Part 2 of this article is also worth reading. Here are links
to both:
PHP Security Pt. 1
http://softwaredev.earthweb.com/script/article/0,,12063_918141,00.html
PHP Security Pt. 2
http://softwaredev.earthweb.com/script/article/0,,12063_922871,00.html
Kind Regards,
Brian
-------- Original Message --------
Subject: [Phpwebsite-developers] [Fwd: [Phpws-developers] PHP
Security Revisited]
From: "Matthew McNaney" <ma...@tu...>
To: <php...@li...>
Everyone please read this article. It raises some important
concerns. Namely:
Do not process a user-submitted variable without filtering
it.. EVER.
Make sure user submitted uploads are checked for validity.
Otherwise the file system can pull a sensitive file.
Environment variables can be compromised.
--------------------------------------------------------
Anyway, I identified breaches I have coded in. Let's make
sure that we avoid them in the future.
Matthew McNaney
Internet Systems Architect
Electronic Student Services
Email: ma...@tu...
URL: http://phpwebsite.appstate.edu
Phone: 828-262-6493
>Team:
>Matt says the link I sent was dead. Try this:
>http://softwaredev.earthweb.com/script/article/0,,12063_918141,00.html
>Brian
_______________________________________________
Phpwebsite-developers mailing list
Php...@li...
https://lists.sourceforge.net/lists/listinfo/phpwebsite-developers
--
Brian W. Brown
Director, Electronic Student Services
Student Development
Room 269, John Thomas Hall
Appalachian State University
Boone, NC 28608
vox: 828-262-7124
fax: 828-262-2585
L I N U X
.~.
/V\
// \\
/( )\
^^-^^
Love the Penguin
|
