lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list] 
Date: Fri, 30 Jul 2010 08:37:25 +0200
From: Christian Sciberras <uuf6429@...il.com>
To: Elazar Broad <elazar@...hmail.com>
Cc: mustlive@...security.com.ua, full-disclosure@...ts.grok.org.uk,
	fxchip@...il.com
Subject: Re: Day of bugs in WordPress 2

How does writing your site/project from scratch, (I presume that's what you
mean when you suggest a text editor as a replacement for a CMS), result in
"higher" security?
I agree only a few percentage of the average CMS development care for half
of it's security, but if they can't get it right, what makes you think you
can?

Besides, writing bad code with the excuse of an evangelic editor seems to me
like the number one cause of leaving faults (seriously, does anyone believe
that the writers of WP never used or heard about VIM?).

That said, I'm comfortable with a high-level editor, where at the click of a
button, I get full statistics reports on my program's performance, whereas
the conventional asks for a couple of commands in the console.

If you truly want to write something as much secure as it can be, forget the
security hype and crap out there and get seriously knowledgeable on a target
language. The use of the editor does no practical difference - I've been
tasked to fix server code via windows cmd FTP and MS Notepad, big deal.

Cheers.




On Fri, Jul 30, 2010 at 6:13 AM, Elazar Broad <elazar@...hmail.com> wrote:

> -----BEGIN PGP SIGNED MESSAGE-----
> Hash: SHA1
>
> ed or nano? :)
>
> On Thu, 29 Jul 2010 20:47:19 -0400 Valdis.Kletnieks@...edu wrote:
> >On Thu, 29 Jul 2010 17:18:28 PDT, Zach C said:
> >> So if Drupal and WordPress, etc. are so terrible, what would you
> >all recommend?
> >
> >vi or emacs. Take your pick, I'm not starting an editor war. ;)
> -----BEGIN PGP SIGNATURE-----
> Charset: UTF8
> Note: This signature can be verified at https://www.hushtools.com/verify
> Version: Hush 3.0
>
> wpwEAQECAAYFAkxSUVcACgkQi04xwClgpZgH2AP+MIN2ShokOCNPpUhwX1OH4SxzatZk
> xbuu0eRzzmjGFarJ+O6xv/aRzSlbzHok3mIckL9qKPYk9mAE7G3uoe0ASbo2HtVnVHrY
> BsxxPAIYrYjK4em7J89MvsTETTO68UsV687QmDLkeC8B8A8dCAeYPhHPyt+tb7t3AMqT
> 3WQOlEU=
> =z8+c
> -----END PGP SIGNATURE-----
>
> _______________________________________________
> Full-Disclosure - We believe in it.
> Charter: http://lists.grok.org.uk/full-disclosure-charter.html
> Hosted and sponsored by Secunia - http://secunia.com/
>

Content of type "text/html" skipped

_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