Data calmer - about security

21.10.2007 Just to protect myself from false claims, which - almost - seem to have became a norm and one of the basic strategies for competing in the Information technology -field, I'm announcing, that security issues are taken seriously here. When ever user makes an action - by pressing a link or by making a search, nothing will be sent to server without parameters being checked first. Also, software on the server part, will not accept anything without checking that all the parameters are in suitable format. Common attack-technique called MySQL-injection wouldn't work. Also, none of the separate widgets, components or desktop applications will not create a security issue to you or your computer.

See a draft about typical processing of AJAX-request of most of online tools of Data calmers (in finnish only).



CERT-FI (Finnish national Computer Emergency Response Team) reported on 13th of October 2007, that passwords of users from many finnish discussion forums have been stolen and released to public (to internet). They also report that software motoring targeted forums were based on PHP, which had outdated and old versions installed, or components from 3rd parties containing security flaws. As general public might not be educated enough - in this matter - they might understand the issue like: "PHP bad, not yet certificated 3rd party components BAD". Take those word in slight humorous sense, not too literally. PHP isn't any worse than some other programming language - in security sense - it's just the newcomers, who yet aren't learned to take care of all the basic issues. No, wait.. that's not fully true. Even well-educated Microsoft employees aren't able to fix the security flaws in their products. Not even after - like - 8 months, since they were found.