get_col("DESC $table_name", 0) as $column ) { if ($debug) echo("checking $column == $column_name
"); if ($column == $column_name) { return true; } } //didn't find it try to create it. $q = $wpdb->query($create_ddl); // we cannot directly tell that whether this succeeded! foreach ($wpdb->get_col("DESC $table_name", 0) as $column ) { if ($column == $column_name) { return true; } } return false; } } function btc_altertable() { global $tablecomments; $sql = "ALTER TABLE $tablecomments ADD COLUMN comment_reply_ID INT NOT NULL DEFAULT 0;"; maybe_add_column($tablecomments, 'comment_reply_ID', $sql); } function btc_alter_comment($new_id) { global $tablecomments, $wpdb; $sql = "UPDATE $tablecomments SET comment_reply_ID=".$_POST['comment_reply_ID']." WHERE comment_ID = $new_id;"; $wpdb->query($sql); } function briansnestedcomments() { global $font_gets_smaller; if (!($withcomments) && ($single)) return; // You can safely delete the single line below if your threaded comments are up and running btc_altertable(); ?> Usable Security » 2005» May

Archive for May, 2005

Netscape 8: More Security Choices

Sunday, May 29th, 2005

The front page at proudly announces:
The All New Netscape Browser 8.0
Speed, Flexibility and More Security Choices Than Any Other Browser
Speed: Good.
Flexibility: Good.
More Security Choices Than Any Other Browser: What ninny decided this was a positive feature?

Microsoft’s Folly

Thursday, May 26th, 2005

Adam Shostack mentioned the previous post (Hi, Adam!) and noted that Microsoft is “aggressively promoting” the myth that software is unconstrainable.  The first of their so-called Ten Immutable Laws of Security says
Law #1: If a bad guy can persuade you to run his program on your computer, it’s not your computer anymore.
Totally false.

Zaptastic Author Misses the Point

Thursday, May 19th, 2005

It’s nice how The Internets have a way of offering me real-life examples, like a cat leaving a dead bird on the doormat, only moments after i’ve been talking about something.  Thank you, Internets.
Recently, to demonstrate a security problem in the new Dashboard feature in Mac OS 10.4, Stephan Meyers created a “slightly evil” [...]

Security Carnival

Monday, May 16th, 2005

“The Armed Butler” is featured in the first Security Carnival, by Kyle Maxwell.  Check it out for links to other interesting articles related to security.

The Armed Butler

Thursday, May 12th, 2005

Read a typical news article about computer security and you will see words like “attack” and “defend.” People speak of software being “strengthened” or “hardened” as though it were some kind of physical substance.  That might cause one to envision cannonballs smashing into the high walls of a fortress, where the only hope [...]

Dangerous Analogies

Wednesday, May 11th, 2005

Argument by analogy is common in discussions of computer security.  It’s often a useful way to reason about things, but sometimes an analogy can mislead you.  I think a large class of misunderstandings about computer security are due to recurring problems in drawing analogies between what goes on in a computer and what [...]