Re: Fixing stupid PHP application design flaws

To: Florian Weimer <fw@deneb.enyo.de>
Cc: Henrique de Moraes Holschuh <hmh@debian.org>, debian-security@lists.debian.org
Subject: Re: Fixing stupid PHP application design flaws
From: Martin Schulze <joey@infodrom.org>
Date: Thu, 5 May 2005 13:39:42 +0200
Message-id: <[🔎] 20050505113942.GI7744@finlandia.infodrom.north.de>
In-reply-to: <[🔎] 878y2uf0bq.fsf@deneb.enyo.de>
References: <20050428131508.GQ7744@finlandia.infodrom.north.de> <20050428152112.GA11621@khazad-dum.debian.net> <[🔎] 878y2uf0bq.fsf@deneb.enyo.de>

Florian Weimer wrote:
> * Henrique de Moraes Holschuh:
> 
> > I think not only we should do it, we should also make a big fuss
> > about it, so that some of the PHP people out there at least have a
> > chance to get the clue.
> 
> Unlikely to work.  Just look at how almost all PHP developers reject a
> proactive approach to SQL injection. 8-(

When upstream is security-ignorant, we need to educate our developers
to fix the applications before actually uploading, and fix them again
when a new upstream version is released, over and over again.

Regards,

	Joey

-- 
If nothing changes, everything will remain the same.  -- Barne's Law

Please always Cc to me when replying to me on the lists.

Reply to:

References:
- Re: Fixing stupid PHP application design flaws
  - From: Florian Weimer <fw@deneb.enyo.de>

Prev by Date: Re: Fixing stupid PHP application design flaws
Next by Date: Returned mail
Previous by thread: Re: Fixing stupid PHP application design flaws
Next by thread: about install --reinstall for overwriting possible trojaned bins
Index(es):
- Date
- Thread