Geof's Relentless Kvetching About WordPress

Thoughts and Complaints About WordPress

An Agreeable Openness

with one comment

Well, again we’ve got folks claiming to have found a remote SQL injection in WordPress, one that affects all versions. At least the discoverer, Alexander Concha, did the right thing: notifying the WP folks. He’s chosen not to disclose information about the hole, which means one of two things:

  1. It’s bogus.
  2. It’s heinous.

Because I’m weird and like to know about these things, maybe I should just ask Mark Jaquith about it, considering that he was great in discussing the WordPress “worm”. Matt’s probably still busy defending himself against straw men, anyway.

So, how about it, boys? Can you address the question? Or will it just be four weeks between notice and release without much comment otherwise? Yes, yes, yes, I imagine that I could look this up in Trac, but I’m an aerospace engineer, not a computer one; your PHP is as fuzzy to me as my Navier-Stokes equations likely are to you.


Lest you think that I am anti-Matt here, I’m not, because I think Duncan Riley was being an ass. Implicit in that comment is agreement with Mark Jaquith’s comments on the saga, especially:

Matt made a huge mistake by allowing [all the SEO-optimized crap on WordPress.org]. I was disappointed in him at the time, both personally and professionally. But he’s learned from that mistake. More than that, he’s lead efforts to warn others about that kind of behavior. That’s what the whole “sponsored themes” thing was about. That’s what the Vanilla comment was about.

See, exactly. While I have butted heads with Matt, I always find him willing to listen. That’s why I’d buy him several, several beers if we ever ended up in Houston at the same time. [Note to self: next time you're headed to JSC for work, ring Matt up.]

Written by Geof F. Morris

Fri 24-Aug-2007 at 20:20

Posted in Security

One Response

Subscribe to comments with RSS.

  1. [...] « An Agreeable Openness [...]


Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s

Follow

Get every new post delivered to your Inbox.

%d bloggers like this: