At 03:28 PM 6/21/2002 -0700, you wrote:
>You know I am far from an expert on this in any shape or form, but if I
>were doing this (and this may already be assumed in another mail
>thread) before solving that problem I would first define a system that
>allows the developer to specify a small set of valid input chars and
>reject everything else at the boundary. Its pretty damn hard to run sql
>injection, xss etc anywhere if you only allow A-Z ASCII as input.
A-Z
a-z
0-9
- (dash)
_ (underscore)
space (ASCII 32)
I *think* we're safe with those characters...
--
Steve Sobol, CTO (Server Guru, Network Janitor and Head Geek)
JustThe.net LLC, Mentor On The Lake, OH 888.480.4NET http://JustThe.net
"In a 32-bit world, you're a 2-bit user/You've got your own newsgroup:
alt.total.loser" - "Weird Al" Yankovic, "It's All About the Pentiums"
|
