|
|
|
|
|
|
by apgwoz
6627 days ago
|
|
|
Let me be perfectly clear. I have not investigated the code of Chyrp, primarily because I was turned off right away by a) the number of queries made, b) unsalted-hashed password in cookies (not that salted-hashed password in cookies is any better) and c) the fact that I dislike PHP. I should also mention, that I'm NOT an advocate of WordPress either. I didn't say that there's an is_admin thing, just that the password is stored in a cookie, seemingly for the purposes of authentication. Storing a hashed password like that is probably a bad idea, and perhaps even worse is storing the associated user id with it. Logging into the demo and looking at my cookies shows both of these things. This does nothing to prevent session hijacking, at all. In fact it doesn't even make an attempt. In regards to queries, I should point out this screenshot taken a few minutes ago: http://apgwoz.com/images/chyrp-85.png in which you'll notice, 85 queries, a bit worse than the 55 I saw before. It was probably my mistake for linking to the homepage, which shows 18 queries, rather than an inner page with other content. I apologize for that lack in judgement. As for wanting the software to improve, you're right--I don't care. It's not solving a problem that hasn't been solved many times before, and aside from looking pretty I don't really see the need for a new blog platform. Just my 2 cents. Good luck in your efforts to release a version 2.0. EDIT: I wanted to commend you on your sense of style. I really like the Chyrp homepage's design. |
|
|
Thanks for the design compliment. :) I might be changing it soon though, since white-on-black doesn't really work well for other sections of the site, like the documentation and forums.