[CentOS-devel] forums + portal for {lang}.centos.org sites
Dag Wieers
dag at centos.org
Tue Sep 30 19:05:09 UTC 2008
On Tue, 30 Sep 2008, Karanbir Singh wrote:
> Stephane Corlosquet wrote:
>> > yes, and its things like this :
>> >
>> > http://drupal.org/node/313054
>> >
>> > which are quite scary.
>> >
>> This is what happens when you don't use the Drupal API
>> <http://api.drupal.org/>, which saves the developers from having to worry
>> about common security issues like XSS, CSRF, SQL injection etc. In that
>> way it's very quick to evaluate the quality of a module: you just need to
>> check whether they make good use of the API or not...
>
> Surely this is the responsibility of the drupal devteam and not the userbase
> to ensure stuff like this is not included. That specific module was at some
> time distributed from the drupal.org website wasent it ?
Does the absense of such bug-reports make a solution more secure ?
--
-- dag wieers, dag at centos.org, http://dag.wieers.com/ --
[Any errors in spelling, tact or fact are transmission errors]
More information about the CentOS-devel
mailing list