[wp-hackers] WordPress 2 and Client Side Scripting

Roy Schestowitz r at schestowitz.com
Mon Nov 28 12:11:00 GMT 2005

_____/ On Sun 27 Nov 2005 18:57:02 GMT, [Amit Gupta] wrote : \_____

> Theodor Ramisch <theodor_ramisch at hotmail.com> wrote:
> |  Unfortunately I had to see that you are using custom
> |  classes to do such "common" effects. That makes
> |  plugin development harder if you have to deal
> |  with them on plugin options pages for example.
> |
> |  Why not rely on well known, stable libraries
> |  like script.aculo.us and prototype? There are
> |  a lot of developers who already worked with
> |  them and adapted to functions like "$" which
> |  replaces the document.getElementById.
> I'd say that learning to use the libraries that WordPress is using
> won't be that hard. I mean you learnt to use the plugin API as
> well, no? its not similar to other blogging systems if I'm not
> wrong, so why the fuss over the client-side API? its not mandatory
> afterall, you can take it as an expansion to the plugin API if you
> want & learn it if you want to make use of it in your blog, else you
> can just leave it.
> Aaron Brazell <aaron at technosailor.com> wrote:
> |  While I don't know the answer to this, I might point out that
> WordPress
> |  opted NOT to use the "common" XML-RPC libraries and by doing so,
> |  avoided having thousands of blogs vulnerable to an exploit a few
> |  weeks ago.  Mob tendencies, while often nice for developers, aren't
> |  always a good thing.
> yeah well, you can say that!! :) every coin has two sides. ;) using a
> commonly
> used library has its pros as well as cons!! its just a matter of
> weighing the
> pros & cons to determine the correct library!! :)

Exactly. Let's not forget that less commonly-used libraries, e.g. homebred
implementations, even with flawed security, are less unlikely to have their
vulnerabilities exploited.

There are exceptions nonetheless. There used to be many 'in-the-wild' viruses
for RISCOS despite it being a scarce minority. The platform suffered despite
claims such as the ROM-based O/S making immune to trojans. Then again, we see
cases where Sony's rootkit is maliciously 're-used' by malice. Obscurity is
valuable in the context of security.


Roy S. Schestowitz

More information about the wp-hackers mailing list