[Wolves] Scumbags Hack Xoops site
Luke Redpath
luke at birmingham.lastfield.co.uk
Fri Oct 21 01:47:04 BST 2005
I'm with Steve on this one.
There is so much poorly written code out there that it is no wonder so
many security flaws and bugs are found. The problem is - poorly written
software is being deployed on a large scale. Look at things like Mambo,
phpBB - they code is junk.
On one hand it is good that things like PHP can be picked up and used by
amateurs - but it is not a good thing that amateurs are creating
substandard products that are being used widely, sometimes for mission
critical apps. The people who write these things wouldn't know what unit
testing is if it came up and hit them in the face. These apps are hacks,
and not very good ones at that.
I refuse to deploy an off the shelf app that I might have to offer
support for or customise in some way if it doesn't follow at least some
form of decent coding standard - ideally written in an object-oriented
fashion with well written documentation (or code that is so good it
documents itself) and even better with a comprehensive set of unit and
functional tests.
Have you ever tried installing a mod for one of these things...its
usually a case of:
1) Copy a bunch of files to xxx folder
2) Open xxx.php, find line 43 and insert the following code after such
and such piece of code, remove such and such code on line 438 etc.
Just to clarify I'm only really talking about web apps here, as that is
the domain I work in - I couldn't speak for non web-apps.
Crazy!
Cheers
Luke
Steve Parkes wrote:
> Peter Cannon wrote:
>
>>
>> Surficed to say I think they all leave the back door open in respect
>> of modules etc, I think we've got blase in respect of installing stuff
>> that Joe Public has submitted. Most of the sites have disclaimers but
>> of course when its downloaded from say Xoops subconsciously you think
>> "Its from them it must be OK"
>>
>
> Seriously all the *nuke php cms' are total pants under the covers with
> the majority of code written by 14 year old kids :-) I have been saying
> this for years and years they suck.
>
> If you need proof look at lists such as bugtraq and in particular at
> what the teams behind them say when expliots are discovered. Half the
> time they don't even have an offical response.
>
> They give open source and free software a bad name.
>
> sparkes
>
> _______________________________________________
> Wolves LUG mailing list
> Homepage: http://www.wolveslug.org.uk/
> Mailing list: Wolves at mailman.lug.org.uk
> Mailing list home: http://mailman.lug.org.uk/mailman/listinfo/wolves
More information about the Wolves
mailing list