FUDforum
Fast Uncompromising Discussions. FUDforum will get your users talking.

Home » Imported messages » comp.lang.php » Lilupophilupop
Show: Today's Messages :: Polls :: Message Navigator
Return to the default flat view Create a new topic Submit Reply
Re: Lilupophilupop [message #176494 is a reply to message #176486] Sun, 08 January 2012 17:29 Go to previous messageGo to previous message
Gregor Kofler is currently offline  Gregor Kofler
Messages: 69
Registered: September 2010
Karma:
Member
Am 2012-01-08 16:00, Jerry Stuckle meinte:
> On 1/8/2012 9:27 AM, Gregor Kofler wrote:
>> Am 2012-01-08 14:53, M. Strobel meinte:
>>> Am 07.01.2012 20:34, schrieb Gregor Kofler:
>>>> Am 2012-01-07 16:13, M. Strobel meinte:
>>>> > Am 07.01.2012 14:28, schrieb Gregor Kofler:
>>>> >> Am 2012-01-07 13:15, M. Strobel meinte:
>>>> >
>>>> >>> But it happens all the time. If you use tools/4GLs/CMSses you
>>>> >>> have to trust them, of course.
>>>> >>
>>>> >> How can I "trust" (or "mistrust") 4GLs?
>>>
>>> Believe that the software does what it is meant to.
>>> Are you going to ask what I think it is meant to, or what I thing
>>> you think it is meant to?
>>
>> A 4th generation language can have bugs and allow exploits, just like
>> 3rd generation languages. Despite the version upgrade, you still have to
>> write scripts or programs (and care about security issues, which arise
>> in the scope of your script). A CMS is a ready-to-use product, that
>> *should* take care of such issues and rule out any security issues in
>> the scope of the scripts of the application.
>>
>
> Your reasoning is faulty. A 4GL should rule out security issues in the
> scope of the language. A CMS can also have bugs and allow exploits.

I can't see any difference to 3GLs. Take the mentioned CF. It allows to
define the data type of supplied arguments for function calls. It allows
intrinsic escaping of query strings. Both features *can* (and should) be
used, but it's not obligatory (and they are not "enabled" by some
default setting). Not doing can and will lead to injections. It's more
or less the same thing as with PHP.

> And even with a CMS you have to write your own scripts.

Pardon? You can, but you don't have to. No need to write scripts with
WordPress, Joomla!, Typo3, ...

> Also, CMS's have had any number of security problems over the years,
> even within their own scope.

Agreed. PHP-Nuke comes to my mind...

> I trust languages (even 4GL) much more than I do CMS's.

So do I.

Gregor
[Message index]
 
Read Message
Read Message
Read Message
Read Message
Read Message
Read Message
Read Message
Read Message
Read Message
Read Message
Read Message
Read Message
Read Message
Read Message
Read Message
Read Message
Read Message
Read Message
Read Message
Read Message
Previous Topic: Running function in the background?
Next Topic: Magic quotes? Should I still be cautious?
Goto Forum:
  

-=] Back to Top [=-
[ Syndicate this forum (XML) ] [ RSS ]

Current Time: Sun Nov 24 23:54:07 GMT 2024

Total time taken to generate the page: 0.05203 seconds