Want to read Slashdot from your mobile device? Point it at m.slashdot.org and keep reading!


Forgot your password?
Compare cell phone plans using Wirefly's innovative plan comparison tool ×

Comment Re:Technology can't stop these (Score 2, Insightful) 1144

Gun control is no longer an option in the US. You can impose gun control rules on citizens, but not on criminals. I often hear the excuse for not having gun control: in area's where there are more strict rules for owning a gun, there's more gun violence. That might be true, but it also proofs my point.

Comment Re:Banshee for sure! (Score 1) 222

To prove that something is secure, you have to prove the absence of security bugs. Proving that something is not present is practically impossible.

I can tell you, but not prove, that I have many Banshee based websites and none of them has ever been hacked. I even have used Banshee professionally and had the web applications I created with it audited by IT security companies. No security flaw has ever been found.

Comment Re:~ best (Score 1) 222

WordPress (core) is probably the most secure CMS out there

Hahaha, seriously, no! If you know anything about secure software development, you would understand that Wordpress was not well written. I've used it during my Secure Web Development course to show students how NOT to write code. Although the code might look clean, it is the perfect example of spaghetti code. Mainly because it has no MVC structure. Business logic, HTML, Javascript, database queries, everything is mixed together in Wordpress. And although it might not contain a serious flaw at this moment, absolutely nothing guarantees that this will still be the case in the future.

Because of the mess, it's easy to make a mistake and introduce a security flaw when changing or extending something. If you ask me, that's exactly the reason why so many plugins are insecure. Because it's hard for the plugin developers to understand the logic and structure of the Wordpress main codebase. Wordpress the most secure CMS? With this codebase? No, not now, not ever!!

Comment Re:Just horrible! (Score 1) 222

that's more of a function of popularity than inherently "bad" code

I fully disagree. Yes, more bugs will be found when more people look at the code, but for bugs to be found, they have to be there in the first place. You won't find many bugs in a proper piece of code, no matter how many people use it and look at its code. So, I think it's a bad excuse.

Comment Re:Banshee for sure! (Score 2) 222

- No, it doesn't use the PDO library. So? Its SQL library protects against SQL injection and it has a audit script to check for any bypass of this library.
- No, the tablemanager_model.php is not vulnerable for SQL injection. Everything goes via the Banshee SQL library.
- No, passwords are stored via PBKDF2, using SHA256 and 100,000 iterations, which is much stronger.
- No, not probably more issues. It's secure. If you don't agree, provide us with some real proof.

Next time, try to understand the subject you are talking about, before you make false claims and accusations.

Slashdot Top Deals

There is never time to do it right, but always time to do it over.