On Tue, 30 Sep 2008, Karanbir Singh wrote: > Stephane Corlosquet wrote: >> > yes, and its things like this : >> > >> > http://drupal.org/node/313054 >> > >> > which are quite scary. >> > >> This is what happens when you don't use the Drupal API >> <http://api.drupal.org/>, which saves the developers from having to worry >> about common security issues like XSS, CSRF, SQL injection etc. In that >> way it's very quick to evaluate the quality of a module: you just need to >> check whether they make good use of the API or not... > > Surely this is the responsibility of the drupal devteam and not the userbase > to ensure stuff like this is not included. That specific module was at some > time distributed from the drupal.org website wasent it ? Does the absense of such bug-reports make a solution more secure ? -- -- dag wieers, dag at centos.org, http://dag.wieers.com/ -- [Any errors in spelling, tact or fact are transmission errors]