Stephane Corlosquet wrote: >> yes, and its things like this : >> >> http://drupal.org/node/313054 >> >> which are quite scary. >> > This is what happens when you don't use the Drupal API > <http://api.drupal.org/>, which saves the developers from having to > worry about common security issues like XSS, CSRF, SQL injection etc. In > that way it's very quick to evaluate the quality of a module: you just > need to check whether they make good use of the API or not... Surely this is the responsibility of the drupal devteam and not the userbase to ensure stuff like this is not included. That specific module was at some time distributed from the drupal.org website wasent it ? I dont really want to sit here and audit every bit of code that is going to come along with drupal. I'd much rather just plonk something together in pylons, in perhaps a day or so that would give me a better match for requirements. -- Karanbir Singh CentOS Project { http://www.centos.org/ } irc: z00dax, #centos at irc.freenode.net