Ninjastic
PostEdited versionsQuotes to this post
Post
Topic
Board Bitcoin Discussion
Re: What mtgox number are you? (from DB leak)
by
BombaUcigasa
on 19/06/2011, 21:54:11 UTC
Quote from: Man From The Future on June 19, 2011, 09:48:46 PM
Quote from: BombaUcigasa on June 19, 2011, 09:41:45 PM
Quote from: giszmo on June 19, 2011, 09:01:33 PM
well ... i know companies that don't give sequential numbers starting at 1 just to hide real numbers.
You mean companies that care about their customers and don't use amateur college-level PHP coding full of security holes?

Is that message implying that PHP is insecure, or am I misreading it?

PS: College-level? I was 13 and I released a perfectly secure Club Penguin Private Server, with multi-pass SHA256... Tongue

PPS: Don't do the above unless you like angry Disney lawyers
I'm saying  (current) college-level PHP coding is unsecure. It's a curse of the software industry, that nobody adds security unless it's been proven to be required. Usually the proof of requirement is pretty damaging. I suppose the quality level of mtgox coding is on par with their ability on html/css/graphic output.

Does nobody consider that some (PHP/Web) CMS projects have millions of lines of code and years of user testing on millions of installations and still identify and fix security holes? And people never use those (in this community), instead they cowboy-code their own low complexity implementations?