[geeklog-devel] Hmm ...

Chris 'Chipper' Chiapusio chipper at llamas.net
Sat Jun 28 19:59:27 EDT 2008 

I'll just remind everyone that two huge examples of 'Secure out of the box'
have evolved over the past 10 years... Linux.. and Windows..

It's not a bad thing.

Chip


On Wed, Jun 25, 2008 at 05:00:02PM -0400, Mark Howard wrote:
>Playing devil's advocate - not picking on you - but - isn't that what we
>ended up doing with the use of HTML style directives in story content?
>
>:^)
>
>I think we owe it to the general population to leave advanced features
>disabled that we know only about 5% of them will use, as long as those
>advanced features present some sort of security issue.  
>
>Clearly the protocol is not as robust as it needs to be otherwise they
>wouldn't be worried about it. This would seem to be an effective way to
>generate nicely-formatted SPAM, or worse - a way to inject what might look
>like authentic content into a site for phishing or other nefarious purposes.
>
>How secure is the authentication scheme?  Is it as secure as what GL core
>code provides for in the core code itself?  If so, perhaps a non-issue, but
>disabling generally-unused features by default is a common security practice
>- it doesn't have to be about a statement that it is extraordinarily
>dangerous.
>
>As you have said - I like WP a lot as well, use it myself, have a lot of
>friends that use it, etc etc.  I was not picking on them, but I tend to be
>cynical about some of these things - I have to read them every day and
>evaluate them, and I feel like I might be turning into Robert Langdon,
>seeing patterns in everything ...  :^)
>
>-m
>

-- 
------
				**** Warning ****
This e-mail message, without warrant or warning, and despite US law as set
forth in the Foreign Intelligence Surveillance Act of 1978, may be subject
to monitoring by the United States National Security Agency and/or the
Department of Defense. Information contained in this message may be used
against any senders or recipients, now or in the future, in a public trial
or secret tribunal.
                       Please encrypt anything important.
    PGP Key: http://wwwkeys.pgp.net:11371/pks/lookup?op=get&search=0x6CFA486D

More information about the geeklog-devel mailing list