3
rui902
4y

I'm a python guy, and although I've worked with bash, there's always a discussion on which one is best for Linux automation.

When it comes to best security practices and clients being really concerned about it, is python that bad of a choice?

Comments
  • 5
    Bash and Python are fundamentally different.

    Security practices shouldn't be based on a programming language at all.

    Curious - where did you get that from?

    While it's true that certain languages can be problematic... The biggest risc factor is still the human.

    Bash for simple tasks.

    Python for anything system related / complex.

    Python is mightier than bash, since bash is quite limited in it's possibilities.

    Even when you know Bash, there are a lot of pitfalls - and the syntax is sometimes a PITA.

    Regexes eg in bash are exhausting and very hard to read...
  • 0
    I joined a company last year, and no one uses python

    Now this is a cyber security startup, and security is a top concern for them all

    Problem is, all their bash scripts have hundred of lines, are complicated to read and maintain, and now the new things I do, when I suggested the first few times to do in python, I got a "python isn't secure enough for production environments" response and been since using bash

    Hence my question
  • 1
    @rui902 My question would be, "Says who?" A process is as secure as its environment.
  • 8
    @rui902 security startup build on bash scripts ?
    Is this real company ?
    Like wtf is going on with this world.
  • 1
    @rui902 ouch.

    And honestly... I cannot think of a reason why Python per se should be insecure.

    Most distributions ship a limited python environment - even in minimal build's (eg Ubuntu rootfs).

    If they ripped out python completely of whatever distribution they use... I'd partially understand. But I don't think that's an easy feature... In most cases, you'd need to spin your own OS fork.

    Interesting.
  • 5
    Rust all the things. Air gap the servers. Communicate only via fan frequency modulation.
  • 1
    @SortOfTested *rolls eyes*

    Vacation brings out the troll I guess ;)
  • 1
    @IntrusionCM
    Maybe. I'll have fish for dinner if these lines do anything. Can't wait til next year when I get the bronco and go super middle of nowhere.
  • 0
    @SortOfTested sounds like a great idea.
  • 0
    @vane I'm saying for the automation, like all the cron jobs are basically calling bash scripts, etc
  • 0
    @Demolishun yeah, since I'm new around here I don't want to confront with those kind of questions, given the fact I can't also back the python decision
  • 2
    @rui902 but you use version control system, right ?
    Otherwise I’m sure you’re writing this post from parallel universe from 90s
  • 1
    @vane you know cvs.... ?

    *hides in a dark corner*
  • 0
    Yes 😂
  • 1
    @IntrusionCM yeah I used in once or twice when making first steps in software development. Funny times.
  • 0
    @rui902 ok so each of version control system have python code and perl code. If you’re using git there is chance you’re invoking perl scripts so I don’t understand this logic.
  • 0
    Yeah, and even some Google cloud commands are using their python tool 😩
  • 2
    This sounds for me more like a snowflake gathering of "we did it in XY and we're done". (xy being bash)

    As in: why should we do it in any other way as long as we're getting paid.

    Unless you have very compelling reasons, I would recommend you to not waste your talent by staying there.
  • 1
    Call your python scripts from bash.

    Yes, I wrote it in bash.
  • 0
    I did that once 😂 jk, but I did create one python script that I just refused to do in bash, given its complexity vs python
  • 0
    @SortOfTested *looks up from pouring salt water over the servers* oh you meant the programming language
  • 1
    is perl out of the question?
  • 1
    @AleCx04 yes.

    If you want support and vetting long term I would not go for Perl.
  • 1
    @IntrusionCM Although I agree with you that security practices shouldn't be based on a language problems and risks vary greatly with the tools we use. The the question is a valid one.

    For better error handling and prevention of parameter injection issues etc. I would recommend Python over bash for security reasons. Not that it is impossible to write secure and large bash scripts. (We have a member that demonstrated that quite well)
  • 1
    @hjk101 I was a bit more specific.

    I said that Bash should be used for simple tasks. ;)

    May I ask what "insecure" thing has happened?
  • 1
    @IntrusionCM sorry the second alinea was for rui902.

    You mean insecure things that can happen in bash?
  • 0
    @hjk101 Ah.

    It sounded in the second part that a specific insecure case happened for a team member of yours.
Add Comment