PEAK XOOPS - Re: injection scanner 
Re: injection scanner
Re: injection scanner
msg# 1.3
- depth:
- 1
vaughan
Posts: 37
Posts: 37
interesting i think too, but then you will have to keep updating the list when new methods are found.
personally i think the whitelist approach is best of all. only allow what you want to allow, and prevent anything else.
Gijoe approach with this new db layer is excellent IMO.
I was also looking into DB layer aswell for icms, with the idea of better filtering and making better use of mysql_real_escape_string() instead of having all the addslashes() stripslashes() all over the place. aswell as SQL Prepared Statements instead of current methods. other filters such as PHP 5 native filter_var() & filter_input() etc
personally i think the whitelist approach is best of all. only allow what you want to allow, and prevent anything else.
Gijoe approach with this new db layer is excellent IMO.
I was also looking into DB layer aswell for icms, with the idea of better filtering and making better use of mysql_real_escape_string() instead of having all the addslashes() stripslashes() all over the place. aswell as SQL Prepared Statements instead of current methods. other filters such as PHP 5 native filter_var() & filter_input() etc
Votes:11
Average:6.36
Posts tree
-
injection scanner
(onasre, 2009/3/2 14:04)
-
Re: injection scanner
(Mikhail, 2009/3/18 19:39)
-
Re: injection scanner
(GIJOE, 2009/4/3 12:50)
-
Re: injection scanner
(vaughan, 2009/4/5 1:03)
-
Re: injection scanner
(GIJOE, 2009/4/11 18:08)
-
-
Re: injection scanner
(vaughan, 2009/4/12 9:29)
-
Re: injection scanner
(GIJOE, 2009/4/12 17:58)
-
-
Re: injection scanner
(onasre, 2009/4/30 13:58)
-
Re: injection scanner
(GIJOE, 2009/5/3 6:32)
-
-
Login