January 26th, 2006

Linux, MySQL, LAMP, PHP, Apache

"Well, condoms don't _always_ work, so let's just not use anything!"

A recent post in lj_dev talked about the recent security vulnerability and linked to a bug patch in Mozilla/Firefox that would help ... mitigate this problem. I like Brad's recent comment about it:

While we could discuss forever that HttpOnly isn't a complete solution for all attack instances, that's not what matters. It's like saying, "Well, condoms don't _always_ work, so let's just not use anything!" HttpOnly does work most of the time, especially for stopping what our HTML/CSS spermicide doesn't.

heh... I think he made his point very valid by using an analogy like that. Too many people try to get away with not doing anything simply because it doesn't do everything (I could probably be included with that at least sometimes).

Reference: Mozilla/Firefox Comment #49, Bug #178993
  • Current Music
    "Ask Anybody" by Swirl 360