GoFuckYourself.com - Adult Webmaster Forum - View Single Post

Varius · 05-13-2010, 08:32 PM

Most third-party software has exploits for the simple reason they don't thoroughly test it.

When a software is free/open-source, or costs a minimal amount of money, their monetization usually comes from getting it to market faster than their competition and/or supporting the software.

They don't have the motivation to try every conceivable way to mess with their code; they are offering a blog tool or plugin, not securing a government registry tool (not to say those can't be exploited heh).

It may sound arrogant, but I'm with BestXXXPorn on this one; when it's an important project, where security is an issue, I make sure the code is tight and I'm more confident using my own code than popular third-party apps.

People say PHP is "more hackable" but that's false; the true reason is PHP is a "loose" language, so people that read a tutorial or two suddenly think they are programmers and program very sloppy, insecure applications.

Regardless, if your code is secure, that doesn't mean much if other ports/software on the machine are vulnerable. It just means you will only have to worry about more targeted hacks and not publicized wordpress holes.

05-13-2010, 08:32 PM
Varius Confirmed User Industry Role: Join Date: Jun 2004 Location: New York, NY Posts: 6,890	Most third-party software has exploits for the simple reason they don't thoroughly test it. When a software is free/open-source, or costs a minimal amount of money, their monetization usually comes from getting it to market faster than their competition and/or supporting the software. They don't have the motivation to try every conceivable way to mess with their code; they are offering a blog tool or plugin, not securing a government registry tool (not to say those can't be exploited heh). It may sound arrogant, but I'm with BestXXXPorn on this one; when it's an important project, where security is an issue, I make sure the code is tight and I'm more confident using my own code than popular third-party apps. People say PHP is "more hackable" but that's false; the true reason is PHP is a "loose" language, so people that read a tutorial or two suddenly think they are programmers and program very sloppy, insecure applications. Regardless, if your code is secure, that doesn't mean much if other ports/software on the machine are vulnerable. It just means you will only have to worry about more targeted hacks and not publicized wordpress holes. __________________ Skype variuscr - Email varius AT gmail