Quote:
|
Originally Posted by flesco
But then you could argue that if a bug is found in an open source base, then it would be pretty easy for a hacker to exploit it; with closed source bases, it would be harder for the bug to be found and for a hacker to then exploit it.
|
Yes that's also true, it's the other side of the coin. However it depends how the bug is found, with open source it's not just hackers who would be looking for them, it's also open for people to find them and highlight as bugs, which would mean it would get fixed quicker.
With closed source how can the general public find these security holes? They'd have to hack, and the people who know how to hack are hackers, I don't think they'd want to report that they've found a successful way to hack; so it wouldn't get fixed as quickly.
The majority of the times it down to the coder, not the language.
For example how many of you have developed using inline queries? If you have a login box which does the following query.
ASP
Code:
Dim sql
sql = "SELECT * FROM user WHERE username = '" & Request.Form("username") & "' AND password = '" & Request.Form("password") & "'"
PHP
PHP Code:
$sql = "SELECT * FROM user WHERE username = '" . $_POST['username'] . "' AND password = '" . $_POST['password'] . "'";
Both of these are insecure as each other. If a someone knew a username eg. mephisto, then all they need to pass the above login is type the username as
mephisto' -- and the password could be anything.
Which would make the SQL query
Code:
SELECT * FROM user WHERE username = 'mephisto' --' AND password = ''
everything after the -- is a comment, so this effectively
Code:
SELECT * FROM user WHERE username = 'mephisto'
and there you have a sucessful login, regardless of the programing language, just down to the code.
Best way around this is to use prepared statements, or at least escape your values.
For those who are wondering, I just tried this with eUKHosts forums and it doesn't bypass the login
