Originally posted by Mich the Tester
View Post
-
CWE-3: Outsource documentation to Randy Shawadiwadi"Experience hath shewn, that even under the best forms of government those entrusted with power have, in time, and by slow operations, perverted it into tyranny. "
Thomas Jefferson -
I think this list starts to make sense if you are a Web front end serving up something like jsp pages (not Jackson structured programming).Originally posted by minestrone View Post
For the real programming that real men do it doesn't make much sense.
Typical Yanks, all they're bothered about is putting up a good front...Comment
-
Is it what happens when some kid from an Accidenture training course uses a 4GL to produce undecipherable spaghetti without actually checking the code to see if it’s any use?Originally posted by Purple Dalek View PostAnd what exactly is wrong with an "ad hominem" argument? Dodgy Agent, 16-5-2014Comment
-
A more proper name for the list would be "top 25 coding errors that can lead to security problems in a website". But it wouldn't make such a good headline would it?
From the article:
The US National Security Agency has helped put together a list of the world's most dangerous coding mistakes.
The 25 entry list contains errors that can lead to security holes or vulnerable areas that can be targeted by cyber criminals.Last edited by bored; 13 January 2009, 14:11.Comment
-
Well, even then it doesn't quite fit as one of the top 25 would be running windows as the OS and server the website was running on.Originally posted by bored View PostComment
-
There are plenty of websites that run Windows and are quite secure. Also, there are plenty of websites that run on LAMP and are hacked regularly. So no, the choice of Windows vs Linux has no place in that list (and besides, it's not a coding issue).Originally posted by Purple Dalek View PostComment
-
Probably not COBOL, PL/1, Assembler, etc. but only those new fangled kiddie script languagesOriginally posted by Board Game Geek View Post
“Brexit is having a wee in the middle of the room at a house party because nobody is talking to you, and then complaining about the smell.”Comment
-
One of the biggest howlers, which many OS coders don't really understand, is failing to weaken pointers passed inside structures to core functions. If you find an example of that (and it's easy to test a function call), the whole OS is wide open.
The hardware automatically weakens pointers in the argument list when the call crosses from the user address space into the shared core address space. But there's no way it can know to delve into structures those pointers reference.
Outfits like the NSA probably keep quiet about this, as *they* exploit those weaknesses as back doors.Work in the public sector? Read the IR35 FAQ hereComment
-
delete * from trade
- not a good one to try in a sql session you have kicking around thinking its a dev database, and finding out, ooh about 43 seconds later, that it wasn't
Comment
-
Wot!Originally posted by Board Game Geek View Post
Who the **** are they using as programmers, 12 year olds?
timComment
Comment