Well no credit needed, not like it's 100,000 lines of code, hehe. Just some simple "secure programming advice". I see soooo many code examples posted on some of the webmaster resource sites, and I always feel bad because I know there just must be a ton of webmasters that aren't code monkeys who just copy/paste the code assuming there's nothing wrong with it.Originally Posted by Chilihost
I need to start a "Validate Your Variables" awareness week!
As just a little side note: There ARE a lot of things that can be done on the server level to help mitigate SOME of the problems that can be caused, such as SQL injection. Those of you that host with ChiliHost are pretty safe from many of those, as if I remember correctly, he installs mod_security on all of the boxes he runs (something that unfortunately not a lot of hosts do).
Something like mod_security won't protect you from cross site scripting and vulnerabilities like that however, but it does make it considerably more difficult for some of the more nasty nasties being done through scripts.
Reply With Quote
Bookmarks