FUDforum
Fast Uncompromising Discussions. FUDforum will get your users talking.

Home » Imported messages » comp.lang.php » Lilupophilupop
Show: Today's Messages :: Polls :: Message Navigator
Return to the default flat view Create a new topic Submit Reply
Re: Lilupophilupop [message #176511 is a reply to message #176494] Sun, 08 January 2012 20:49 Go to previous messageGo to previous message
Jerry Stuckle is currently offline  Jerry Stuckle
Messages: 2598
Registered: September 2010
Karma:
Senior Member
On 1/8/2012 12:29 PM, Gregor Kofler wrote:
> Am 2012-01-08 16:00, Jerry Stuckle meinte:
>> On 1/8/2012 9:27 AM, Gregor Kofler wrote:
>>> Am 2012-01-08 14:53, M. Strobel meinte:
>>>> Am 07.01.2012 20:34, schrieb Gregor Kofler:
>>>> > Am 2012-01-07 16:13, M. Strobel meinte:
>>>> >> Am 07.01.2012 14:28, schrieb Gregor Kofler:
>>>> >>> Am 2012-01-07 13:15, M. Strobel meinte:
>>>> >>
>>>> >>>> But it happens all the time. If you use tools/4GLs/CMSses you
>>>> >>>> have to trust them, of course.
>>>> >>>
>>>> >>> How can I "trust" (or "mistrust") 4GLs?
>>>>
>>>> Believe that the software does what it is meant to.
>>>> Are you going to ask what I think it is meant to, or what I thing
>>>> you think it is meant to?
>>>
>>> A 4th generation language can have bugs and allow exploits, just like
>>> 3rd generation languages. Despite the version upgrade, you still have to
>>> write scripts or programs (and care about security issues, which arise
>>> in the scope of your script). A CMS is a ready-to-use product, that
>>> *should* take care of such issues and rule out any security issues in
>>> the scope of the scripts of the application.
>>>
>>
>> Your reasoning is faulty. A 4GL should rule out security issues in the
>> scope of the language. A CMS can also have bugs and allow exploits.
>
> I can't see any difference to 3GLs. Take the mentioned CF. It allows to
> define the data type of supplied arguments for function calls. It allows
> intrinsic escaping of query strings. Both features *can* (and should) be
> used, but it's not obligatory (and they are not "enabled" by some
> default setting). Not doing can and will lead to injections. It's more
> or less the same thing as with PHP.
>

First of all, please study up on what a 3GL language is and what a 4GL
language is (I won't get into it here - it's off topic in this newsgroup).

>> And even with a CMS you have to write your own scripts.
>
> Pardon? You can, but you don't have to. No need to write scripts with
> WordPress, Joomla!, Typo3, ...
>

I've used WordPress, Joomla and Drupal. In every one of them I've ended
up writing code for my client because the plugins don't do what he wants.

Of course, if you just tell the client he can only do what the addons
allow, that's one thing. I prefer to satisfy the client's needs.

>> Also, CMS's have had any number of security problems over the years,
>> even within their own scope.
>
> Agreed. PHP-Nuke comes to my mind...
>

And WordPress and Joomla and Drupal and all kinds of others.

>> I trust languages (even 4GL) much more than I do CMS's.
>
> So do I.
>
> Gregor
>
>


--
==================
Remove the "x" from my email address
Jerry Stuckle
JDS Computer Training Corp.
jstucklex(at)attglobal(dot)net
==================
[Message index]
 
Read Message
Read Message
Read Message
Read Message
Read Message
Read Message
Read Message
Read Message
Read Message
Read Message
Read Message
Read Message
Read Message
Read Message
Read Message
Read Message
Read Message
Read Message
Read Message
Read Message
Previous Topic: Running function in the background?
Next Topic: Magic quotes? Should I still be cautious?
Goto Forum:
  

-=] Back to Top [=-
[ Syndicate this forum (XML) ] [ RSS ]

Current Time: Sun Nov 24 23:31:21 GMT 2024

Total time taken to generate the page: 0.04999 seconds