Interview with Stefan Esser
I would like to highlight two of the key points made in the interview:
If I recall correctly, the phpBB guys at one point used their collected money and payed a security company to audit the software. I strongly suggest that the WordPress guys do the same. I am quite sure that there are still several vulnearabilities in WordPress. The free audits that they get from people releasing advisories will never cover the whole code base.
One should think that given the success of wordpress.com, doing external revisions like this should be within reach for the Wordpress codebase as well. Of course, this would not extend to third party plugins and themes, but having someone not associated with the product review the core code for security issues would be a very good idea (tm).
I am very glad that Gallery 2 hires third party security experts to do code reviews for each of the major releases. It really does make me sleep a little bit better at night, and the Gallery 2 security track record has been very good due to this and it's great developers.
I would actually do two things: 1. Switch off the SQL error messages, because they give far too much information to potential attackers. 2. Ensure that the default SQL tableprefix is not chosen during installation.
This also makes a lot of sense. Not showing error messages to random browsers should be a priority. Error messages often display more information than any user should need to see, and having error messages shown is often a way for attackers to figure out a way to break into the system. Randomizing the SQL tableprefix would indeed make it a bit harder to try and inject data, but at the same time it wouldn't stop anyone from inserting data into the database if they have access to the installation. After all, the prefix needs to be stored somewhere and in such a manner that the application knows about it.