FUDforum
Fast Uncompromising Discussions. FUDforum will get your users talking.

Home » Imported messages » comp.lang.php » Lilupophilupop
Show: Today's Messages :: Polls :: Message Navigator
Return to the default flat view Create a new topic Submit Reply
Re: Lilupophilupop [message #176465 is a reply to message #176457] Sat, 07 January 2012 21:02 Go to previous messageGo to previous message
Jerry Stuckle is currently offline  Jerry Stuckle
Messages: 2598
Registered: September 2010
Karma:
Senior Member
On 1/7/2012 12:52 PM, J.O. Aho wrote:
> Thomas Mlynarczyk wrote:
>> Jerry Stuckle schrieb:
>
>>> Nothing new here - it just shows there are a lot of programmers out
>>> there
>>> unconcerned with security.
>>
>> Indeed. But I don't understand why this is so. After all, we're not
>> talking
>> about the personal homepage of some newbie showing pictures of his dog
>> and
>> favourite cookie recipes. The problem exists also (if not especially)
>> with
>> real big professional sites, even sites where security is paramount
>> (online
>> banking), run by people who should have more than enough money to pay
>> competent, security-aware programmers to do the job properly. I just
>> don't get
>> it.
>
> The big issue is "maximize profit" and "finish on half the required
> time", when you have those two things as the main mantras, then
> everything will be crap, not just web sites and their security, but
> things like cell phones which won't hold more than max 3 years, crappy
> health care and insurances which don't cover anything at all.
>
>

True to a big extent, J.O. But proper security practices are cheaper up
front than trying to go back and fix the problem later.

I think a much bigger problem here is there are a huge number of
programmers who don't understand proper security practices. For
instance, they think the only way someone can POST data to their site is
from another page on their site, and validating data with javascript
before it is sent is sufficient security.

Nothing could be more wrong.

--
==================
Remove the "x" from my email address
Jerry Stuckle
JDS Computer Training Corp.
jstucklex(at)attglobal(dot)net
==================
[Message index]
 
Read Message
Read Message
Read Message
Read Message
Read Message
Read Message
Read Message
Read Message
Read Message
Read Message
Read Message
Read Message
Read Message
Read Message
Read Message
Read Message
Read Message
Read Message
Read Message
Read Message
Previous Topic: Running function in the background?
Next Topic: Magic quotes? Should I still be cautious?
Goto Forum:
  

-=] Back to Top [=-
[ Syndicate this forum (XML) ] [ RSS ]

Current Time: Tue Nov 26 12:54:31 GMT 2024

Total time taken to generate the page: 0.04247 seconds