Security T & D
Posted: Wed Mar 02, 2005 9:50 am
This is the new thread from the Thread With No Subject Line
What are the common threats and problems related to PHP web applications?
Would you implement a security object that would analyse all the data being sent to a PHP script? Would this object walk GET and POST data, do fix up and put the data back in the original variables? Would you access the object instead so you can type the data that is returned.
Let's get the party started...
BTW - To keep code posts clean, if you revise your code put it back in the original post and make a mention of the edit at the bottom. This will keep us from playing with older versions of the code.
What are the common threats and problems related to PHP web applications?
- SQL Injection
Session hijacking
Bogus data in FORMs
Malformed URL's
Slipping HTML into FORM data
Invalid data types coming from FORMs
Would you implement a security object that would analyse all the data being sent to a PHP script? Would this object walk GET and POST data, do fix up and put the data back in the original variables? Would you access the object instead so you can type the data that is returned.
Let's get the party started...
BTW - To keep code posts clean, if you revise your code put it back in the original post and make a mention of the edit at the bottom. This will keep us from playing with older versions of the code.