Re: Fixing stupid PHP application design flaws
Florian Weimer wrote:
> * Henrique de Moraes Holschuh:
>
> > I think not only we should do it, we should also make a big fuss
> > about it, so that some of the PHP people out there at least have a
> > chance to get the clue.
>
> Unlikely to work. Just look at how almost all PHP developers reject a
> proactive approach to SQL injection. 8-(
When upstream is security-ignorant, we need to educate our developers
to fix the applications before actually uploading, and fix them again
when a new upstream version is released, over and over again.
Regards,
Joey
--
If nothing changes, everything will remain the same. -- Barne's Law
Please always Cc to me when replying to me on the lists.
Reply to: