i would have thought (perhaps wrongly) that someone would have created a series of functions/routines and wrapped them in a package/lib to deal with the security issues that i've raised!! but i have to tell you. i've looked at some open source classess/apps that aren't that strong. in fact, some simply have no real checks on the data types/structure of the data being inserted into the db at all... and aaron, your app is a commercial app. for now, we're looking in the open source area where we can get to the underlying source. -bruce -----Original Message----- From: Aaron Greenspan [mailto:aarong@xxxxxxxxxxxxxxxxx] Sent: Wednesday, September 21, 2005 7:18 AM To: php-general@xxxxxxxxxxxxx Subject: Re: security/sql issues with php Bruce, If you're looking for commercial-grade open-source packages, I think you're going to have a pretty hard time finding much. Most commercial-grade software is...commercial. The truly robust open-source packages, i.e. Mozilla, MySQL, JBoss, BerkeleyDB, etc., are backed by some sort of commercial, or at the very least, corporate, entity. The rest, more often than not, are not commercial-grade; the support structures that companies require just don't exist for those packages. I've offered to help you before via our commercial framework, Lampshade, which handles I'd say 98% of everything you want, and can be easily customized or added to in order to handle the remaining 2%. It's not open-source, but it also doesn't need to be since the documentation is so extensive. It's used in applications for all sorts of organizations from Harvard University to companies traded on the NYSE. There may be other open frameworks that are used just as widely--I would venture to guess phpNuke and the-CMS-formerly-known-as-Mambo--but as you've discovered, they don't do half of the things you'd like to see all in one place. Also, Mambo's political machinations are a good example of what you don't want to see in a commercial-grade product. If you want to keep searching, I suppose no one's going to stop you. I'm just afraid it's not out there. Anyone, correct me if I'm wrong. Best of luck, Aaron Aaron Greenspan President & CEO Think Computer Corporation http://www.thinkcomputer.com -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
