FUDforum: comp.lang.php » Lilupophilupop

Home » Imported messages » comp.lang.php » Lilupophilupop

Show: Today's Messages :: Polls :: Message Navigator

Re: Lilupophilupop [message #176494 is a reply to message #176486]

Sun, 08 January 2012 17:29

Gregor Kofler
Messages: 69
Registered: September 2010

Karma:

Member

Am 2012-01-08 16:00, Jerry Stuckle meinte:
> On 1/8/2012 9:27 AM, Gregor Kofler wrote:
>> Am 2012-01-08 14:53, M. Strobel meinte:
>>> Am 07.01.2012 20:34, schrieb Gregor Kofler:
>>>> Am 2012-01-07 16:13, M. Strobel meinte:
>>>> > Am 07.01.2012 14:28, schrieb Gregor Kofler:
>>>> >> Am 2012-01-07 13:15, M. Strobel meinte:
>>>> >
>>>> >>> But it happens all the time. If you use tools/4GLs/CMSses you
>>>> >>> have to trust them, of course.
>>>> >>
>>>> >> How can I "trust" (or "mistrust") 4GLs?
>>>
>>> Believe that the software does what it is meant to.
>>> Are you going to ask what I think it is meant to, or what I thing
>>> you think it is meant to?
>>
>> A 4th generation language can have bugs and allow exploits, just like
>> 3rd generation languages. Despite the version upgrade, you still have to
>> write scripts or programs (and care about security issues, which arise
>> in the scope of your script). A CMS is a ready-to-use product, that
>> *should* take care of such issues and rule out any security issues in
>> the scope of the scripts of the application.
>>
>
> Your reasoning is faulty. A 4GL should rule out security issues in the
> scope of the language. A CMS can also have bugs and allow exploits.

I can't see any difference to 3GLs. Take the mentioned CF. It allows to
define the data type of supplied arguments for function calls. It allows
intrinsic escaping of query strings. Both features *can* (and should) be
used, but it's not obligatory (and they are not "enabled" by some
default setting). Not doing can and will lead to injections. It's more
or less the same thing as with PHP.

> And even with a CMS you have to write your own scripts.

Pardon? You can, but you don't have to. No need to write scripts with
WordPress, Joomla!, Typo3, ...

> Also, CMS's have had any number of security problems over the years,
> even within their own scope.

Agreed. PHP-Nuke comes to my mind...

> I trust languages (even 4GL) much more than I do CMS's.

So do I.

Gregor

Report message to a moderator

[Message index]

		Lilupophilupop By: M. Strobel on Sat, 07 January 2012 12:15
		Re: Lilupophilupop By: Jerry Stuckle on Sat, 07 January 2012 13:15
		Re: Lilupophilupop By: Thomas Mlynarczyk on Sat, 07 January 2012 17:27
		Re: Lilupophilupop By: J.O. Aho on Sat, 07 January 2012 17:52
		Re: Lilupophilupop By: Jerry Stuckle on Sat, 07 January 2012 21:02
		Re: Lilupophilupop By: Peter H. Coffin on Wed, 11 January 2012 00:31
		Re: Lilupophilupop By: M. Strobel on Wed, 11 January 2012 08:29
		Re: Lilupophilupop By: Jerry Stuckle on Wed, 11 January 2012 13:42
		Re: Lilupophilupop By: Erwin Moller on Wed, 11 January 2012 14:23
		Re: Lilupophilupop By: Gregor Kofler on Sat, 07 January 2012 13:28
		Re: Lilupophilupop By: M. Strobel on Sat, 07 January 2012 15:13
		Re: Lilupophilupop By: Thomas 'PointedEars' on Sat, 07 January 2012 17:03
		Re: Lilupophilupop By: Gregor Kofler on Sat, 07 January 2012 19:34
		Re: Lilupophilupop By: M. Strobel on Sun, 08 January 2012 13:53
		Re: Lilupophilupop By: Gregor Kofler on Sun, 08 January 2012 14:27
		Re: Lilupophilupop By: Jerry Stuckle on Sun, 08 January 2012 15:00
		Re: Lilupophilupop By: Gregor Kofler on Sun, 08 January 2012 17:29
		Re: Lilupophilupop By: Jerry Stuckle on Sun, 08 January 2012 20:49
		Re: Lilupophilupop By: Gregor Kofler on Sun, 08 January 2012 21:59
		Re: Lilupophilupop By: Jerry Stuckle on Sun, 08 January 2012 22:38

Previous Topic:	Running function in the background?
Next Topic:	Magic quotes? Should I still be cautious?

Goto Forum:

-=] Back to Top [=-

[ Syndicate this forum (XML) ] [

]

Current Time: Fri Sep 27 14:18:49 GMT 2024

Total time taken to generate the page: 1.28497 seconds