Previous Entry Share Next Entry
The Order of Precedence is looking for a few good programmers!
device
jducoeur
As a number of folks have noticed, the OP has been dormant for a long time. That's because we've been in the middle of a project to move from the old system (hundreds of hand-maintained files, which were kind of a labor of love for Caitlin but *wildly* hard to maintain) to a proper database. We're adapting the system from Atlantia, and it's mostly working.

But I could use some help at this point. The code needs some serious security reviews and bugfixes before it goes live, and the SQL could stand some tuning. More generally, I'd like to have a team of folks working on this in the long term, to maintain and gradually enhance it.

So: if you'd be willing to participate in this project, please drop me a line! (Or comment on this post.) I'm especially looking for folks who have significant experience in Security, SQL, PHP, or combinations of these.

Thanks!
Tags:

  • 1
I would be happy to help.

Excellent -- thanks much!

I can do design review (not code level) if that is any help.

Wouldn't be a bad idea, certainly. I mostly know what I'm doing, but this is more your specialty than mine. (But there exists no proper design for this -- it's a big soup of *many* PHP files -- so we may have to work in more of a "have you checked for this?" mode.)

or use it as an opportunity to create design documentation - a roles matrix, for example. Because you don't know what is incorrect behavior if you aren't sure what correct is.

Could be, yes. At this point, I believe the code is simplistic in this regard -- all roles are either admins or not -- but it's likely that we'll want to gradually tease that apart.

The more immediate problem, though, is that I am *certain* that the code has SQL injection problems -- it took Gundormr all of about two minutes to find one when he began hosting it. So it's currently locked behind a server-level password, and we can't open it further until I have at least *some* confidence that we've addressed that and any other potentially severe risks...

Look at the book "How To Break Web Software" (just the table of contents) for a good list of things to worry about. :-)

(Can't help, no time, no time, omg)

I think I'm going to set up a mailing list (maybe a Google Group or something like that) for the project. If you're interested in participating, can you drop me a message with your preferred email address? I think we've mainly chatted via LJ messages recently, so I'm not sure I have one for you...

I would like to help. I have been using SQL for a while. I am guessing it is in MySQL?

Yep -- lots of MySQL queries, some of them impressively ornate.

Can you drop me a message (over LJ would be fine) with your email address? I think I'm going to set up a mailing list for the project. Thanks...

I've got some security and SQL experience, and I've been meaning to learn PHP. I also have plenty of spare cycles. Shoot.

Glad to have you on board! Don't think I have your email address handy, though -- can you send it to me in an LJ message or something?

I thought at least one address was in my profile (but I haven't checked the privacy rights on that lately).

at gmail works for me.

Ah, so it is -- I'm actually unused to people using that feature...

  • 1
?

Log in

No account? Create an account