Quote:
|
Originally Posted by skitzo
When you really look at the software design of OSC its much different then what it appears to be.
- The development style is not structured as well as it could be (im being nice here) no real template engine, no db interface for proper portability, the list here doesn't end. The only way is by patching such subsystems. A lot of things like this could of been made to be modular. Nows its the microsoft issue of having to retrace their steps to fix things.
- When a concept like "register_globals" had become a concern the developers made it difficult more then anything to have such a facility patched, even now its causing headaches because php is attempting to drive globals out of programming. And if you want to run a secure PHP / Apache system enabling phpsuexec and disabling globals is important, OSC didnt really think so.
- Customization is awful, it could be done millions upon millions times better going back to having a decent template engine
- Exploits released in the past a few of them were not minor, for instance enabling people to inject code that would be included in "require_once" statements. Maybe thats how the above site was hacked.
My advice is if your going to use it back up what you do, don't store credit cards in the db and make it so you can regularly upgrade your OSC, which after you customise it usually is a time consuming toe stubbing exercise.
A good program should never rely on server security. Even though it should be an important concern, defective by design they call it.
BTW I have over 4 years of OSC experience, i could show you my portfolio if your interested  |
cant beat server security, if the bad guys install a root kit the whole thing is rooted ...
When you really look at the software design of the bloatwares the major corporates running their businesses on all you points incl messy code requiring constant patching (Indian outsourcing has helped to mess it up big time - they getting what they are paying for
), poor portability etc etc do apply
In short, having worked with several 'commercial' large systems I am not at all averse to open source, partly those 'commercial' wares are there to give the bean counters a warm and fuzzy feeling that there is someone to blame when things go pearshape which they do from time to time
Always interested to see a good portfolio though, show us your good stuff
and secure
Similar Threads
