On Fri, 30 Jul 2010 08:37:25 +0200, Christian Sciberras said: > How does writing your site/project from scratch, (I presume that's what you > mean when you suggest a text editor as a replacement for a CMS), result in > "higher" security? It may not help security *directly*, but there's several indirect benefits: 1) If the person posting has to know how the damned thing works, they might actually *notice* when they get pwned and not let it fester for weeks on end. 2) Smaller attack surface - if I'm running *just* an Apache instance without a lot of complicated mod_* bells and whistles, and using stuff like vi to compose new pages, that's a lot harder to attack than a site that has some 8 million line of code monstrosity on the front end. And there's a side benefit - if it was harder to post, fewer idiots would figure out how, and people would think twice before posting. So we'd have percentage wise more well thought out and researched postings and less total crap to wade through. Admittedly, we'd probably lose a number of blogs that are worth reading for amusement just for the total Fail quotient. ;)
Attachment:
pgpxZ79WrSEvN.pgp
Description: PGP signature
_______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/