Re: [PHP] is there a problem with php script pulling HTML out of database as it writes the page??
- From: dgiragosian@xxxxxxxxx ("David Giragosian")
- Date: Thu, 17 Jul 2008 11:33:04 -0500
On 7/17/08, Stut <stuttle@xxxxxxxxx> wrote:
On 17 Jul 2008, at 15:31, David Giragosian wrote:
On 7/17/08, Stut <stuttle@xxxxxxxxx> wrote:
On 17 Jul 2008, at 14:10, tedd wrote:
At 10:28 PM +0100 7/16/08, Stut wrote:
Thanks for that tedd.
Oh, and you'd be working for me so bear that in mind ;)
It's no wonder why you haven't found anyone. :-)
-Stut
Seriously though, I'm wondering if my expectations are too high... I
expect
them to know that addslashes is not adequate protection against SQL
injection. I even had one tell me "SQL injection? I can't remember but
I'm
sure I've used it before". And I won't even go into the guy who asserted
that he's always worked with DB administrators who've dealt with security
issues so he'd never needed to learn about it.
Am I expecting too much?!?
-Stut
Surely you're being rhetorical, Stut, but no, you're not expecting too
much.
However the guy(s) who worked in a larger organization likely did have a
very clear delineation of roles and responsibilities, as I am experiencing
in a new position, and therefore may not be current on best practices in
areas outside of their role. When my group leader instituted the current
policy regarding job functions, a number of the open source guys decided
their unused skills were eroding and/or they were not being exposed to new
learning, and they left the company.
There's no way I would ever hire anyone who says "security was somebody
else's responsibility". I don't care what their previous managers have said,
that's never a valid statement in my book. When you then add the fact that
no DB admin no matter how good they are can implement adequate security to
prevent SQL injection you get a developer who doesn't care about security
issues much less know anything about them.
-Stut
Saying security was someone else's responsibility is not the smartest
statement to make in a job interview. Whether that correlates to someone not
caring about security is a different matter, I think. Of course, if the
applicant said, "Security was somebody else's responsibility" in a flip
and/or arrogant manner and clearly showed no concern about it, then sure, on
to the next candidate. But I can imagine an exchange where somebody said
that, but then followed up with, "But here's how I would handle it..."
It sounds like the guy you interviewed was in the former category.
--David.
- References:
- is there a problem with php script pulling HTML out of database as it writes the page??
- From: Rod Clay
- Re: [PHP] is there a problem with php script pulling HTML out of database as it writes the page??
- From: Stut
- Re: [PHP] is there a problem with php script pulling HTML out of database as it writes the page??
- From: "Daniel Brown"
- Re: [PHP] is there a problem with php script pulling HTML out of database as it writes the page??
- From: Stut
- Re: [PHP] is there a problem with php script pulling HTML out of database as it writes the page??
- From: Stut
- Re: [PHP] is there a problem with php script pulling HTML out of database as it writes the page??
- From: "David Giragosian"
- Re: [PHP] is there a problem with php script pulling HTML out of database as it writes the page??
- From: Stut
- is there a problem with php script pulling HTML out of database as it writes the page??
- Prev by Date: Re: [PHP] is there a problem with php script pulling HTML out of database as it writes the page??
- Next by Date: Re: [PHP] is there a problem with php script pulling HTML out of database as it writes the page??
- Previous by thread: Re: [PHP] is there a problem with php script pulling HTML out of database as it writes the page??
- Next by thread: Re: [PHP] is there a problem with php script pulling HTML out of database as it writes the page??
- Index(es):
Relevant Pages
|
