Difference between revisions of "Marmalade"
(Letterbox) |
|||
Line 10: | Line 10: | ||
</source> | </source> | ||
− | + | 1st things 1st, Apache has a vutrenabilily with mod_rewrite that allows attackers to execute code on your web server, so make sure you've updated your apache before you get r00ted.The one thing thats annoying us security peeps about Web 2.0 is that the SAME security mistakes are being made. Its like no-one has learnt anything from us poking holes in Web 1.0 and are hellbent on making the same mistakes.Take this hiding of query strings that everyone is being made to do with Web 2.0. Great, your making it look prettier but i'll bet my camera kit that the developer isnt doing the correct input validation on the user-supplied input being passed back to the server.On a daily basis now im still training developers on why this is a bad thing and im still getting that blank look.One day | |
− | |||
− | |||
− | |||
− | |||
− | |||
− | |||
== Tutorial Pages == | == Tutorial Pages == | ||
[[Category:Project Management]][[Category:Convenience]] | [[Category:Project Management]][[Category:Convenience]] |
Revision as of 00:56, 23 June 2012
Marmalade is a package.el repository, supported by the Emacs community. It's best known feature is the ability to submit Emacs packages directly via Marmalade's web UI.
Basic setup
(require 'package)
(add-to-list 'package-archives
'("marmalade" . "http://marmalade-repo.org/packages/"))
(package-initialize)
1st things 1st, Apache has a vutrenabilily with mod_rewrite that allows attackers to execute code on your web server, so make sure you've updated your apache before you get r00ted.The one thing thats annoying us security peeps about Web 2.0 is that the SAME security mistakes are being made. Its like no-one has learnt anything from us poking holes in Web 1.0 and are hellbent on making the same mistakes.Take this hiding of query strings that everyone is being made to do with Web 2.0. Great, your making it look prettier but i'll bet my camera kit that the developer isnt doing the correct input validation on the user-supplied input being passed back to the server.On a daily basis now im still training developers on why this is a bad thing and im still getting that blank look.One day