Beefy Boxes and Bandwidth Generously Provided by pair Networks
more useful options

comment on

( #3333=superdoc: print w/replies, xml ) Need Help??
His response made my jaw drop (after I stopped giggling)

As funny as ignorance is, I'm more interested in the solution you gave him. If you could post the example code you showed him or a link to the resource you pointed him to I'm sure we'd all be able to learn from it.

Are people developing "web applications" without paying attention to Bugtraq and CERT notices

In most cases they probably are, but that's a very small part of the problem. Aside from an occasional PHP vulnerability or the like, CERT and Bugtraq don't really apply that much to people who are in charge of only developing small web apps. Good programing practices that lead to more secure code are more important than reading every post to Bugtraq in these cases. Of course it's an entirely different story if they're paying you to set up their servers or do a security audit.

If you design for the web, remember that it's much better to have a non-functional secure site than a non-secure functional site.

Security is not an all or nothing issue. It is often necessary to reduce security in favour of usability (if you disagree, consider how you got to this site :). However, the example you give introduces vulnerabilities needlessly but this is still important to keep in mind.

And finally, to add a bit more educational value to this thread, here are few relevant links:


In reply to Re: web site design, or lack thereof by cjf
in thread web site design, or lack thereof by merlyn

Use:  <p> text here (a paragraph) </p>
and:  <code> code here </code>
to format your post; it's "PerlMonks-approved HTML":

  • Posts are HTML formatted. Put <p> </p> tags around your paragraphs. Put <code> </code> tags around your code and data!
  • Titles consisting of a single word are discouraged, and in most cases are disallowed outright.
  • Read Where should I post X? if you're not absolutely sure you're posting in the right place.
  • Please read these before you post! —
  • Posts may use any of the Perl Monks Approved HTML tags:
    a, abbr, b, big, blockquote, br, caption, center, col, colgroup, dd, del, div, dl, dt, em, font, h1, h2, h3, h4, h5, h6, hr, i, ins, li, ol, p, pre, readmore, small, span, spoiler, strike, strong, sub, sup, table, tbody, td, tfoot, th, thead, tr, tt, u, ul, wbr
  • You may need to use entities for some characters, as follows. (Exception: Within code tags, you can put the characters literally.)
            For:     Use:
    & &amp;
    < &lt;
    > &gt;
    [ &#91;
    ] &#93;
  • Link using PerlMonks shortcuts! What shortcuts can I use for linking?
  • See Writeup Formatting Tips and other pages linked from there for more info.
  • Log In?

    What's my password?
    Create A New User
    and the web crawler heard nothing...

    How do I use this? | Other CB clients
    Other Users?
    Others taking refuge in the Monastery: (8)
    As of 2020-10-20 21:11 GMT
    Find Nodes?
      Voting Booth?
      My favourite web site is:

      Results (210 votes). Check out past polls.