Discuss mailing list

[Brian Koontz <brian AT pongonova.net>]

On Sun, Dec 12, 2010 at 02:15:02AM -0600, Caleb Langeslag wrote:
> Been curiously looking through the Galium source code tonight and
> noticed some bugs and vulnerabilities within Galium (which NovaKing
> also found a couple hours earlier before I had). Regardless; there's
> SQL injection vulnerabilities throughout Galium, and lack of
> consistent development styles and structure. Therefore; it would
> probably be most sane to just do a complete rewrite of it (which
> wouldn't take all that long to do either) that would be more versatile
> and offer more functionality.
> 
> Thus I'm curious: What you like to see in a rewrite of Galium (if
> we'll still call it such; I'm not the original developer or anything)?

I've been thinking the same thing.  In fact, my galium site
(http://register.gopher) is a "hardened" version of galium, with all
inputs sanitized.  I'm not a big fan of MVC arch, especially on
smaller projects where files just get scattered to the winds.
Projects like this tend to benefit more from a more monolithic arch.

At any rate, I was planning to check in my fork as Germanium (the next
element in the periodic table).  Tim (the author) didn't seem too keen
about accepting bug reports and patches the last time I spoke with
him.  

Also, Julian has written a number of enhancements for galium.  

Finally, galium (or a fork) would benefit from a comprehensive admin
panel.  When I asked Tim about it, he told me to use phpMyAdmin.  So I
think that about sums up the author's attitude re future development
of galium!

  --Brian