FUDforum
Fast Uncompromising Discussions. FUDforum will get your users talking.

Home » Imported messages » comp.lang.php » Magic quotes? Should I still be cautious?
Show: Today's Messages :: Polls :: Message Navigator
Return to the default flat view Create a new topic Submit Reply
Re: Magic quotes? Should I still be cautious? [message #176623 is a reply to message #176619] Thu, 12 January 2012 07:58 Go to previous messageGo to previous message
Arno Welzel is currently offline  Arno Welzel
Messages: 317
Registered: October 2011
Karma:
Senior Member
Jerry Stuckle, 2012-01-11 20:01:

> On 1/11/2012 12:09 PM, Arno Welzel wrote:
[...]
>> Concerning PHP: Code is not more secure, just because it is closed
>> source. I don't think, that any security expert will tell the opposite.
>>
>
> Let's see you find detailed instructions on how to build a hydrogen
> bomb. You won't find it - it's secret. Never mind that you could never
> do it because you don't have a source of highly enriched uranium or
> plutonium required for the trigger.
>
> Not telling the world how you do something is not "security by
> obfuscation". But it IS security.
>
> And once again, this is off topic in this newsgroup and will be the last
> I have to say about the subject.

Sorry - but *you* mentioned off-topic examples for "security" twice
which have nothing to do with the topic of *PHP*. I never talked about
houses, bombs etc. - just security in *software*.

You claimed, security experts say, closed source is good for security.
If this statement was not about *software*, then your first statement
was already off-topic.

To get back to the topic: Magic Quotes was also an attempt to make PHP
scripts more secure by avoiding SQL injection. Unfortunately in the
early days of PHP the people behind PHP seemed to know little about
security and PHP was never meant as a powerful universal language for
web applications. Now we have still to deal with many of those
historical attempts to be "secure" like safe mode, Magic Quotes etc. -
but you must be aware, that PHP is not secure by design.


--
Arno Welzel
http://arnowelzel.de
http://de-rec-fahrrad.de
[Message index]
 
Read Message
Read Message
Read Message
Read Message
Read Message
Read Message
Read Message
Read Message
Read Message
Read Message
Read Message
Read Message
Read Message
Read Message
Read Message
Read Message
Read Message
Read Message
Read Message
Read Message
Read Message
Read Message
Read Message
Read Message
Read Message
Read Message
Read Message
Read Message
Read Message
Read Message
Read Message
Read Message
Read Message
Read Message
Read Message
Read Message
Read Message
Read Message
Read Message
Read Message
Read Message
Read Message
Read Message
Read Message
Read Message
Read Message
Read Message
Read Message
Read Message
Read Message
Read Message
Read Message
Read Message
Read Message
Read Message
Read Message
Read Message
Read Message
Read Message
Read Message
Read Message
Previous Topic: Lilupophilupop
Next Topic: [WSP] CALL FOR PAPERS [FREE]
Goto Forum:
  

-=] Back to Top [=-
[ Syndicate this forum (XML) ] [ RSS ]

Current Time: Mon Nov 25 02:14:00 GMT 2024

Total time taken to generate the page: 0.04256 seconds