Page 3 of 3 FirstFirst 123
Results 21 to 22 of 22

Thread: Site Hacked...

  1. 12-11-2005, 09:54 PM #21
    Almindor
    Almindor is offline
    Senior Member
    Join Date
    Nov 2003
    Posts
    155

    Site Hacked...

    What do you consider "safer" then, Perl? CGI? In fact, what kind language is safer?
    Per-language safety is mostly done via compiler checks etc. Most work, I agree, falls on the programmer.

    If you can write a virus in Pascal, then it's not a safe language and "is simply CRAP"?
    I don't understand your reasoning here.

    Although I think "beign unsafe PHP" has nothing to do with it, the whole concept of adding "mods" and "hacks" to forum software is rather flawed. You can't easily update the forum software if many mods/hacks are used and it's also open it to vulnerabilities. This is the reason why on Afterwarp site we haven't done any "hacks" to the forum (and our front page is now empty ops.
    True.

    P.S. Followed by PGD hack event, I finally got myself motivated to upgrade forum software on afterwarp.com [size=9px][it's powered by vBulletin, but still...
    This is EXACTLY the crap I was talking about
    Don't take it personaly but there are 2 and a half reasons for vulnerabilities and MORE importantly hackings.

    1. Crappy programmers. See script kiddies section. Long story short, they don't check buffers, they don't check SQL injection etc.

    2. Crappy admins. Mostly LAZY admins right? Again don't take it personaly, I only use given material . I'm lazy too and I'm sure I wouldn't be much better.

    The-Half: The last part IS the language used. There are languages which more or less guide the programmer right way, give checks for code etc. There are also languages which never saw an integer overflow check etc.
    Feel the power of Open Source.
    <br />Feel the power of Free Pascal.
    Reply With Quote Reply With Quote
  2. 12-11-2005, 10:25 PM #22
    LP
    LP is offline
    Super Member
    Join Date
    Feb 2003
    Posts
    887

    Site Hacked...

    Quote Originally Posted by Almindor
    ...
    As I mentioned, this is an off-topic
    [size=9px]Let's just hope Savage or WILL won't notice it...[/size]

    I got your point and I think SQL injection, for instance, could be fixed in the language itself (so it escapes the string automatically and vise-versa, wherever you use it). Although I think there is an option for PHP to enable automatic escaping of strings, but from this point of view, the language indeed has some flaws regarding security.

    However, if you look into it, HTML itself is greatly insecure due to the fact that you can insert scripts almost everywhere.

    My point in Pascal being also "unsafe" language was that in a language, you have to choose among flexibility, security and other things. For instance, take ADA vs Pascal comparison: although ADA seems more strict and explicit, it really gets more difficult to program there, as you have to write more code which does less.
    Reply With Quote Reply With Quote
Page 3 of 3 FirstFirst 123
« Previous Thread | Next Thread »

Bookmarks

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •  

Forum Rules