[HLUG] archiving software

Mark Broadbent mgjbroadbent at googlemail.com
Sat Jan 5 14:08:35 GMT 2008 

On 05/01/2008, Alex Mace <alex at hollytree.co.uk> wrote:
> Ahem, to my mind something being written in Python does not make it
> more secure than something PHP, it's down to the programmer to
> remember to properly filter input, encode output rather than the
> language itself. PHP is an easy language to pick up which means that
> you get a lot of programmers who don't know what they are doing. The
> language itself is not a measure of security.

I would completely agree with that, no language I know of will protect
you from things like cross-site scripting and SQL injection attacks.
It's all down the the programmer at the end of the day.  I remember
reading a few months ago about a university that had produced an app
that could check you're PHP code and tell the user where
untrusted/external data was being being passed to db functions or
output to the end user.  It only supports PHP 4 though which was a bit
of a stumbling block for me.

> I am a PHP programmer though, so I would say that...

I program in all sorts of languages but the security principles of all
are the same. sanitise your input and careful with what you output.

Thanks
Mark

> On 4 Jan 2008, at 21:17, Richard Smedley wrote:
>
> >
> > On Fri, 2008-01-04 at 20:46 +0000, George at dicegeorge.com wrote:
> >> i am looking for some software
> >> to index Jeremy Sandford's
> >> writings and paintings and tapes and books
> >> and publications...
> >>
> >> www.jeremysandford.org.uk
> >>
> >> id like it to be open source
> >> and to work on windows and linux,
> >> and to have a support network
> >>
> >> does anyone have any clues
> >> to help me on my search?
> >
> > Hello George,
> >
> > It would be good to be clear about how much content you have, in
> > what form, and how you'd like it published and accessible.
> >
> > However, the answer is still likely to be Plone :-)
> > Plone is a content management system (CMS) most often used
> > to publish to the web - though it can be used to publish content
> > to other formats. It is popular, well-supported, and adaptable.
> >
> > Plone is Free Software, accessible to anyone with a web browser,
> > and - as it is written in Python - heir to few of the security
> > horrors of many PHP web solutions.
> >
> > Let me know if you'd like some help with this.
> >
> > Regards,
> >
> > - Richard
> >
> > --
> > Richard Smedley,                                          rs at m6-it.org
> > Technical Director,                                      www.M6-IT.org
> > M6-IT CIC                                         +44 (0)779 456 07 14
> >
> > Sustainable Third Sector IT solutions. PRINCE2 [TM] Project Management
> > Training * Certification * Support * Networking * Web * Database * CRM
> >
> > M6-IT is a Community Interest Company, limited by guarantee.
> > Registered in England & Wales,                Registration No: 6040154
> > 11 St Marks Road, Stourbridge, West Midlands, DY9 7DT
> >
> >
> > Northern Office:       4, Hollins Green, Bradwall, Cheshire, CW10 0LA.
> >
> > Welsh office/ Swyddfa Gogledd Cymru: e-mail / e-bost - cymru at m6-it.org
> >
> > Southern Office: Bristol                     contact matthew at m6-it.org
> >
> >
> >
> >
> > --
> > Herefordshire LUG mailing list
> > Web:  http://www.herefordshire.lug.org.uk
> > List: https://mailman.lug.org.uk/mailman/listinfo/herefordshire
>
>
> --
> Herefordshire LUG mailing list
> Web:  http://www.herefordshire.lug.org.uk
> List: https://mailman.lug.org.uk/mailman/listinfo/herefordshire
>

More information about the Herefordshire mailing list