>and if the code is full of shortcuts and not properly commented, how many of these will result in an exploitable security risk.
I took what your guy said with a grain of salt, only because he called the lack of a check for a successful open of the config file "horribly broken." Have you run assp without a config file? Try it... It is a lot easier to destroy than create, and a lot easier to criticize code than to submit patches. "Exploitable risk" in ASSP is a controllable thing, without knowing a stitch of Perl. How do you run it? As root, or administrator in Windows? Whoops - don't blame the code. You, as the system administrator, must determine what the risks are and react appropriately. ------------------------------------------------------------------------- Take Surveys. Earn Cash. Influence the Future of IT Join SourceForge.net's Techsay panel and you'll get the chance to share your opinions on IT & business topics through brief surveys - and earn cash http://www.techsay.com/default.php?page=join.php&p=sourceforge&CID=DEVDEV _______________________________________________ Assp-user mailing list [email protected] https://lists.sourceforge.net/lists/listinfo/assp-user
