StackOverflow2013

Note that there are some explanatory texts on larger screens.

plurals

PO
primarykey
Id
15079670
data
AcceptedAnswerId
0
AnswerCount
0
ClosedDate
CommentCount
0
CommunityOwnedDate
CreationDate
2013-02-26T01:17:31.263
FavoriteCount
0
LastActivityDate
2013-02-26T01:17:31.263
LastEditDate
LastEditorUserId
0
OwnerUserId
765107
ParentId
15079309
PostTypeId
2
Score
3
ViewCount
0
LastEditorDisplayName
text
Body
No it's not acceptable to implement security after the project is done for multiple reasons. First, as has already been mentioned, whoever is footing this bill is unlikely to continue paying to implement the security features when they already have the product they want. The second reason is because it will take them much longer to go through and try to find the all the security vulnerabilities than it would be to code it correctly the first time and implement any security measures as you're writing that code. Doing it this way would also be easier to do because you can write security libraries which will do things like escape data for you so that it just becomes fluid to write the code by doing a simple call to the escape function/method. The third reason is because there is absolutely no way that they will be able to find all of the vulnerabilities by looking back through the code. It's hard enough (see near impossible) to write the code without security bugs, let alone to go back through it and find all of those security vulnerabilities. As for a suggested framework, I really don't have one as I never used frameworks either, only the libraries I've written in the past to use. This however comes down to just finding good developers and not ones who say they can get it done for a super low price. The PHP developer pool is filled with these half-assed developers, and I'd say a fair number of them prefer pre-made frameworks. The trick is to just find some good ones from the start. The only option you really have for securing an application written poorly like this is to get a WAF (web application firewall) and have it filter any malicious content being sent to the server. This isn't a silver bullet though for poorly written code. I wouldn't even call it a band-aid, more of a hail-mary. One final thing is that I very much disagree that they are understaffed with 3 people writing this. I wrote something similar 4 years ago by myself (well ok there was an html guy) in under 3 months. Two of those 3 months were completely rewriting sections because the client would change his mind once it was complete plus writing in side features that turned it into more of a social network than a classified site. If I could do most of that myself in that amount of time, they should easily be able to get it done (and secure) in a month and a half with 3 people.
Tags
Title
singulars
PostAcceptedAnswerId
1. This table or related slice is empty.
PostParentId
1. POIt is reasonable to implement security in a web app after implementing its main features?
 singulars
 PostTypePostTypeId
 PTQuestion
PostTypePostTypeId
1. PTAnswer
UserLastEditorUserId
1. This table or related slice is empty.
UserOwnerUserId
1. USEric
plurals
PostLinksPostIdRelatedPostId
1. This table or related slice is empty.
PostLinksRelatedPostIdPostId
1. This table or related slice is empty.
PostsAcceptedAnswerId
1. POIt is reasonable to implement security in a web app after implementing its main features?
 singulars
 PostTypePostTypeId
 PTQuestion
PostsParentIdCreationDate
1. This table or related slice is empty.
VotesPostIdCreationDate
1. VO
 singulars
 PostPostId
 PO
 UserUserId
 This table or related slice is empty.
 VoteTypeVoteTypeId
 VTUpMod
2. VO
 singulars
 PostPostId
 PO
 UserUserId
 This table or related slice is empty.
 VoteTypeVoteTypeId
 VTUpMod
3. VO
 singulars
 PostPostId
 PO
 UserUserId
 This table or related slice is empty.
 VoteTypeVoteTypeId
 VTAcceptedByOriginator
CommentsPostId
1. This table or related slice is empty.

Querying!

Guidance

A row detail

Detail views are divided into sections. All the information in the data section comes from columns in the selected row. The other sections display data from other, related rows.

Related data can be related in a to-one or a to-many fashion. Captions of data related in a to-many fashion link to a list view showing a filtered view of the table.

Try moving around until you find a non-empty to-many entry and click on the label to get to one. You can move back to the root by clicking on the database name in the header.