Of course, he's right. I've been on Bugtraq long enough to realize that the popular PHP-based boards and community systems seem to get compromised in some way or another (SQL injection, cross-site scripting, etc.) on a very regular basis. That's part of the reason I asked in the first place. I was hoping someone who knows more about the scene would enlighten me. And, despite that fact that I omitted security from my original list of requirements, it worked nicely.
Then, yesterday, I was looking at the MythTV project, which is an impressive Linux PVR solution (think "Open Tivo"). Literally as I was browsing the site someone compromised it. See the screenshot at the right? I took that just in case it was fixed before I had a chance to right this. Indeed, a couple hours later the site was back to normal.
Witnessing this real-time "hacking" is a sobering example of how far things have to come. If you've been brainwashed by Eric Raymond's "all bugs are shallow" logic, ask yourself why we keep seeing this sort of thing happen with popular Open Source Software such as PHP-Nuke.
Come to think of it, I think I've written about this before. Looking back over it, I still agree with myself.
Posted by jzawodn at November 23, 2003 08:21 AM