Follow Slashdot blog updates by subscribing to our blog RSS feed

 



Forgot your password?
typodupeerror
For the out-of-band Slashdot experience (mostly headlines), follow us on Twitter, or Facebook. ×

Comment: Re:Do one thing, and do it well. (Score 1) 107 107

In that case, you better try mbed TLS (former PolarSSL). Has been tested and audited more times than this untested new comer. And it has full support for everything that is needed. mbed TLS makes every new attempt to implement an SSL / TLS library obsolete immediately.

Comment: Re:Good idea (Score 2) 107 107

Agree. It's better to build something rock solid which supports only 80% of all use cases than to end up with something big and bloated that handles every thinkable use case. Yes, the ultimate thing is to have something rock solid that supports everything, but that's an utopia.

Comment: mbed TLS (Score 1) 95 95

I can advice every software developer to take a look at mbed TLS (former PolarSSL). It has everything a modern SSL-enabled application needs. It's API is easier that OpenSSL's, it has very good documentation (example programs included) and last but not least: it's secure!

No, I'm not the mbed TLS developer or in any way connected or related to mbed TLS. I'm just a very happy developer who replaced OpenSSL with mbed TLS in my project many years ago and never had any reason to look back. Even the users of my project are very happy with it. Good riddance!!

Comment: Re:New HTTP daemon (Score 1) 80 80

Seriously, man: OpenBSD? Really?

As you can see, pointless flaming can be done about anything. If you want to critcize PHP, come up with some proper and valid arguments. Otherwise, you're nothing more than a loudmouth fanboy. I have several PHP websites running for many years, without a single hack, without a any significant downtime (besides server maintaince) and with proper speed. PHP is just a tool, it's the developer that makes it a good or bad website.

Comment: Re:Already patched (Score 1) 89 89

The issue described in this topic (cross-site scripting) is very old (about 15 years in this case). But so is its solution. The same goes for all other security issues. There is no reason and therefor no excuse to have such or any other known vulnerability in your website today. Specially because the solutions are very easy. Security is no rocket science!

The majority of all hack attempts are for SQL injection, cross-site scripting, cross-site request forgery, remote file inclusion, directory traversal, etc. You can look them up, there are even many websites dedicated to them (owasp.org for example). There is, I say it again, no excuse to not know about these vulnerabilities and to have one of them in your website.

The only web developers who still have such security bugs in their software are 1) lazy 2) incompetent 3) not interested in security or 4) have been asleep for 15 years. For whatever the reason is, it's not wise to use their software!/p.

Unix: Some say the learning curve is steep, but you only have to climb it once. -- Karl Lehenbauer

Working...