- No, it doesn't use the PDO library. So? Its SQL library protects against SQL injection and it has a audit script to check for any bypass of this library.
- No, the tablemanager_model.php is not vulnerable for SQL injection. Everything goes via the Banshee SQL library.
- No, passwords are stored via PBKDF2, using SHA256 and 100,000 iterations, which is much stronger.
- No, not probably more issues. It's secure. If you don't agree, provide us with some real proof.
Next time, try to understand the subject you are talking about, before you make false claims and accusations.
It's more of a CMF (Content Management Framework) than a CMS, but I think nothing beats Banshee. It's secure, fast, small (therefore easy to learn) and has many ready to use modules. It has a clear MVC structure, so changing or extending the code is easy.
I learned to code by taking other people's code, reading it, compiling and running it, changing it, compiling and running it, and so on. I learned what all the statements and functions do by trail and error. By doing so, Iearned how and why things can go wrong. I also learned the importance of readable code, what readable code looks like and what spaghetti code looks like. While I never read any coding-book, I learned what to do and what not to do. This knowledge helps me a lot while working in the IT security business.
There is not much innovation in that country. They are good art reproducing, doing what they are told to do and build according to given plans and instructions. Many is to blame at their education. Most of the time at school is spent at learning thousands of chinese characters. At the end, reproducing is all they know. Because of that, inventing is not in their system. They have never been challenged to innovate.
Their economy is based on cheap labour. As soon as western countries find cheaper or easier way to build stuff, China's economy will collapse.
Big companies who know very well what they are doing, thinking their products through very well, knowing their customers very well and are taking time to fill in all the tiny details.
versus
Consumers who use products without really thinking about risks, who see computers simply as a means and not as a goal, who don't understand technology and who still don't believe that companies will abuse their naivete for their own profit.
It's not really a bad thing, but it's just another step in Google defining the way the internet works. But on the other hand, HTTP/2 is a merely a protocol by Google, for Google. Unless you're like Google, you won't benefit from it. And that's my point. Google is, step by step, optimizing the internet for themselves.
From all my experience in my daily IT work, I would say that it's an unstoppable thing. People don't care about this. They don't care about security, privacy and IT companies obtaining all the power. They simply don't care. From my point of view, because they really don't understand. They have no clue about how a computer works, what a company who writes the software can do, what privacy truly means and why it is so important and in what ways privacy can (and will) slowly be taken away. Without anybody noticing and to a point from where there is no return. Most people are simply ignorant.
I'm not saying they're not doing a good job. Their browser works well, is fast, is easy to use/install. I full understand why many users choose Chrome. But that doesn't change the fact that they're growing more and more powerful. And no matter how good their software is, it's still a company that has personalized advertisements as their core business. To make an advertisement personal, they need to know personal information about you. What worries me is that in the nearby future, it might be hard to get around Google if you want to do something on the web.
This worries me a lot. Google is growing too powerful. They more or less defined the new HTTP/2 protocol. They own the search market. In other words, they determine what can and what cannot be found on the internet. Now, they're on their way to own the browser market. With that, it's easy for them to make changes in how the web works. That, and Googles reason for existence: information. Personal information. If the really want, nothing can be kept secret for them.
Why do you think it has notoriously bad PR? What do other webserver projects do what Hiawatha doesn't?
Yes, the author himself has said that many security features are/were experimental, but why do you think it has toy-like security kludges and over-the-top claims? I found many of its security features very useful.
Sure, but that's how mbed TLS (former PolarSSL, the TLS library used in Hiawatha) and Hiawatha helped me. mbed TLS dropped support for it long ago and Hiawatha uses sane and secure default settings. Without any tweaking, it gives you an A rating at ssllabs.com.
So glad that I'm using a webserver that does NOT use this abomination called OpenSSL and was writting with security in mind. Drown, Heartbleed, Slowloris, etc, never caused me any trouble.
Hee, advertisement companies. Still wondering why people hate advertisements so much? Because these days it's really being overdone!! Flashy, beeping and screaming shit at places where you don't want them. Advertisements in the lockscreen of my own fucking PC is not only crossing the line, it's first spitting and taking a big dump on it before crossing it. It might even be going back, jumping on your own shit to make it extra messy and crossing it again!
Slashdot Mirror
- No, it doesn't use the PDO library. So? Its SQL library protects against SQL injection and it has a audit script to check for any bypass of this library.
- No, the tablemanager_model.php is not vulnerable for SQL injection. Everything goes via the Banshee SQL library.
- No, passwords are stored via PBKDF2, using SHA256 and 100,000 iterations, which is much stronger.
- No, not probably more issues. It's secure. If you don't agree, provide us with some real proof.
Next time, try to understand the subject you are talking about, before you make false claims and accusations.
- Drupal: slow, ugly hooking system.
- Joomla: spaghetti code, too complicated.
- Wordpress: security nightmare, spaghetti code.
All three are horrible products if you ask me. They should be avoided.
It's more of a CMF (Content Management Framework) than a CMS, but I think nothing beats Banshee. It's secure, fast, small (therefore easy to learn) and has many ready to use modules. It has a clear MVC structure, so changing or extending the code is easy.
Only ignorant people keep on using Facebook these days.
How many times do you need to be screwed before you get it?
I learned to code by taking other people's code, reading it, compiling and running it, changing it, compiling and running it, and so on. I learned what all the statements and functions do by trail and error. By doing so, Iearned how and why things can go wrong. I also learned the importance of readable code, what readable code looks like and what spaghetti code looks like. While I never read any coding-book, I learned what to do and what not to do. This knowledge helps me a lot while working in the IT security business.
Perhaps you should try to find some real friends then.
The latest release of the Hiawatha webserver has its own Let's Encrypt script included. Seems to work ok. Anybody tried Hiawatha yet? How good is it?
There is not much innovation in that country. They are good art reproducing, doing what they are told to do and build according to given plans and instructions. Many is to blame at their education. Most of the time at school is spent at learning thousands of chinese characters. At the end, reproducing is all they know. Because of that, inventing is not in their system. They have never been challenged to innovate. Their economy is based on cheap labour. As soon as western countries find cheaper or easier way to build stuff, China's economy will collapse.
It does if they also stop using farcebook.
Seriously people. Stop. Using. Facebook. It is really that simple!
I don't agree with point 3. In my open source project, I changed from OpenSSL to mbed TLS in a few days.
Well, at least they've chosen the right name. It's truly open...
For me, OpenSSL is irrelevant. I switched to mbed TLS (former PolarSSL) years ago. Never cared to look back.
True. It is
Big companies who know very well what they are doing, thinking their products through very well, knowing their customers very well and are taking time to fill in all the tiny details.
versus
Consumers who use products without really thinking about risks, who see computers simply as a means and not as a goal, who don't understand technology and who still don't believe that companies will abuse their naivete for their own profit.
Guess who wins...
It's not really a bad thing, but it's just another step in Google defining the way the internet works. But on the other hand, HTTP/2 is a merely a protocol by Google, for Google. Unless you're like Google, you won't benefit from it. And that's my point. Google is, step by step, optimizing the internet for themselves.
From all my experience in my daily IT work, I would say that it's an unstoppable thing. People don't care about this. They don't care about security, privacy and IT companies obtaining all the power. They simply don't care. From my point of view, because they really don't understand. They have no clue about how a computer works, what a company who writes the software can do, what privacy truly means and why it is so important and in what ways privacy can (and will) slowly be taken away. Without anybody noticing and to a point from where there is no return. Most people are simply ignorant.
I'm not saying they're not doing a good job. Their browser works well, is fast, is easy to use/install. I full understand why many users choose Chrome. But that doesn't change the fact that they're growing more and more powerful. And no matter how good their software is, it's still a company that has personalized advertisements as their core business. To make an advertisement personal, they need to know personal information about you. What worries me is that in the nearby future, it might be hard to get around Google if you want to do something on the web.
This worries me a lot. Google is growing too powerful. They more or less defined the new HTTP/2 protocol. They own the search market. In other words, they determine what can and what cannot be found on the internet. Now, they're on their way to own the browser market. With that, it's easy for them to make changes in how the web works. That, and Googles reason for existence: information. Personal information. If the really want, nothing can be kept secret for them.
Why do you think it has notoriously bad PR? What do other webserver projects do what Hiawatha doesn't?
Yes, the author himself has said that many security features are/were experimental, but why do you think it has toy-like security kludges and over-the-top claims? I found many of its security features very useful.
Use any other OS if you want to post messages without capitals.
Speaking of ignorance...
Sure, but that's how mbed TLS (former PolarSSL, the TLS library used in Hiawatha) and Hiawatha helped me. mbed TLS dropped support for it long ago and Hiawatha uses sane and secure default settings. Without any tweaking, it gives you an A rating at ssllabs.com.
So glad that I'm using a webserver that does NOT use this abomination called OpenSSL and was writting with security in mind. Drown, Heartbleed, Slowloris, etc, never caused me any trouble.
Hee, advertisement companies. Still wondering why people hate advertisements so much? Because these days it's really being overdone!! Flashy, beeping and screaming shit at places where you don't want them. Advertisements in the lockscreen of my own fucking PC is not only crossing the line, it's first spitting and taking a big dump on it before crossing it. It might even be going back, jumping on your own shit to make it extra messy and crossing it again!