[ale] Well, this does nothing for the reputation of Linux

Michael B. Trausch mbt at naunetcorp.com
Mon Jul 22 11:00:00 EDT 2013


On 07/22/2013 10:46 AM, Andy Borgmann wrote:
> "Have fun rewriting your code for PHP 5.4 and later releases, by the
> way." - you really are a bit passive aggressive aren't you.

No.  Sarcastic, sure.

I am surprised that people within the last five years, despite the
official PHP project's insistence that these things shouldn't be used,
are still used, though.  An ounce of prevention...  I've had to do
large-scale audits and fixes for PHP applications when the base system
closes a huge hole or changes something drastically.  They're never fun,
and they always cost more in time, money and aggravation than they're
worth.  And you can never have the time required to make all the fixes
that need to be done, either.

I actually don't do that anymore---when I see a project that looks like
it wasn't written by a programmer, or when I see a project when I don't
have to look in more than a single file to find more than one blatent
vulnerability, I refuse to proceed any further.  I've been down that
rabbit hole one time too many, and those projects never go well---in the
end, the client is unhappy and will almost always keep the insecure
system in production rather than pay for the time required to fix it
fully, even after a significant amount of work has been done on it.

I will rewrite their systems for them, though, and that is usually the
most expedient route.  Collect all the requirements, functional,
non-functional and security, and then design a clean system such that it
can be implemented without relying on any insecure functionalities.  And
to be honest, writing code in a secure way up-front not only saves time
and frustration later, but it makes the code a great deal easier to work
with.

> Needless to say, thank you for your thoughts.  I genuinely appreciate
> them.  I have learned a few things here today, which is the whole
> reason I monitor (but rarely jump into) the discussions here.  Much
> appreciated.

Glad to be of help.  (Not being sarcastic there.)

-- 
Naunet Corporation Logo 	Michael B. Trausch

President, *Naunet Corporation*
? (678) 287-0693 x130 or (888) 494-5810 x130

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://mail.ale.org/pipermail/ale/attachments/20130722/af9548a1/attachment.html>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: fiiijhhc.png
Type: image/png
Size: 1701 bytes
Desc: not available
URL: <http://mail.ale.org/pipermail/ale/attachments/20130722/af9548a1/attachment.png>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 901 bytes
Desc: OpenPGP digital signature
URL: <http://mail.ale.org/pipermail/ale/attachments/20130722/af9548a1/attachment.sig>


More information about the Ale mailing list