Re: Web applications specific issues
On Tue, May 3, 2005 17:17, Pierre Habouzit wrote:
>>> No I really believe that we should have some strict (not
>>> necessarily a lot, but sensible ones) requirements and quality
>>> standards. and the magic quote invariability is a sensible one for a
>>> library (e.g.).
>>
>> Isn't this something that's up to individual maintainers?
> sure, but maybe some crazy maintainer would package one day some lib that
> does not behave well wrt the gpc_quotes. this will lead into security
> problems (sql injections). and will put burden on the security teams
> shoulders, and that's not fair.
True, but this goes for any crappy software and is not specific to web
applications. Perhaps there are more that are crappy, but if you think
this kind of policy is needed you should try to implement it in some kind
of general way, also imposing restrictions on other packages.
I'm wondering if this is a concrete problem or just a theoretical one? I'm
aware that for example openwebmail was packaged which is a security
nightmare, but that has been dealt with and the package will be removed.
Isn't the current practice sufficient?
> if there is some minimalistic requirements, I really believe we can
> drastically reduce the possibility for such problems to arise.
Another problem here is the question who can or should enforce these
problems.
Thijs
Reply to: