Comments on: WordPress and some questions about Blogland Security http://bavatuesdays.com/wordpress-and-some-questions-about-blogland-security/ a "b" blog Fri, 19 Mar 2010 17:25:38 +0000 http://wordpress.org/?v=2.9.2 hourly 1 By: Bill Fitzgerald http://bavatuesdays.com/wordpress-and-some-questions-about-blogland-security/comment-page-1/#comment-20420 Bill Fitzgerald Wed, 08 Aug 2007 22:23:18 +0000 http://bavatuesdays.com/wordpress-and-some-questions-about-blogland-security/#comment-20420 Hello, Jim, WP and security have a long and stormy relationship -- it would make for a great B movie -- I can just imagine the following line of dialogue: "His script came from without, and entered my private place." From Oct, 04 -- http://developers.slashdot.org/article.pl?sid=04/10/01/2050216 Fast forward ahead 2.5 years: http://it.slashdot.org/it/07/03/03/0427211.shtml And from May, 07: http://it.slashdot.org/article.pl?sid=07/05/24/167223 All kidding aside, ouch. I don't know if the WP community has any equivalent of this (http://drupal.org/writing-secure-code) in their developer docs, but it would be good to see some standards like this integrated into their code review process, both for core and contrib code. Cheers, Bill Hello, Jim,

WP and security have a long and stormy relationship — it would make for a great B movie —

I can just imagine the following line of dialogue: “His script came from without, and entered my private place.”

From Oct, 04 — http://developers.slashdot.org/article.pl?sid=04/10/01/2050216

Fast forward ahead 2.5 years:
http://it.slashdot.org/it/07/03/03/0427211.shtml

And from May, 07:
http://it.slashdot.org/article.pl?sid=07/05/24/167223

All kidding aside, ouch.

I don’t know if the WP community has any equivalent of this (http://drupal.org/writing-secure-code) in their developer docs, but it would be good to see some standards like this integrated into their code review process, both for core and contrib code.

Cheers,

Bill

]]> By: D'Arcy Norman http://bavatuesdays.com/wordpress-and-some-questions-about-blogland-security/comment-page-1/#comment-20194 D'Arcy Norman Wed, 08 Aug 2007 05:04:37 +0000 http://bavatuesdays.com/wordpress-and-some-questions-about-blogland-security/#comment-20194 Drupal also has the advantage of having a meaner, leaner codebase. WordPress has many more lines of code, meaning there may be more opportunities for bugs and/or security holes. http://buytaert.net/cms-code-base-comparison Drupal core has less than half the code of WordPress... Drupal also has the advantage of having a meaner, leaner codebase. WordPress has many more lines of code, meaning there may be more opportunities for bugs and/or security holes.

http://buytaert.net/cms-code-base-comparison

Drupal core has less than half the code of WordPress…

]]> By: jimgroom http://bavatuesdays.com/wordpress-and-some-questions-about-blogland-security/comment-page-1/#comment-20186 jimgroom Wed, 08 Aug 2007 02:54:46 +0000 http://bavatuesdays.com/wordpress-and-some-questions-about-blogland-security/#comment-20186 You're a sick puppy, Norman -and I love it! You’re a sick puppy, Norman -and I love it!
]]> By: D'Arcy Norman http://bavatuesdays.com/wordpress-and-some-questions-about-blogland-security/comment-page-1/#comment-20182 D'Arcy Norman Wed, 08 Aug 2007 02:43:29 +0000 http://bavatuesdays.com/wordpress-and-some-questions-about-blogland-security/#comment-20182 I'll be the Vietnamese villager, and you can be the water buffalo. Apocalypse Now, Redux. It's probably not completely insecure - I mean, every blog on the planet (save maybe a handful) runs that way... I’ll be the Vietnamese villager, and you can be the water buffalo. Apocalypse Now, Redux.

It’s probably not completely insecure – I mean, every blog on the planet (save maybe a handful) runs that way…

]]> By: jimgroom http://bavatuesdays.com/wordpress-and-some-questions-about-blogland-security/comment-page-1/#comment-20180 jimgroom Wed, 08 Aug 2007 02:16:05 +0000 http://bavatuesdays.com/wordpress-and-some-questions-about-blogland-security/#comment-20180 Thanks for putting me at ease D'Arcy. Next time bring a machete and finish the job why don't you... Thanks for putting me at ease D’Arcy. Next time bring a machete and finish the job why don’t you…
]]> By: D'Arcy Norman http://bavatuesdays.com/wordpress-and-some-questions-about-blogland-security/comment-page-1/#comment-20178 D'Arcy Norman Wed, 08 Aug 2007 02:03:18 +0000 http://bavatuesdays.com/wordpress-and-some-questions-about-blogland-security/#comment-20178 Even with a fully patched web app, we're all running the admin side without SSL and HTTPS, so anyone with a packet sniffer could grab usernames, passwords, and/or cookies and have their way with the blogs anyway... Even with a fully patched web app, we’re all running the admin side without SSL and HTTPS, so anyone with a packet sniffer could grab usernames, passwords, and/or cookies and have their way with the blogs anyway…
]]>