Posted by "bruce" on 09/21/05 17:35

i would have thought (perhaps wrongly) that someone would have created a
series of functions/routines and wrapped them in a package/lib to deal with
the security issues that i've raised!!

but i have to tell you. i've looked at some open source classess/apps that
aren't that strong. in fact, some simply have no real checks on the data
types/structure of the data being inserted into the db at all...

and aaron, your app is a commercial app. for now, we're looking in the open
source area where we can get to the underlying source.

-bruce


-----Original Message-----
From: Aaron Greenspan [mailto:aarong@thinkcomputer.com]
Sent: Wednesday, September 21, 2005 7:18 AM
To: php-general@lists.php.net
Subject: [PHP] Re: security/sql issues with php


Bruce,

If you're looking for commercial-grade open-source packages, I think
you're going to have a pretty hard time finding much. Most
commercial-grade software is...commercial. The truly robust open-source
packages, i.e. Mozilla, MySQL, JBoss, BerkeleyDB, etc., are backed by
some sort of commercial, or at the very least, corporate, entity. The
rest, more often than not, are not commercial-grade; the support
structures that companies require just don't exist for those packages.

I've offered to help you before via our commercial framework, Lampshade,
which handles I'd say 98% of everything you want, and can be easily
customized or added to in order to handle the remaining 2%. It's not
open-source, but it also doesn't need to be since the documentation is
so extensive. It's used in applications for all sorts of organizations
from Harvard University to companies traded on the NYSE. There may be
other open frameworks that are used just as widely--I would venture to
guess phpNuke and the-CMS-formerly-known-as-Mambo--but as you've
discovered, they don't do half of the things you'd like to see all in
one place. Also, Mambo's political machinations are a good example of
what you don't want to see in a commercial-grade product.

If you want to keep searching, I suppose no one's going to stop you. I'm
just afraid it's not out there. Anyone, correct me if I'm wrong.

Best of luck,

Aaron

Aaron Greenspan
President & CEO
Think Computer Corporation

http://www.thinkcomputer.com

--
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php

• Next in forum: Re: [PHP] exec command fails in php, works in the command line
• Prev in forum: Re: security/sql issues with php
• Thread view: RE: [PHP] Re: security/sql issues with php

[Reply to this message]