On Thu, 19 Jun 2003, David Phillips wrote: > Oh, it's ok then, because everything has security holes. Gee. > It's not difficult to write a nice message board that doesn't have security > holes, especially in a language like PHP. I wrote a good one about three > years ago (clone of Allaire Forums). Perhaps I should tidy it up and > release it as open source. i bet you ten bucks that somebody will find a security hole. it is not that i doubt your coding skills but it is a fact that security holes are a fact of life. > If you have security holes in your PHP application, then you're doing > something seriously wrong, and should learn about basic security before > attempting writing web applications. funny... consider this: the openbsd hackers pride themselves in secure code... they code audit everything before it can be used. one could argue that they are security experts. how many security holes did the openssh server have? and yet up to the release of those exploits it was considered one of the most secure applications. the only secure program is the most simple of the "hello world" variety. and even that cannot be 100% guaranteed. if it really were that easy to write secure applications we would have them. yes coder ignorance/laziness does contribute a lot if not the most to insecure applications, but a large factor is the unknown. you can never say "this application is secure" with a 100% certainty. Munir Nassar RedConcepts.NET _______________________________________________ TCLUG Mailing List - Minneapolis/St. Paul, Minnesota http://www.mn-linux.org tclug-list at mn-linux.org https://mailman.real-time.com/mailman/listinfo/tclug-list