[Wolves] Scumbags Hack Xoops site
David Goodwin
dg at clocksoft.com
Fri Oct 21 09:45:05 BST 2005
> There is so much poorly written code out there that it is no wonder so
> many security flaws and bugs are found. The problem is - poorly written
> software is being deployed on a large scale. Look at things like Mambo,
> phpBB - they code is junk.
>
I second that; phpBB is a mess.
<snip>
> I refuse to deploy an off the shelf app that I might have to offer
> support for or customise in some way if it doesn't follow at least some
> form of decent coding standard - ideally written in an object-oriented
> fashion with well written documentation (or code that is so good it
> documents itself) and even better with a comprehensive set of unit and
> functional tests.
Well, proper OO wasn't really possible with PHP until relatively
recently. But having said that there are some well coded php projects
(e.g. Horde). (I've not yet looked at Drupals internals to comment on it).
> Have you ever tried installing a mod for one of these things...its
> usually a case of:
>
> 1) Copy a bunch of files to xxx folder
> 2) Open xxx.php, find line 43 and insert the following code after such
> and such piece of code, remove such and such code on line 438 etc.
>
It's even more fun when you have to apply security fixes to them :)
Thanks
David.
--
David Goodwin
w: http://www.clocksoft.co.uk
e: david.goodwin at clocksoft.com
t: 0121 313 3850
More information about the Wolves
mailing list