> > <!-- Snip --> > I don't feel that this is violating any guidelines for this mailing list (or > any programming-related mailing list, for that matter, without a specific > "security" counterpart), and so your "DUH" was taken as offensive and > unprovoked. If this was not the case, well, then let's let bygones be bygone. > In fact, I don't care about that either way--but I do care that my > security-related suggestion was squashed as being irrelevant to the list. >
I never said the security related suggestion was irrelevant nor was it squashed, but I DID feel it as a "DUH" statement due to the number of things posted on this list (stick around for a while) that are about securing the code or servers on the back end. I for one am against short-open tags, but have seen people being taught to use them as shortcuts. I've cleaned up other code that used the short-open in conjunction with other 'shortcuts' to save some typing but died when put onto a hardened server. I'm all for securing your PHP stuff, but at the same time, post some relevant PHP code for whatever security measuring you are saying to use, or point to a good reference for it. Speaking of which, I need to update my links on some of that stuff myself and then post them to the hardened server I run. Every environment you run into is different, whether it be as you pointed out that people say "secure your code" and then continue with their example of a form. People expect that the one using the knowledge are responsible for their own code on their own servers. Due-diligence is expected by the older generation as that is what the teachings were growing up. No silver spoons, no temper tantrums when something didn't go there way. They investigated and fixed. Ultimately you are responsible for what you code. Nobody else. When I post code, I expect people to secure it down, using their own protocols. I don't remind everyone to do it and some have even suggested that the code I have posted to the list can be easily exploited. But then, I haven't posted my security checks or other tweaks either. ;) Wolf -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
