Menu
▾
▴
[Phpwebsite-developers] More! [Phpws-developers] PHP Security Revisited]
|
From: Brian W. B. <br...@tu...> - 2001-11-26 18:26:10
|
Part 2 of this article is also worth reading. Here are links to both: PHP Security Pt. 1 http://softwaredev.earthweb.com/script/article/0,,12063_918141,00.html PHP Security Pt. 2 http://softwaredev.earthweb.com/script/article/0,,12063_922871,00.html Kind Regards, Brian -------- Original Message -------- Subject: [Phpwebsite-developers] [Fwd: [Phpws-developers] PHP Security Revisited] From: "Matthew McNaney" <ma...@tu...> To: <php...@li...> Everyone please read this article. It raises some important concerns. Namely: Do not process a user-submitted variable without filtering it.. EVER. Make sure user submitted uploads are checked for validity. Otherwise the file system can pull a sensitive file. Environment variables can be compromised. -------------------------------------------------------- Anyway, I identified breaches I have coded in. Let's make sure that we avoid them in the future. Matthew McNaney Internet Systems Architect Electronic Student Services Email: ma...@tu... URL: http://phpwebsite.appstate.edu Phone: 828-262-6493 >Team: >Matt says the link I sent was dead. Try this: >http://softwaredev.earthweb.com/script/article/0,,12063_918141,00.html >Brian _______________________________________________ Phpwebsite-developers mailing list Php...@li... https://lists.sourceforge.net/lists/listinfo/phpwebsite-developers -- Brian W. Brown Director, Electronic Student Services Student Development Room 269, John Thomas Hall Appalachian State University Boone, NC 28608 vox: 828-262-7124 fax: 828-262-2585 L I N U X .~. /V\ // \\ /( )\ ^^-^^ Love the Penguin |
