Everyone please read this article. It raises some important concerns.
Namely:
Do not process a user-submitted variable without filtering it.. EVER.
Make sure user submitted uploads are checked for validity. Otherwise the
file system can pull a sensitive file.
Environment variables can be compromised.
--------------------------------------------------------
Anyway, I identified breaches I have coded in. Let's make sure that we
avoid them in the future.
Matthew McNaney
Internet Systems Architect
Electronic Student Services
Email: ma...@tu...
URL: http://phpwebsite.appstate.edu
Phone: 828-262-6493
>Team:
>Matt says the link I sent was dead. Try this:
>http://softwaredev.earthweb.com/script/article/0,,12063_918141,00.html
>Brian
|
