On 27 June 2012 09:50, Stephane Bortzmeyer <bortzmeyer@nic.fr> wrote:
(<troll>specially for a Web site written in PHP</troll>)?
We software makers have a problem, when a customer ask for a application, often theres a wen project that already do it ( for the most part is a round peg on a round hole). So a natural solution is to install this project and customize it to his needs (theme, perhaps some programming). The other option is to create a code from scratch (perhaps using a framework). If you create the code from scratch, it will be safe. A tree cant get a human virus, and a human can't get a tree virus. You are not unhackable, bad practices will byte you on the long term, but you don't see exploits made specifically for this custom made code daily. Too bad, the features the code allow will be few, limited to the budget to the project. Programming sucks, and generate code and bugs, and everybody suffer for it. This option suck. If you use these project that already do 99% of what the customer need, plus a 120% the customer not need (and perhaps don't want). The code quality will be normally be good, with **horrible** exceptions. But sooner or later, (weeks) there will be exploits for this codebase, to hack the site in horrible ways. If the customer don't pay maintenance and dont do the maintenance himself the code will turn comically outdated. Hacking the site will be easy for childrens age 5 and high. Maintenance suck. This option suck. All options suck. Your browser will call you a idiot if you try to browse with a outdated version. But web projects are not this rude on owners. So you have people browsing forums in Chrome 18, where the forums software is a version of 2004 ("heavily customized", but this will not save you). Then a cracker comes, uses a know exploit from 2008, and download 1.2 million unhashed passwords. Where 98% of these passwords are reused on facebook, twitter, linkedin and gmail. -- -- ℱin del ℳensaje.