[WEB SECURITY] question about anti-xss applicability of PHP's …
Posted on June 2, 2008 - Filed Under security | Leave a Comment
Hi all,I’ve been trusting PHP’s htmlentities() to escape to HTML for a long time now on several customer site and I want to be sure that it’s secure. I am specifying UTF-8 as my charset in XHTML headers, so I don’t think alternative …
Read More..>>Lets examine security.
Posted on May 28, 2008 - Filed Under security | Leave a Comment
Encode all posts or user inputed data. You’ll have to sanitize user input, by disabling users the ability to put HTML tags & Javascript on pages, this is called escaping. Javascript escape(); Parse all HTML data as to make sure code …
Read More..>>How To Request A Ticket Using QlikView’s HTTP Server
Posted on May 27, 2008 - Filed Under programming | Leave a Comment
responseText.substring(18,58); } function ShowTicket() { var ticket = GetTicket(); alert(ticket); } function GoPlugin() { var ticket = GetTicket(); window.open(”/QvPlugin/opendoc.htm?document=”+ escape(document. …
Read More..>>Wordpress Gallery - Nasty PHP Authentication Handling
Posted on May 9, 2008 - Filed Under filtering input | Leave a Comment
Easy transparent PHP input filtering I have been working on a site that will have potentially quite a few random third parties accessing it and inserting data into a MySQL database. I am thus quite keen on a good solid input filtering …
Read More..>>Easy transparent PHP input filtering
Posted on March 25, 2008 - Filed Under filtering input | Leave a Comment
I am thus quite keen on a good solid input filtering method for PHP to prevent things like XSS and SQL Injection. There are several options out there, of the ones I found Inspekt is about the closest match to my way of working, …
Read More..>>[Privacy] Re: Tor, IP privacy?
Posted on January 1, 1970 - Filed Under Input Filtering | Leave a Comment
This is however, *both* input filtering and output filtering. You are input filtering the content that will later (presumably) be output to the user, and output filtering the SQL query. As for me, I prefer output filtering. Why? …
Read the original: [Privacy] Re: Tor, IP privacy?
Security Corner: SQL Injection
Posted on January 1, 1970 - Filed Under Input Filtering | Leave a Comment
Input Filtering. This article assumes magic_quotes_gpc is disabled. If it is enabled, you can disable it or use the fix_magic_quotes() function to repair the input. There are best practices that you should follow to prevent SQL …
Excerpt from:Security Corner: SQL Injection
Ceramic Input Capacitors Can Cause Overvoltage Transients
Posted on January 1, 1970 - Filed Under Input Filtering | Leave a Comment
When it comes to input filtering, ceramic capacitors are a great choice. They offer high ripple current rating and low ESR and ESL . Also, ceramic capacitors are not very sensitive to over voltage and can be used without derating the …
Read the rest here: Ceramic Input Capacitors Can Cause Overvoltage Transients
PHP Advent Calendar Day 13
Posted on January 1, 1970 - Filed Under Input Filtering | Leave a Comment
Because we\’re a MySpace-like social network, we have to base our input filtering of certain fields on a blacklist of illegal tags, properties, and URLs instead of a whitelist of allowed tags (which is more common among many libraries). …
Credit:PHP Advent Calendar Day 13
Ed Finkler's Blog: Inspekt 0.3 now available
Posted on January 1, 1970 - Filed Under Input Filtering | Leave a Comment
I\’ve uploaded the 0.3 release of Inspekt, the input filtering and validation library for PHP4 and 5. With this release, Inspekt completes the goals of the original specification for the OWASP SpoC007 project. …
See the rest here: Ed Finkler's Blog: Inspekt 0.3 now available