'm more of a Ors fan myself.  Building Drupal on top of symphony or 
qcodo would give you all the advantagous (how weird would that be to 
build a frame work on *top* of a framework). Or if that is too much over 
head just propel.


More information about the development mailing list