|
|
|
| "be consistent" | |
| PerlMonks |
comment on |
| ( [id://3333]=superdoc: print w/replies, xml ) | Need Help?? |
|
footpad wrote:
I mean, it may be one thing to know that MSA sucks or that SS's shopping carts are *insecure*, but where do we find examples that *are* secure?Good question. I see that the Reviews section has places to discuss books and modules, but not software. I don't know that it would be appropriate to list software there (too much software, too few people able to adequately judge them), but it would be nice to find a source we could trust. For example, Minivend (now owned by Akopia) was considered secure. A recent "crack our box" contest found a vulnerability (an input field forgot to strip the pipe character), but it was fixed quickly. I don't know if that package is still safe, but I noticed something curious when I worked with it: the author didn't use taint checking! Here we have a widely used package that seems to be secure, but doesn't use taint checking. I certainly would not care to recommend it simply for that reason, but what is one to do? Is there anything out there that really meets our exacting standards yet is useful, robust, and scalable? I'm not suggesting that one compromise, I'm merely asking if there really is freely available software that we could recommend? Ovid walks away, grumbling and muttering to himself that ideals may be castles in the sky.
Cheers, Join the Perlmonks Setiathome Group or just click on the the link and check out our stats. In reply to (Ovid - secure software) Re(2): ACKKKKKKKKK! I Have been cracked!
by Ovid
|
|