[wp-hackers] Making WP more secure the evolutionary way

Mike Schinkel mikeschinkel at newclarity.net
Tue Jan 27 02:45:04 GMT 2009

"Jacob Santos" <wordpress at santosj.name> wrote:
> This is *exactly* what I don't want to see WordPress use. 

I concur. In my past I was always often trying to encapsulate things like SQL to "make things easier." These days I realize there is value to maintaining less abstraction especially when the thing that would otherwise be abstracted is well-known and standard such as SQL or HTML.  When I started programming in ASP in 1995 (after a 7+ years of prior dev experience) I tried to encapsulate HTML into an abstracted object. After much wasted effort I realized that, verbose though it may be, HTML was a great language on its own.

What usually happens when there is an abstraction developed is that it is rarely as well-architected as that which it abstracts and is by its very nature used and understood by many orders of magnitude less people and there are few it any tools that understand it.  Ultimately it dies on the vine as someone else writes a new "better" abstraction for the same thing. For example I really dislike the "$wpdb->posts" style of SQL in the WP core (though I do appreciate that it is a necessary evil) because I can't copy and paste it into my MySQL client for testing.

I'm not at all saying abstractions are always a bad thing just that they should be done sparingly, with great forethought and lots of community input.

-Mike Schinkel
P.S. If you advocates persist in moving in this direction, please do us a favor and at least write an query client that can understand it's syntax and allow a user to query MySQL interactively directly from your code. 

More information about the wp-hackers mailing list