 |
 |
 |
 |
|
|
Date: 07/03/01
- Next message: Hojtsy Gabor: "RE: [PHP-DOC] Re: [PHP-DEV] Security?"
- Previous message: eschmid+sic <email protected>: "Re: [PHP-DOC] Swedish translation"
- Next in thread: sterling hughes: "[PHP-DOC] Re: [PHP-DEV] Security?"
- Reply: sterling hughes: "[PHP-DOC] Re: [PHP-DEV] Security?"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]
On 4 Jul 2001, sterling hughes wrote:
> Ah well, I'm guessing most people have already seen this, still, I
> couldn't help passing it along... There are some good points (nothing
> we haven't discussed before) and some pretty bad points as well.
A lot of these are rather silly and are actually present in other
scripting languages when they are used in a web environment. Most of it
boils down to the fact that you cannot trust user data. The fact that
user data is easier to get at in PHP doesn't really change the model.
Making it harder to get the user data doesn't help if this data is still
not checked and used incorrectly once you do get it.
But, I do think it would be worthwhile to go through these and add a
section to the documentation highlighting the pitfalls and explaining how
to avoid them.
(cc'ed phpdoc with the hope that somebody will step up to do so)
-Rasmus
- TEXT/PLAIN attachment: phpsecurity.txt
- Next message: Hojtsy Gabor: "RE: [PHP-DOC] Re: [PHP-DEV] Security?"
- Previous message: eschmid+sic <email protected>: "Re: [PHP-DOC] Swedish translation"
- Next in thread: sterling hughes: "[PHP-DOC] Re: [PHP-DEV] Security?"
- Reply: sterling hughes: "[PHP-DOC] Re: [PHP-DEV] Security?"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]