FUDforum: comp.lang.php » Lilupophilupop

Home » Imported messages » comp.lang.php » Lilupophilupop

Show: Today's Messages :: Polls :: Message Navigator

Re: Lilupophilupop [message #176456 is a reply to message #176441]

Sat, 07 January 2012 17:27

Thomas Mlynarczyk
Messages: 131
Registered: September 2010

Karma:

Senior Member

Jerry Stuckle schrieb:

> Validating all input from the user is just good programming practice.

And properly (!) escaping output (this includes stuff that goes into SQL
queries). As I see it, these two simple measures should prevent 99% of
all security vulnerabilities. I'd be interested in learning about the
remaining 1% though.

> Nothing new here - it just shows there are a lot of programmers out
> there unconcerned with security.

Indeed. But I don't understand why this is so. After all, we're not
talking about the personal homepage of some newbie showing pictures of
his dog and favourite cookie recipes. The problem exists also (if not
especially) with real big professional sites, even sites where security
is paramount (online banking), run by people who should have more than
enough money to pay competent, security-aware programmers to do the job
properly. I just don't get it.

Of course, the worst about this new SQL injection attack is certainly
that ridiculous name "Lilupophilupop".

Greetings,
Thomas

--
Ce n'est pas parce qu'ils sont nombreux à avoir tort qu'ils ont raison!
(Coluche)

Report message to a moderator

[Message index]

		Lilupophilupop By: M. Strobel on Sat, 07 January 2012 12:15
		Re: Lilupophilupop By: Jerry Stuckle on Sat, 07 January 2012 13:15
		Re: Lilupophilupop By: Thomas Mlynarczyk on Sat, 07 January 2012 17:27
		Re: Lilupophilupop By: J.O. Aho on Sat, 07 January 2012 17:52
		Re: Lilupophilupop By: Jerry Stuckle on Sat, 07 January 2012 21:02
		Re: Lilupophilupop By: Peter H. Coffin on Wed, 11 January 2012 00:31
		Re: Lilupophilupop By: M. Strobel on Wed, 11 January 2012 08:29
		Re: Lilupophilupop By: Jerry Stuckle on Wed, 11 January 2012 13:42
		Re: Lilupophilupop By: Erwin Moller on Wed, 11 January 2012 14:23
		Re: Lilupophilupop By: Gregor Kofler on Sat, 07 January 2012 13:28
		Re: Lilupophilupop By: M. Strobel on Sat, 07 January 2012 15:13
		Re: Lilupophilupop By: Thomas 'PointedEars' on Sat, 07 January 2012 17:03
		Re: Lilupophilupop By: Gregor Kofler on Sat, 07 January 2012 19:34
		Re: Lilupophilupop By: M. Strobel on Sun, 08 January 2012 13:53
		Re: Lilupophilupop By: Gregor Kofler on Sun, 08 January 2012 14:27
		Re: Lilupophilupop By: Jerry Stuckle on Sun, 08 January 2012 15:00
		Re: Lilupophilupop By: Gregor Kofler on Sun, 08 January 2012 17:29
		Re: Lilupophilupop By: Jerry Stuckle on Sun, 08 January 2012 20:49
		Re: Lilupophilupop By: Gregor Kofler on Sun, 08 January 2012 21:59
		Re: Lilupophilupop By: Jerry Stuckle on Sun, 08 January 2012 22:38

Previous Topic:	Running function in the background?
Next Topic:	Magic quotes? Should I still be cautious?

Goto Forum:

-=] Back to Top [=-

[ Syndicate this forum (XML) ] [

]

Current Time: Sun Oct 20 06:46:23 GMT 2024

Total time taken to generate the page: 0.05980 seconds