EPTYou'll have few well published vulnerabilities that won't get fixed over many unpublished vulnerabilities that won't get fixed. Pick your poison.
My colleagues just reminded me why i quit - Page 3
| Blogs > Deleted User 101379 |
zatic
Zurich15365 Posts
You'll have few well published vulnerabilities that won't get fixed over many unpublished vulnerabilities that won't get fixed. Pick your poison. | ||
|
Deleted User 61629
1664 Posts
| ||
|
Wortie
Netherlands212 Posts
btw I'm in my second year of school. So if these guys finished their education they should know this kind of basic shit. | ||
|
haduken
Australia8267 Posts
But I can't understand why a debug step through won't catch errors like that. If you follow the code path, it's pretty hard to miss when you are inside a block when you shouldn't be. | ||
|
obesechicken13
United States10467 Posts
On September 13 2012 18:12 Inori wrote: Joomla is not a framework, Joomla is a Content Management System. CMS is a finished product that is limited in extensibility. Framework is a set of libraries you program the finished product on top of, nearly unlimited extensibility. You can write sites like google.com, youtube.com, facebook.com with a framework. You can't with a CMS. CMS: Joomla, Wordpress, Drupal Framework: Symfony2, ZF2, Laravel Apples and oranges. I'm aware that it's not a framework but since it uses a model view control and has default directories and table structrres as well as names, I figure it'd be easier to at least know what's on the backend. So I think joomla as well as all cms, use a framework. I'm not completely sure if CMS have anything like plugins or addons, but if they do then that's a security vulnerability through commonly used 3rd party code. I've only dabbled a bit with rails and cakephp and by a bit I mean very little so may be wrong. | ||
|
Deleted User 61629
1664 Posts
| ||
|
zatic
Zurich15365 Posts
On September 13 2012 18:12 Inori wrote: No security benefit? Can't speak for all frameworks, but Symfony2 is secure from XSS, CSRF and SQL injection - 3 most common vulnerabilities, out of the box. By design it forces on a developer security best practices like not storing plaintext passwords, not outputting errors to users, hiding filesystem layout. No offense, but claiming that there's no benefit to framework compared to own code on any level (and especially on security), even more so to a newbie developer, just means that you didn't look well enough into frameworks. I recommend you do, they're awesome. I have looked into Symfony2 extensively actually. I like it a lot. What I am saying is that any frame work can have vulnerabilities (and, stupid people are VERY creative in still doing stupid shit no matter what a frame work teaches them). And once they are published, there are immediately (possibly automated) exploits for them. The same stupid programmers that make stupid code will download their framework exactly once and never update it ever again. So, few published vulerabilities versus many unpublished ones. It doesn't really matter if they mess up their own shitty code, or other people's code. In the end the stupid people are the problem. | ||
|
Deleted User 61629
1664 Posts
| ||
|
obesechicken13
United States10467 Posts
On September 13 2012 22:56 Inori wrote: Literally LOL, that's the funniest thing I've heard in awhile. Joomla follows MVC? You can not be more wrong :D Joomla has one of the worst code quality out of open-source solutions I know. There's a reason why Joomla and Wordpress are often used by fanboys from other languages as an example on why they think PHP sucks and PHP developers are amateurs. Can you elaborate? They don't follow MVC? Sorry for the derail btw. | ||
|
Deleted User 61629
1664 Posts
| ||
|
Deleted User 101379
4849 Posts
I don't know what it's for, i actually don't even want to know, but i somehow find it funny... | ||
BigFan
TLADT24920 Posts
On September 20 2012 15:34 Morfildur wrote: I just stumbled over this function:
I don't know what it's for, i actually don't even want to know, but i somehow find it funny... Guessing it checks for a value of 80 and returns false if the variable var is 80? At least, that's what it looks like it does lol. I dunno what the program is about but I'm guessing there must be some input from the user and maybe some calculation? I'm totally guessing here lol. | ||
|
obesechicken13
United States10467 Posts
On September 20 2012 15:47 BigFan wrote: Guessing it checks for a value of 80 and returns false if the variable var is 80? At least, that's what it looks like it does lol. I dunno what the program is about but I'm guessing there must be some input from the user and maybe some calculation? I'm totally guessing here lol. Doesn't it return true if it isn't 80? Could just be a test function in production. Like you want to try something out but you don't know if it'll work right. | ||
|
Wortie
Netherlands212 Posts
On September 20 2012 15:47 BigFan wrote: Guessing it checks for a value of 80 and returns false if the variable var is 80? At least, that's what it looks like it does lol. I dunno what the program is about but I'm guessing there must be some input from the user and maybe some calculation? I'm totally guessing here lol. No he checks if $var contains the string 80.... then it returns either true or false. I don't actually know PHP, but I think you shouldn't add ' ' signs to variables if you want to store numbers in them rofl. And even then, a fucking function to check if a variable is 80 is stupid too, because you can just do $var != 80 and it will do EXACTLY the same as this, without using a function. | ||
|
BigFan
TLADT24920 Posts
On September 20 2012 23:38 obesechicken13 wrote: Doesn't it return true if it isn't 80? Could just be a test function in production. Like you want to try something out but you don't know if it'll work right. Isn't that the same as what I wrote? lol. | ||
|
obesechicken13
United States10467 Posts
On September 21 2012 10:16 BigFan wrote: ^ I don't remember much from php so I just guessed that the variable is a number. Isn't that the same as what I wrote? lol. On September 20 2012 23:38 obesechicken13 wrote: Doesn't it return true if it isn't 80? Could just be a test function in production. Like you want to try something out but you don't know if it'll work right. | ||
|
Disregard
China10252 Posts
| ||
| ||
