FUDforum: comp.lang.php » Lilupophilupop

Home » Imported messages » comp.lang.php » Lilupophilupop

Show: Today's Messages :: Polls :: Message Navigator

Re: Lilupophilupop [message #176604 is a reply to message #176456]

Wed, 11 January 2012 00:31

Peter H. Coffin
Messages: 245
Registered: September 2010

Karma:

Senior Member

On Sat, 07 Jan 2012 18:27:15 +0100, Thomas Mlynarczyk wrote:

> Jerry Stuckle schrieb:
>
>> Validating all input from the user is just good programming practice.
>
> And properly (!) escaping output (this includes stuff that goes into
> SQL queries). As I see it, these two simple measures should prevent
> 99% of all security vulnerabilities. I'd be interested in learning
> about the remaining 1% though.
>
>> Nothing new here - it just shows there are a lot of programmers out
>> there unconcerned with security.
>
> Indeed. But I don't understand why this is so. After all, we're not
> talking about the personal homepage of some newbie showing pictures
> of his dog and favourite cookie recipes. The problem exists also (if
> not especially) with real big professional sites, even sites where
> security is paramount (online banking), run by people who should have
> more than enough money to pay competent, security-aware programmers to
> do the job properly. I just don't get it.

Good programmers and idiots are indistinguishable to anyone that is not
a good programmer. The people making the hiring decisions are not good
programmers. Ergo, idiots and good programmers get hired in proportion
to the frequency of each in the job market, and the idiots move on to
other positions far more frequently, voluntarily or involuntarily.

Which also means that even if good programmers and idiots are in roughly
equal measure, the good programmers are not in the market for new jobs
nearly as often, make up a smaller portion of the market, and
not-programmers are unlikely to hire them by accident.

--
88. If a group of henchmen fail miserably at a task, I will not berate
them for incompetence then send the same group out to try the task
again.
--Peter Anspach's list of things to do as an Evil Overlord

Report message to a moderator

[Message index]

		Lilupophilupop By: M. Strobel on Sat, 07 January 2012 12:15
		Re: Lilupophilupop By: Jerry Stuckle on Sat, 07 January 2012 13:15
		Re: Lilupophilupop By: Thomas Mlynarczyk on Sat, 07 January 2012 17:27
		Re: Lilupophilupop By: J.O. Aho on Sat, 07 January 2012 17:52
		Re: Lilupophilupop By: Jerry Stuckle on Sat, 07 January 2012 21:02
		Re: Lilupophilupop By: Peter H. Coffin on Wed, 11 January 2012 00:31
		Re: Lilupophilupop By: M. Strobel on Wed, 11 January 2012 08:29
		Re: Lilupophilupop By: Jerry Stuckle on Wed, 11 January 2012 13:42
		Re: Lilupophilupop By: Erwin Moller on Wed, 11 January 2012 14:23
		Re: Lilupophilupop By: Gregor Kofler on Sat, 07 January 2012 13:28
		Re: Lilupophilupop By: M. Strobel on Sat, 07 January 2012 15:13
		Re: Lilupophilupop By: Thomas 'PointedEars' on Sat, 07 January 2012 17:03
		Re: Lilupophilupop By: Gregor Kofler on Sat, 07 January 2012 19:34
		Re: Lilupophilupop By: M. Strobel on Sun, 08 January 2012 13:53
		Re: Lilupophilupop By: Gregor Kofler on Sun, 08 January 2012 14:27
		Re: Lilupophilupop By: Jerry Stuckle on Sun, 08 January 2012 15:00
		Re: Lilupophilupop By: Gregor Kofler on Sun, 08 January 2012 17:29
		Re: Lilupophilupop By: Jerry Stuckle on Sun, 08 January 2012 20:49
		Re: Lilupophilupop By: Gregor Kofler on Sun, 08 January 2012 21:59
		Re: Lilupophilupop By: Jerry Stuckle on Sun, 08 January 2012 22:38

Previous Topic:	Running function in the background?
Next Topic:	Magic quotes? Should I still be cautious?

Goto Forum:

-=] Back to Top [=-

[ Syndicate this forum (XML) ] [

]

Current Time: Sun Oct 20 06:43:52 GMT 2024

Total time taken to generate the page: 0.04278 seconds