Beefy Boxes and Bandwidth Generously Provided by pair Networks
Just another Perl shrine
 
PerlMonks  

comment on

( [id://3333]=superdoc: print w/replies, xml ) Need Help??
His response made my jaw drop (after I stopped giggling)

As funny as ignorance is, I'm more interested in the solution you gave him. If you could post the example code you showed him or a link to the resource you pointed him to I'm sure we'd all be able to learn from it.

Are people developing "web applications" without paying attention to Bugtraq and CERT notices

In most cases they probably are, but that's a very small part of the problem. Aside from an occasional PHP vulnerability or the like, CERT and Bugtraq don't really apply that much to people who are in charge of only developing small web apps. Good programing practices that lead to more secure code are more important than reading every post to Bugtraq in these cases. Of course it's an entirely different story if they're paying you to set up their servers or do a security audit.

If you design for the web, remember that it's much better to have a non-functional secure site than a non-secure functional site.

Security is not an all or nothing issue. It is often necessary to reduce security in favour of usability (if you disagree, consider how you got to this site :). However, the example you give introduces vulnerabilities needlessly but this is still important to keep in mind.

And finally, to add a bit more educational value to this thread, here are few relevant links:

 


In reply to Re: web site design, or lack thereof by cjf
in thread web site design, or lack thereof by merlyn

Title:
Use:  <p> text here (a paragraph) </p>
and:  <code> code here </code>
to format your post; it's "PerlMonks-approved HTML":



  • Are you posting in the right place? Check out Where do I post X? to know for sure.
  • Posts may use any of the Perl Monks Approved HTML tags. Currently these include the following:
    <code> <a> <b> <big> <blockquote> <br /> <dd> <dl> <dt> <em> <font> <h1> <h2> <h3> <h4> <h5> <h6> <hr /> <i> <li> <nbsp> <ol> <p> <small> <strike> <strong> <sub> <sup> <table> <td> <th> <tr> <tt> <u> <ul>
  • Snippets of code should be wrapped in <code> tags not <pre> tags. In fact, <pre> tags should generally be avoided. If they must be used, extreme care should be taken to ensure that their contents do not have long lines (<70 chars), in order to prevent horizontal scrolling (and possible janitor intervention).
  • Want more info? How to link or How to display code and escape characters are good places to start.
Log In?
Username:
Password:

What's my password?
Create A New User
Domain Nodelet?
Chatterbox?
and the web crawler heard nothing...

How do I use this?Last hourOther CB clients
Other Users?
Others goofing around in the Monastery: (4)
As of 2024-03-29 10:20 GMT
Sections?
Information?
Find Nodes?
Leftovers?
    Voting Booth?

    No recent polls found