On 7/17/08, Stut <stuttle@xxxxxxxxx> wrote: > > On 17 Jul 2008, at 14:10, tedd wrote: > >> At 10:28 PM +0100 7/16/08, Stut wrote: >> >>> Oh, and you'd be working for me so bear that in mind ;) >>> >>> -Stut >>> >> >> It's no wonder why you haven't found anyone. :-) >> > > Thanks for that tedd. > > Seriously though, I'm wondering if my expectations are too high... I expect > them to know that addslashes is not adequate protection against SQL > injection. I even had one tell me "SQL injection? I can't remember but I'm > sure I've used it before". And I won't even go into the guy who asserted > that he's always worked with DB administrators who've dealt with security > issues so he'd never needed to learn about it. > > Am I expecting too much?!? > > -Stut Surely you're being rhetorical, Stut, but no, you're not expecting too much. However the guy(s) who worked in a larger organization likely did have a very clear delineation of roles and responsibilities, as I am experiencing in a new position, and therefore may not be current on best practices in areas outside of their role. When my group leader instituted the current policy regarding job functions, a number of the open source guys decided their unused skills were eroding and/or they were not being exposed to new learning, and they left the company. --David.
