SoftwareSecurity2012/Group 6/Wanted Documentation

Uit Werkplaats
< SoftwareSecurity2012‎ | Group 6
Versie door S4159721 (overleg | bijdragen) op 19 jun 2012 om 13:45 (Feedback on FluxBB documentation)
(wijz) ← Oudere versie | Huidige versie (wijz) | Nieuwere versie → (wijz)
Ga naar: navigatie, zoeken

Feedback on FluxBB documentation

In general, we found that the documentation was well-written and helpful. We especially made use of the pages about the database layer, the constants, and the variables, as they saved a lot of time in trying to figure out what variable was used where, and for what purpose.

The code was well commented and structured, and easy to read. Especially for examining the database layer, the categorization of the different types of databases, and their corresponding escape(), query() etc functions was very helpful. We saved a lot of time at that point in the project, since checking a few functions in predictable places allowed us to conclude that, for instance, a specific type of query was safe.

One problem we had was figuring out what type of variables went into the configuration file, config.php. This wasn't very well documented and had no examples of its contents. This file was also only created upon successful installation, so it meant that we had to do a local install to quash any doubts that stemmed from the security of the contents of this file. The contents of config.php were frequently called from other files, especially the $db_prefix variable, and we wanted to make sure that this variable in particular was safe. We would have liked to see some comments on what type of variables could be included in this file, as well as explanations.