FUDforum: comp.lang.php » Lilupophilupop

Home » Imported messages » comp.lang.php » Lilupophilupop

Show: Today's Messages :: Polls :: Message Navigator

Re: Lilupophilupop [message #176511 is a reply to message #176494]

Sun, 08 January 2012 20:49

Jerry Stuckle
Messages: 2598
Registered: September 2010

Karma:

Senior Member

On 1/8/2012 12:29 PM, Gregor Kofler wrote:
> Am 2012-01-08 16:00, Jerry Stuckle meinte:
>> On 1/8/2012 9:27 AM, Gregor Kofler wrote:
>>> Am 2012-01-08 14:53, M. Strobel meinte:
>>>> Am 07.01.2012 20:34, schrieb Gregor Kofler:
>>>> > Am 2012-01-07 16:13, M. Strobel meinte:
>>>> >> Am 07.01.2012 14:28, schrieb Gregor Kofler:
>>>> >>> Am 2012-01-07 13:15, M. Strobel meinte:
>>>> >>
>>>> >>>> But it happens all the time. If you use tools/4GLs/CMSses you
>>>> >>>> have to trust them, of course.
>>>> >>>
>>>> >>> How can I "trust" (or "mistrust") 4GLs?
>>>>
>>>> Believe that the software does what it is meant to.
>>>> Are you going to ask what I think it is meant to, or what I thing
>>>> you think it is meant to?
>>>
>>> A 4th generation language can have bugs and allow exploits, just like
>>> 3rd generation languages. Despite the version upgrade, you still have to
>>> write scripts or programs (and care about security issues, which arise
>>> in the scope of your script). A CMS is a ready-to-use product, that
>>> *should* take care of such issues and rule out any security issues in
>>> the scope of the scripts of the application.
>>>
>>
>> Your reasoning is faulty. A 4GL should rule out security issues in the
>> scope of the language. A CMS can also have bugs and allow exploits.
>
> I can't see any difference to 3GLs. Take the mentioned CF. It allows to
> define the data type of supplied arguments for function calls. It allows
> intrinsic escaping of query strings. Both features *can* (and should) be
> used, but it's not obligatory (and they are not "enabled" by some
> default setting). Not doing can and will lead to injections. It's more
> or less the same thing as with PHP.
>

First of all, please study up on what a 3GL language is and what a 4GL
language is (I won't get into it here - it's off topic in this newsgroup).

>> And even with a CMS you have to write your own scripts.
>
> Pardon? You can, but you don't have to. No need to write scripts with
> WordPress, Joomla!, Typo3, ...
>

I've used WordPress, Joomla and Drupal. In every one of them I've ended
up writing code for my client because the plugins don't do what he wants.

Of course, if you just tell the client he can only do what the addons
allow, that's one thing. I prefer to satisfy the client's needs.

>> Also, CMS's have had any number of security problems over the years,
>> even within their own scope.
>
> Agreed. PHP-Nuke comes to my mind...
>

And WordPress and Joomla and Drupal and all kinds of others.

>> I trust languages (even 4GL) much more than I do CMS's.
>
> So do I.
>
> Gregor
>
>

--
==================
Remove the "x" from my email address
Jerry Stuckle
JDS Computer Training Corp.
jstucklex(at)attglobal(dot)net
==================

Report message to a moderator

[Message index]

		Lilupophilupop By: M. Strobel on Sat, 07 January 2012 12:15
		Re: Lilupophilupop By: Jerry Stuckle on Sat, 07 January 2012 13:15
		Re: Lilupophilupop By: Thomas Mlynarczyk on Sat, 07 January 2012 17:27
		Re: Lilupophilupop By: J.O. Aho on Sat, 07 January 2012 17:52
		Re: Lilupophilupop By: Jerry Stuckle on Sat, 07 January 2012 21:02
		Re: Lilupophilupop By: Peter H. Coffin on Wed, 11 January 2012 00:31
		Re: Lilupophilupop By: M. Strobel on Wed, 11 January 2012 08:29
		Re: Lilupophilupop By: Jerry Stuckle on Wed, 11 January 2012 13:42
		Re: Lilupophilupop By: Erwin Moller on Wed, 11 January 2012 14:23
		Re: Lilupophilupop By: Gregor Kofler on Sat, 07 January 2012 13:28
		Re: Lilupophilupop By: M. Strobel on Sat, 07 January 2012 15:13
		Re: Lilupophilupop By: Thomas 'PointedEars' on Sat, 07 January 2012 17:03
		Re: Lilupophilupop By: Gregor Kofler on Sat, 07 January 2012 19:34
		Re: Lilupophilupop By: M. Strobel on Sun, 08 January 2012 13:53
		Re: Lilupophilupop By: Gregor Kofler on Sun, 08 January 2012 14:27
		Re: Lilupophilupop By: Jerry Stuckle on Sun, 08 January 2012 15:00
		Re: Lilupophilupop By: Gregor Kofler on Sun, 08 January 2012 17:29
		Re: Lilupophilupop By: Jerry Stuckle on Sun, 08 January 2012 20:49
		Re: Lilupophilupop By: Gregor Kofler on Sun, 08 January 2012 21:59
		Re: Lilupophilupop By: Jerry Stuckle on Sun, 08 January 2012 22:38

Previous Topic:	Running function in the background?
Next Topic:	Magic quotes? Should I still be cautious?

Goto Forum:

-=] Back to Top [=-

[ Syndicate this forum (XML) ] [

]

Current Time: Fri Sep 27 14:17:13 GMT 2024

Total time taken to generate the page: 0.04462 seconds