David Kierznowski at BlogSecurity suggests that WordPress is “insecure by design.” What he means is that in general WordPress does not sanitize MySQL queries. He recommends that WordPress provide “a proper set of SQL safe functions (i.e. $wpdb->escape_int and $wpdb->escape_str” and “use mysql_real_escape_string(), and have clearly defined coding standards and security policies” like Drupal does. [...]
Recent Comments
- 20个最好的wordpress搜索引擎优化插件 ‹ 站长巴士 on Paged Comments and the SEO Problem: A Solution
- alfred brooks on NPR Interns’ Blog Powered by WordPress
- 20个最好的wordpress搜索引擎优化插件 - 奇夏工作室 on Paged Comments and the SEO Problem: A Solution
- SEO Plugin untuk Wordpress | Anggit Herdian Web Blog on Paged Comments and the SEO Problem: A Solution
- wordpress搜索引擎优化插件 | 米爱网博客 on Paged Comments and the SEO Problem: A Solution
-
RSS Subscription Feeds