Re: Good Answers

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



As usual, Richard shows the quality of his mettle! :-)

I absolutely agree, some ideas:

1. have the mailing list automatically add a single line to the
mailing list sig that promotes security/good-practice and points to phpsec.org?
(I guess only someone like Rasmus could say whether this was even an
acceptable proposition)

2. promote 'hacking ethos' in general - which starts with RTFM but goes
further in that 'newbies' should be encouraged to broaden their understanding
of a problem area beyond 'getting it to work'

3. dish out more praise to those 'newbies' that do go the extra mile to
enrich their own skills beyond what is strictly necessary to get their
job done. encourage research and problem solving.

4. conversely I do believe we can [keep] making it clear that certain
attitudes don't cut it - I'm referring to the 'please do my job for me
crowd' - (in the end you can't save the all ;-) - maybe we can 'nominate'
certain experienced people to reply to messages which are blatantly bad
questions (and/or show blatant signs of not being interested in the 'why's)
encouraging people not to answer until the OP until he/she shows signs
of wanting to expand their own understanding and researching their own
problems. for instance the only reason I hardly ever have reason to
ask a question on the list is because the information/answers I'm looking
for have 99% of the time already been documented in articles/tutorials/etc
on web - (i.e. I'm always saying 'how the **** does that work' and almost
always someone 'out there' has already written something that explains it!
it's a matter of finding it and taking the time to read/re-read)

[quite probably point 4 does not come accross the way I meant - in which
please ignore :-)]

in short I stand by you notion and will try to do my part.

[the kind is dead, long live php]

Richard Lynch wrote:
Hey y'all...

In the spirit of improving the mailing list, I'd like to suggest that
we, as a group, attempt to not provide answers with Bad Practices, or
at least always to point out that the Sample is Bad Practice for
production sites?

For example, an answer to a question about <?php echo $foo?> where it
is clear that register_globals is "off" should either specifically
sanitize the data, or make reference to the need to sanitize the data,
or link to http://phpsec.org or something along those lines.

Otherwise, we merely perpetuate the problems of Bad Code with our
answers to newbies, who then run off and write insecure sites and
cause us more grief down the road.

Hmmm.  Maybe this should be part of a Netiquette document "How to give
good answers" right next to that "How to ask good questions" document
:-^


--
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php


[Index of Archives]     [PHP Home]     [Apache Users]     [PHP on Windows]     [Kernel Newbies]     [PHP Install]     [PHP Classes]     [Pear]     [Postgresql]     [Postgresql PHP]     [PHP on Windows]     [PHP Database Programming]     [PHP SOAP]

  Powered by Linux