Another Include...

Discussions of secure PHP coding. Security in software is important, so don't be afraid to ask. And when answering: be anal. Nitpick. No security vulnerability is too small.

Moderator: General Moderators

User avatar
Maugrim_The_Reaper
DevNet Master
Posts: 2704
Joined: Tue Nov 02, 2004 5:43 am
Location: Ireland

Post by Maugrim_The_Reaper »

Only a possible suggestion.. On an online game for instance this could be useful. If someone tries things like passing illegal values you could cancel their account. If you notice my first recommendation was the home page.
Anyway, aren't we validating and filtering all this input? It's just as useful to define the expected GET/POST keys, and their types. Check actual data, filter out the undefined stuff, and then onto your script and its usual checks on the superglobals.

Not sure about cancelling. What is someone is posted a false url (just to get them cancelled/banned)? Better the data is filtered then sanitised where needed. If must be, plant a few log entries and notify a game admin by some method...
Post Reply