My colleagues just reminded me why i quit - Page 3

zatic

Zurich15307 Posts

September 12 2012 22:10 GMT

#41

Yeah exactly, there is no security benefit from having stupid people using frameworks over stupid people writing their own code.

You'll have few well published vulnerabilities that won't get fixed over many unpublished vulnerabilities that won't get fixed. Pick your poison.

Deleted User 61629

1664 Posts

September 13 2012 09:12 GMT

#42

--- Nuked ---

Wortie

Netherlands212 Posts

September 13 2012 10:07 GMT

#43

I had some guys in school too. That wrote if(booleanvariable == true). That fucking makes me cringe. How the fuck can you mess up basic variables? I mean, they're basically the same ones for every language.

btw I'm in my second year of school. So if these guys finished their education they should know this kind of basic shit.

haduken

Australia8267 Posts

September 13 2012 11:04 GMT

#44

I sometimes make mistakes like this due to weak fundamentals :/

But I can't understand why a debug step through won't catch errors like that. If you follow the code path, it's pretty hard to miss when you are inside a block when you shouldn't be.

obesechicken13

United States10467 Posts

September 13 2012 13:32 GMT

#45

On September 13 2012 18:12 Inori wrote:

Show nested quote +

Joomla is not a framework, Joomla is a Content Management System.
CMS is a finished product that is limited in extensibility.
Framework is a set of libraries you program the finished product on top of, nearly unlimited extensibility.
You can write sites like google.com, youtube.com, facebook.com with a framework. You can't with a CMS.
CMS: Joomla, Wordpress, Drupal
Framework: Symfony2, ZF2, Laravel

Apples and oranges.

I'm aware that it's not a framework but since it uses a model view control and has default directories and table structrres as well as names, I figure it'd be easier to at least know what's on the backend. So I think joomla as well as all cms, use a framework.

I'm not completely sure if CMS have anything like plugins or addons, but if they do then that's a security vulnerability through commonly used 3rd party code.

I've only dabbled a bit with rails and cakephp and by a bit I mean very little so may be wrong.

Deleted User 61629

1664 Posts

September 13 2012 13:56 GMT

#46

--- Nuked ---

zatic

Zurich15307 Posts

September 13 2012 14:05 GMT

#47

On September 13 2012 18:12 Inori wrote:

Show nested quote +

No security benefit?
Can't speak for all frameworks, but Symfony2 is secure from XSS, CSRF and SQL injection - 3 most common vulnerabilities, out of the box. By design it forces on a developer security best practices like not storing plaintext passwords, not outputting errors to users, hiding filesystem layout.

No offense, but claiming that there's no benefit to framework compared to own code on any level (and especially on security), even more so to a newbie developer, just means that you didn't look well enough into frameworks. I recommend you do, they're awesome.

I have looked into Symfony2 extensively actually. I like it a lot.

What I am saying is that any frame work can have vulnerabilities (and, stupid people are VERY creative in still doing stupid shit no matter what a frame work teaches them). And once they are published, there are immediately (possibly automated) exploits for them. The same stupid programmers that make stupid code will download their framework exactly once and never update it ever again. So, few published vulerabilities versus many unpublished ones.

It doesn't really matter if they mess up their own shitty code, or other people's code. In the end the stupid people are the problem.

Deleted User 61629

1664 Posts

September 13 2012 14:19 GMT

#48

--- Nuked ---

obesechicken13

United States10467 Posts

September 13 2012 16:59 GMT

#49

On September 13 2012 22:56 Inori wrote:

Show nested quote +

On September 13 2012 22:32 obesechicken13 wrote:

On September 13 2012 18:12 Inori wrote:

On September 13 2012 04:42 obesechicken13 wrote:

On September 13 2012 00:55 Inori wrote:

On September 12 2012 22:15 zatic wrote:
Frameworks are not the solution to shitty programmers though. The same guys will also implement the framework - and do just as much wrong as if they would code stuff themselves.

In the end, you just need able programmers, whether you code from scratch or implement based on a framework.

But they do teach best practices to those that are open to learning.

And worst case scenario with a framework you get semi-working semi-hackish code that at least on some levels is secure and bug-free as opposed to one big security hole, filled with spaghetti code hell that some newbie developers produce.

