NYCPHP Meetup

NYPHP.org

[nycphp-talk] talk Digest, Vol 40, Issue 20

inforequest 1j0lkq002 at sneakemail.com
Thu Sep 14 16:56:23 EDT 2006 

David Krings ramons-at-gmx.net |nyphp dev/internal group use| wrote:

>What freaks me outis when I can simply dismantle a page for a for profit business by entering "O'Neill" 
>into some text box.
>
Haha great example (for me anyway).

That's not a developer problem in many cases, though. It's a management 
problem (or, if the budget and time frame are from Mars, a specificatons 
problem). Somebody has to be watching the code for functionality, 
especially when inexperienced coders are used or coders who are 
inexperienced at the niche area. That can be a QA team or a manager or a 
test group... but it needs a codified process. Hoping the programmer is 
smart enough to handle most situations is a mistake IMHO. How could you 
ever put pressure on that coder to increase production? Whatever is in 
the shadows will get skipped due to 9unsupervised) prioritization.

As for this bigger issue (thanks Michael for bringing it to the list) 
has anybody considered how competition enforces the rules of play? Not 
too many people... yet in sectors where it matters, these issues are 
addressed. In other sectors where it is ignored, the issue of security  
is addressed when it appears to be a problem. It's fine to address 
professional PHP coders about a broken web (they have an interest in 
building a system of professional development and integrity for PHP in 
the world... a commercial interest ;-) but don't bother preaching it to 
businesses until their is a financial incentive or reward. And that 
financial reward has to be not only big enough to cover the added costs, 
but to earn a profit on it as well.

Plenty of people point a finger at "stupid clients" for not 
accommodating the security issues. I disagree. This one is squarely in 
PHP developer land. If you want PHP to survive and deliver, you need (as 
a community) to find a way to get it secure without the client paying a 
line-item premium for it.

-=john andrews

-- 
-------------------------------------------------------------
"If you think this stuff is confusing, you should try optimizing websites for search engine exposure."  john andrews SEO http://www.johnon.com

More information about the talk mailing list