FUDforum: comp.lang.php » Lilupophilupop

Home » Imported messages » comp.lang.php » Lilupophilupop

Show: Today's Messages :: Polls :: Message Navigator

Re: Lilupophilupop [message #176605 is a reply to message #176604]

Wed, 11 January 2012 08:29

M. Strobel
Messages: 386
Registered: December 2011

Karma:

Senior Member

Am 11.01.2012 01:31, schrieb Peter H. Coffin:
> On Sat, 07 Jan 2012 18:27:15 +0100, Thomas Mlynarczyk wrote:
>
>> Jerry Stuckle schrieb:
>>
>>> Validating all input from the user is just good programming practice.
>>
>> And properly (!) escaping output (this includes stuff that goes into
>> SQL queries). As I see it, these two simple measures should prevent
>> 99% of all security vulnerabilities. I'd be interested in learning
>> about the remaining 1% though.
>>
>>> Nothing new here - it just shows there are a lot of programmers out
>>> there unconcerned with security.
>>
>> Indeed. But I don't understand why this is so. After all, we're not
>> talking about the personal homepage of some newbie showing pictures
>> of his dog and favourite cookie recipes. The problem exists also (if
>> not especially) with real big professional sites, even sites where
>> security is paramount (online banking), run by people who should have
>> more than enough money to pay competent, security-aware programmers to
>> do the job properly. I just don't get it.
>
> Good programmers and idiots are indistinguishable to anyone that is not
> a good programmer. The people making the hiring decisions are not good
> programmers. Ergo, idiots and good programmers get hired in proportion
> to the frequency of each in the job market, and the idiots move on to
> other positions far more frequently, voluntarily or involuntarily.
>
> Which also means that even if good programmers and idiots are in roughly
> equal measure, the good programmers are not in the market for new jobs
> nearly as often, make up a smaller portion of the market, and
> not-programmers are unlikely to hire them by accident.
>

I agree.

But beware the fallacy of the single cause. Good programmers and
idiots can change under certain conditions - learn and un-learn
good programming.

And even good programmers make compromises in their code under
the pressure of time-to-market.

/Str.

Report message to a moderator

[Message index]

		Lilupophilupop By: M. Strobel on Sat, 07 January 2012 12:15
		Re: Lilupophilupop By: Jerry Stuckle on Sat, 07 January 2012 13:15
		Re: Lilupophilupop By: Thomas Mlynarczyk on Sat, 07 January 2012 17:27
		Re: Lilupophilupop By: J.O. Aho on Sat, 07 January 2012 17:52
		Re: Lilupophilupop By: Jerry Stuckle on Sat, 07 January 2012 21:02
		Re: Lilupophilupop By: Peter H. Coffin on Wed, 11 January 2012 00:31
		Re: Lilupophilupop By: M. Strobel on Wed, 11 January 2012 08:29
		Re: Lilupophilupop By: Jerry Stuckle on Wed, 11 January 2012 13:42
		Re: Lilupophilupop By: Erwin Moller on Wed, 11 January 2012 14:23
		Re: Lilupophilupop By: Gregor Kofler on Sat, 07 January 2012 13:28
		Re: Lilupophilupop By: M. Strobel on Sat, 07 January 2012 15:13
		Re: Lilupophilupop By: Thomas 'PointedEars' on Sat, 07 January 2012 17:03
		Re: Lilupophilupop By: Gregor Kofler on Sat, 07 January 2012 19:34
		Re: Lilupophilupop By: M. Strobel on Sun, 08 January 2012 13:53
		Re: Lilupophilupop By: Gregor Kofler on Sun, 08 January 2012 14:27
		Re: Lilupophilupop By: Jerry Stuckle on Sun, 08 January 2012 15:00
		Re: Lilupophilupop By: Gregor Kofler on Sun, 08 January 2012 17:29
		Re: Lilupophilupop By: Jerry Stuckle on Sun, 08 January 2012 20:49
		Re: Lilupophilupop By: Gregor Kofler on Sun, 08 January 2012 21:59
		Re: Lilupophilupop By: Jerry Stuckle on Sun, 08 January 2012 22:38

Previous Topic:	Running function in the background?
Next Topic:	Magic quotes? Should I still be cautious?

Goto Forum:

-=] Back to Top [=-

[ Syndicate this forum (XML) ] [

]

Current Time: Fri Sep 27 14:17:45 GMT 2024

Total time taken to generate the page: 1.01476 seconds