Some of the vulnerabilities in frameworks become well known whereas with self built code, you don't exactly know the vulnerabilities are. I'm mostly thinking of joomla as a cms because it's written as a framework, and yet it has addons that are vulnerabilities.

I think it's like how people build viruses for Windows.

Frameworks provide a lot of code that you don't have to write though and there are often addons or tutorials to do things in frameworks that are more standardized than starting from scratch. Do you ever find that frameworks are like black boxes though?

I'm aware that it's not a framework but since it uses a model view control and has default directories and table structrres as well as names, I figure it'd be easier to at least know what's on the backend. So I think joomla as well as all cms, use a framework.

Literally LOL, that's the funniest thing I've heard in awhile. Joomla follows MVC? You can not be more wrong :D

Joomla has one of the worst code quality out of open-source solutions I know.
There's a reason why Joomla and Wordpress are often used by fanboys from other languages as an example on why they think PHP sucks and PHP developers are amateurs.

Can you elaborate? They don't follow MVC?

Sorry for the derail btw.

Deleted User 61629

1664 Posts

September 13 2012 17:36 GMT

#50

--- Nuked ---

Deleted User 101379

4849 Posts

September 20 2012 06:34 GMT

#51

I just stumbled over this function:


function dont_return_80($var)
{
        return ($var != '80')?true:false;
}

I don't know what it's for, i actually don't even want to know, but i somehow find it funny...

BigFan

TLADT24920 Posts

September 20 2012 06:47 GMT

#52

On September 20 2012 15:34 Morfildur wrote:
I just stumbled over this function:


function dont_return_80($var)
{
        return ($var != '80')?true:false;
}

I don't know what it's for, i actually don't even want to know, but i somehow find it funny...

Guessing it checks for a value of 80 and returns false if the variable var is 80? At least, that's what it looks like it does lol. I dunno what the program is about but I'm guessing there must be some input from the user and maybe some calculation? I'm totally guessing here lol.

obesechicken13

United States10467 Posts

September 20 2012 14:38 GMT

#53

On September 20 2012 15:47 BigFan wrote:

Show nested quote +

On September 20 2012 15:34 Morfildur wrote:
I just stumbled over this function:


function dont_return_80($var)
{
        return ($var != '80')?true:false;
}

I don't know what it's for, i actually don't even want to know, but i somehow find it funny...

Doesn't it return true if it isn't 80?

Could just be a test function in production. Like you want to try something out but you don't know if it'll work right.

Wortie

Netherlands212 Posts

September 20 2012 18:04 GMT

#54

On September 20 2012 15:47 BigFan wrote:

Show nested quote +

On September 20 2012 15:34 Morfildur wrote:
I just stumbled over this function:


function dont_return_80($var)
{
        return ($var != '80')?true:false;
}

I don't know what it's for, i actually don't even want to know, but i somehow find it funny...

No he checks if $var contains the string 80.... then it returns either true or false.

I don't actually know PHP, but I think you shouldn't add ' ' signs to variables if you want to store numbers in them rofl.

And even then, a fucking function to check if a variable is 80 is stupid too, because you can just do $var != 80 and it will do EXACTLY the same as this, without using a function.

BigFan

TLADT24920 Posts

September 21 2012 01:16 GMT

#55

^ I don't remember much from php so I just guessed that the variable is a number.

On September 20 2012 23:38 obesechicken13 wrote:

Show nested quote +

Doesn't it return true if it isn't 80?

Could just be a test function in production. Like you want to try something out but you don't know if it'll work right.

Isn't that the same as what I wrote? lol.

obesechicken13

United States10467 Posts

September 21 2012 02:05 GMT

#56

On September 21 2012 10:16 BigFan wrote:
^ I don't remember much from php so I just guessed that the variable is a number.

Isn't that the same as what I wrote? lol.

On September 20 2012 23:38 obesechicken13 wrote:

Show nested quote +

Doesn't it return true if it isn't 80?

Could just be a test function in production. Like you want to try something out but you don't know if it'll work right.

Disregard

China10252 Posts

September 21 2012 04:07 GMT

#57

Not a programmer or have any experience with PHP but did a bit of basic Java coding, are they trying to use a string to represent a boolean operator?

Prev 1 2 3 All

Please or register to reply.

My colleagues just reminded me why i quit - Page 3

Completed

Ongoing

Upcoming