|
-
May 14th, 2007, 12:00 AM
#6
It basically boils down to:
1. Don't pass any string directly into SQL without appropriate escaping - ideally use prepared queries
2. Audit use of dangerous functions such as eval(), system() etc, VERY bloody carefully.
There are other attacks you might want to consider as well:
- XSS - consider using a framework to automatically escape HTML in your output (e.g. if using a templating system like smarty)
- CSRF - consider using a framework which provides CSRF protection
Mark
Similar Threads
-
By Tuskin in forum General Programming Questions
Replies: 3
Last Post: November 16th, 2004, 07:53 AM
-
By HDD in forum Other Tutorials Forum
Replies: 2
Last Post: February 1st, 2004, 08:05 PM
-
By BIOSHazardX in forum AntiOnline's General Chit Chat
Replies: 1
Last Post: March 6th, 2003, 09:35 PM
-
By uraloony in forum Other Tutorials Forum
Replies: 5
Last Post: July 2nd, 2002, 03:16 AM
Posting Permissions
- You may not post new threads
- You may not post replies
- You may not post attachments
- You may not edit your posts
-
Forum Rules
|
|
Reply With Quote