Re: PHP snippets (once again)

On May 7, 2006, at 9:51 AM, Kieran Lal wrote:

> How about a write page called common security flaws in snippets.    
> In the Drupal community we spend more time explaining coding style  
> then we do teaching new users how to avoid security flaws in  
> contributed modules or in snippets.  Security awareness has to  
> become part of the culture and that means explaining security  
> vulnerabilities in public and educating the community.

+++1

As someone always learning about Drupal code practices, I think this  
is a great idea.

To add to this, it would be *fabulous* (if someone had the time) to  
transparently correct some of the snippets. I'm a big believer in  
case study learning. There's only so much you learn from the abstract  
theory and rules. Breaking down the process for particular cases can  
add much value to this -- and, I might add, lead to more competent  
coding from more people.

(Written as someone wondering how many of her contributed snippets  
might have security flaws.)

Laura

--
Pending work: http://drupal.org/project/issues/documentation/
List archives: http://lists.drupal.org/pipermail/documentation/