top | item 39355321

(no title)

kalev | 2 years ago

Huge credits to the Caddy team, I’ve been using Caddy for all of my production projects over 4+ years and it’s absolutely rock solid. Never had an issue with it. Unfortunate a 3rd party plugin here is causing fallout by other HNers dumping their negative remarks here. Still, a security plugin which seems to have holes in it is a bit awkward. I’m sure someone will pick up what’s needed to be done.

discuss

ThePhysicist|2 years ago

Yeah, occasional security issues are part of the game and nothing to be ashamed of, on the other hand Caddy's headline is "makes your sites more secure, more reliable, and more scalable than any other solution". Maybe they should cut back one the hyperbole a bit.

Seems a bit like the situation with Wordpress, the core is pretty solid security-wise but the third-party ecosystem isn't as well-tested or maintained.

allendoerfer|2 years ago

The WordPress core is definitely not rock solid. It is shipping abandoned versions of third-party plugins with it (like TinyMCE), has horrible coding standards and to this day does not use prepared statements.

It is focused on backwards compatibility and simply does not prioritize security very much. All claims about “okay security in the core” come from having even worse plugins, it making a good story and simply an enormous user base.

hhh|2 years ago

Why should they cut back on their offerings because of a third party plugin?