Aaron Bedra: web apps in Clojure have some of the worst security

(written by lawrence krubner, however indented passages are often quotes). You can contact lawrence at: lawrence@krubner.com

Aaron Bedra – clojure.web/with-security

Breda says the Clojure community needs to have a talk, because of some bad things that happened recently. The rate of people getting hacked is going up. He says:

“Clojure web apps are some of the worst I have seen in terms of security. We are talking about PHP-without-a-framework levels of insecurity.”

“We have bricks with no mortar.”

“If I missed your library, it’s because it doesn’t exist. I could not find it on the first page of Google, which means no other programmer will find it, which means it doesn’t exist.”

“The ‘ring’ library is the only thing we have for sessions.”