Page 1 of 1

filter metacharacters from user input.

Posted: Tue Jan 28, 2014 1:01 am
by ichikawaono
How to filter metacharacters from user input. This is the finding after Security Posture Assessment.Nowadays, most of the web applications have this kind of problem. How to filter it? :banghead:

Re: filter metacharacters from user input.

Posted: Tue Jan 28, 2014 1:04 am
by requinix
Best practice is not to filter the input but to escape it so that it won't cause any problems. Unless you want to post code to get help understanding what's wrong and how to fix it, Google for terms like "SQL injection" and "XSS".

Re: filter metacharacters from user input.

Posted: Tue Jan 28, 2014 1:17 am
by ichikawaono
do we need to develop a new function for this. It Happen on my forgot password and email's field..does anyone have fix this problem before this

Re: filter metacharacters from user input.

Posted: Tue Jan 28, 2014 12:55 pm
by requinix
It depends on the code you have in place now.

I'm going to keep shooting blind until you start giving real, concrete details about the application.