Reply to Re: [PHP] security/sql issues with php

Your name:

Reply:


Posted by Chris Shiflett on 09/22/05 05:13

bruce wrote:
> however, i still don't have a good answer to my question regarding how
> easy (or hard) it is to detect if a query that should have originated
> with your app's form is coming from a 3rd party/external site?
>
> am i missing something here?

Possibly. I think you're missing the fact that every request sent to
your web server comes from a remote site. The requests are sent by your
users, so they come from all over the place.

In general, this isn't a concern. Things like spoofing forms is not
something you can prevent, nor does it matter - our job as developers is
to make users play by our rules. How they choose to do so is irrelevant.

The one exception is CSRF, which I briefly described earlier. The
standard protection against CSRF is to use tokens in your forms, a
technique described in the PHP Security by Example talk:

http://brainbulb.com/talks/php-security-by-example.pdf

Hope that helps.

Chris

--
Chris Shiflett
Brain Bulb, The PHP Consultancy
http://brainbulb.com/

[Back to original message]


Удаленная работа для программистов  •  Как заработать на Google AdSense  •  England, UK  •  статьи на английском  •  PHP MySQL CMS Apache Oscommerce  •  Online Business Knowledge Base  •  DVD MP3 AVI MP4 players codecs conversion help
Home  •  Search  •  Site Map  •  Set as Homepage  •  Add to Favourites

Copyright © 2005-2006 Powered by Custom PHP Programming

Сайт изготовлен в Студии Валентина Петручека
изготовление и поддержка веб-сайтов, разработка программного обеспечения, поисковая оптимизация