Re: Day of bugs in WordPress 2

[Valdis.Kletnieks () vt edu]

On Fri, 30 Jul 2010 08:37:25 +0200, Christian Sciberras said:

> How does writing your site/project from scratch, (I presume that's what you
> mean when you suggest a text editor as a replacement for a CMS), result in
> "higher" security?

It may not help security *directly*, but there's several indirect benefits:

1) If the person posting has to know how the damned thing works, they might
actually *notice* when they get pwned and not let it fester for weeks on end.

2) Smaller attack surface - if I'm running *just* an Apache instance without a
lot of complicated mod_* bells and whistles, and using stuff like vi to compose
new pages, that's a lot harder to attack than a site that has some 8 million
line of code monstrosity on the front end.

And there's a side benefit - if it was harder to post, fewer idiots would
figure out how, and people would think twice before posting.  So we'd have
percentage wise more well thought out and researched postings and less total
crap to wade through.  Admittedly, we'd probably lose a number of blogs that
are worth reading for amusement just for the total Fail quotient. ;)

Attachment: _bin
Description:

_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/