E
Erwin Moller
How about PHP? I think the same problem with PHP.
Phillip said:2) If the security of your application hinges on somebody not getting
the source code, your application wasn't written properly.
See also: http://en.wikipedia.org/wiki/Security_through_obscurity
or a C compiler for that matterIn short: Ruby makes the defense as shallow as Perl or Python.
There's security, and then there's security theater.
Ah production server should only run what's needed, anyway. That is the
main reason not to have dev tools running on them (though, have fun
trying to remove all text editors on a *NIX machine, and the Shell which
probably is Turing complete): Reducing the exposed surface area.
(which makes it more likely that I maintain them in a way
that block attacks) than adding such a minor hurdle for attackers.
If I'm able to read source code in a, hopefully, protected directory,
I'm not going to bother with code injection.
I'd be doing something like
$ passwd
Type the new password for root:
Also: How has introduced an issue that wasn't there already with, say,
Perl, Tcl, or PHP (go through a list of PHP functions that you should
close *at least* one of those days. Fun)?
Or with a hexeditor. Heck, download one from someplace, if you are able
to see the sources of a Ruby app.
In short: Ruby makes the defense as shallow as Perl or Python.
Clifford said:Completely disagree there. As soon as I see that mongrel's running,
I have a plan of attack.
Want to reply to this thread or ask your own question?
You'll need to choose a username for the site, which only take a couple of moments. After that, you can post your question and our members will help you out.