Comments on: Plugins…..

By: WordPress Plugin Security: Dangerous Combinations | Technosailor.com

WordPress Plugin Security: Dangerous Combinations | Technosailor.com — Sat, 29 Nov 2008 20:14:52 +0000

[...] What is a dangerous combination? [...]

By: WordPress Plugin Security: What is Dangerous? | Technosailor.com

WordPress Plugin Security: What is Dangerous? | Technosailor.com — Sat, 29 Nov 2008 20:02:45 +0000

[...] WordPress support maven, Podz, asks on his blog, “What is Dangerous?” [...]

By: WordPress Plugin Security: Less is More » Technology, Blogging and New Media

Mon, 23 Apr 2007 04:04:59 +0000

[...] diverge off the mapped out route and organically grow this series a little more. Hopefully it suits Mark and WordPress users everywhere. To reiterate, this series is designed for the non-developer, the [...]

By: WordPress Plugin Security: Less is More » Technology, Blogging and New Media

Thu, 12 Oct 2006 17:57:16 +0000

[...] As I continue in my ongoing series on plugin security for WordPress, I’m going to diverge off the mapped out route and organically grow this series a little more. Hopefully it suits Mark and WordPress users everywhere. To reiterate, this series is designed for the non-developer, the “average guy” so to speak. Security is a mystifying area but it requires a good bit of demystifying. [...]

By: WordPress Plugin Security: Dangerous Combinations » Technology, Blogging and New Media

Wed, 11 Oct 2006 03:17:42 +0000

[...] What is a dangerous combination? [...]

By: WordPress Plugin Security: What is Dangerous? » Technology, Blogging and New Media

Thu, 28 Sep 2006 16:06:31 +0000

[...] WordPress support maven, Mark, asks on his blog, “What is Dangerous?” [...]

By: Mark

Mark — Mon, 25 Sep 2006 08:54:26 +0000

aJ - I have no problem with the core code. Never have. I have no particular problem with plugins either. I made the above post in response to a quote on Technosailor’s blog and it was directed very carefully at “those that code”. Notice how so far only Technosailor has taken up the challenge….

Skippy has one point, Matt has another and I think all hosts should allow cron jobs. Any plugin that requires regular user action will fail that user at some point - people just do not take enough backups. That’s not a plugin fault, it’s inertia and yes it applies to the new xml feature too.

Like I said though I do not have a problem with code code - there are too many people picking holes. You want to have a pop about this? Go poke the guy who called it a ’security nightmare’ - I have dozens on people who call on me for services and skippy’s plugin has never been an issue.

As for the change? Like Matt says it will happen again with something and the forums will still recommend it.

By: aJ

aJ — Mon, 25 Sep 2006 08:33:38 +0000

Followup to the above trac ticket. I think Skippy makes a very fair point.

Ps. I am in no way associated with Skippy except a very pleased and thankful user of his excellent plugin.

By: aJ

aJ — Mon, 25 Sep 2006 08:31:50 +0000

This is a perfect example of what your post asks people not do. Your post is excellent and the questions are very relevant for people not involved in the development effort.

And the above comment, coming from Matt is even worse since he is the administrator/creator/ or WP and he should be more responsible especially after making WP a community effort.. Such attitude sucks and will turn off potential plugin writers :(

By: Understanding Implications of WordPress Plugin Security » Technology, Blogging and New Media

Sat, 23 Sep 2006 17:18:18 +0000

[...] Yesterday, I posted details about a cross-site scripting (XSS) exploit in a popular WordPress plugin which prompted Mark, support maven for WordPress to challenge the WordPress development community to contribute back to the community by detailing what makes plugins unsafe. [...]