now im confused... (making user input safe) |
[eluser]n0xie[/eluser]
I think this should be simple common sense for ANY webdeveloper. 1. Treat all data entered by users as 'tainted'. This includes SESSION and COOKIE data. 2. Validate all data input to make sure it is what you expect it to be 3. Sanitize all data input whenever you store it (DB/XML/JSON). 4. Escape all data input whenever working with a DB (CI AR does this for you). 5. Filter or Escape any data when outputting it (either to a browser, cookie, session or whatever). There are zillions of articles about poor PHP security. This should be the first thing you learn whenever you want to write secure PHP code. For some pointers read this article: http://mavrck.com/blog/2009/04/05/keepin...te-secure/ |
Messages In This Thread |
now im confused... (making user input safe) - by El Forum - 04-22-2009, 08:59 PM
now im confused... (making user input safe) - by El Forum - 04-22-2009, 09:06 PM
now im confused... (making user input safe) - by El Forum - 04-22-2009, 09:21 PM
now im confused... (making user input safe) - by El Forum - 04-22-2009, 09:28 PM
now im confused... (making user input safe) - by El Forum - 04-22-2009, 09:37 PM
now im confused... (making user input safe) - by El Forum - 04-22-2009, 09:43 PM
now im confused... (making user input safe) - by El Forum - 04-23-2009, 03:50 AM
now im confused... (making user input safe) - by El Forum - 04-24-2009, 06:33 AM
|