one function for all security threats?

Discussions of secure PHP coding. Security in software is important, so don't be afraid to ask. And when answering: be anal. Nitpick. No security vulnerability is too small.

Moderator: General Moderators

User avatar
Maugrim_The_Reaper
DevNet Master
Posts: 2704
Joined: Tue Nov 02, 2004 5:43 am
Location: Ireland

Post by Maugrim_The_Reaper »

I'm pretty sure he was referring to an array based Front Controller - if the GET value does not match a listed page then the user would be shown an error. In the absence of a specific format that would work. Might still be useful to check what you intend allowing in the GET value - will it be alphanumeric only? Then you can check its valid quickly using ctype_alnum(), for example.
User avatar
Mordred
DevNet Resident
Posts: 1579
Joined: Sun Sep 03, 2006 5:19 am
Location: Sofia, Bulgaria

Post by Mordred »

arborint wrote:
The Ninja Space Goat wrote:yea it's awesome_magical_super_wonder_function() :lol:
That has been depricated ... use:

awesome_magical_real_super_wonder_function([mixed $pixiedust])
Mixed pixiedust, LOL!
Ever since the magic_quotes fiasco, one would imagine PHP designers should have learned, eh :)
anyone got any pieces of code which i can try and inject into my site?
Unfortunately (?) this forum's policy doesn't allow us to discuss penetration tactics, but if you show some code, then we can discuss concrete problems with it.
User avatar
Christopher
Site Administrator
Posts: 13596
Joined: Wed Aug 25, 2004 7:54 pm
Location: New York, NY, US

Post by Christopher »

Mordred wrote:Ever since the magic_quotes fiasco, one would imagine PHP designers should have learned, eh :)
Why PHP does not have Request, Response, Filterchain and Validator classes in SPL after all this time is beyond me (they must be busy working on RecursiveSeekableCachingDirectoryRegexpIteratorIterator :crazy:). Although looking at the learning curve going on with those classes in the Zend Framework and things like the new filter extension ... perhaps it is a good thing that is has not been implement yet! ;)
(#10850)
User avatar
feyd
Neighborhood Spidermoddy
Posts: 31559
Joined: Mon Mar 29, 2004 3:24 pm
Location: Bothell, Washington, USA

Post by feyd »

The SPL has gone beyond the realm of useful for myself to the realm of bulky and wasteful. It's a shame, I had high hopes.
Post Reply