Preserved Topic: PHP & Security (Page 1 of 1) $Pages that link to <a href="https://ozoneasylum.com/backlink?for=20999" title="Pages that link to Preserved Topic: PHP &amp; Security (Page 1 of 1)" rel="nofollow" >Preserved Topic: PHP & Security <span class="small">(Page 1 of 1)</span>\$

mr.maX Maniac (V) Mad Scientist From: Belgrade, Serbia Insane since: Sep 2000	posted 07-08-2001 13:36 Recently, I've stumbled across SecureReality web site, and found a few interesting discussions about security in PHP apps... Take a look at these two links: A Study In Scarlet - Exploiting Common Vulnerabilities in PHP Applications Remote command execution vulnerabilities in phpMyAdmin and phpPgAdmin
Dracusis Maniac (V) Inmate From: Brisbane, Australia Insane since: Apr 2001	posted 07-08-2001 14:25 Christ MAX, not only do you always answer my questions but now you answering them before I even get a chance to ask! Thanks for the links.. 'd been my next PHP question.. everybody needs a swamp bear
WarMage Maniac (V) Mad Scientist From: Rochester, New York, USA Insane since: May 2000	posted 07-08-2001 17:51 Great set of links.
Dracusis Maniac (V) Inmate From: Brisbane, Australia Insane since: Apr 2001	posted 07-08-2001 18:39 Arr. Crap.. Now I need to re-write my script. I'm writing a news post script but... Some of the information there went over my head, but by doing this will my script should be secure right? Everything in the script happens through a function() call. All variabules passed from the form are only used in function() calls. There are NO global variabules. All username and password variabules are checked on an equality basis, if false, a die() is called. If true the script continues to run. All database connections and includes only happen inside defined functions. That should pretty much work shouldn't it? everybody needs a swamp bear Edit: Wanted to try out the [list] ubb code/..... [This message has been edited by Dracusis (edited 07-08-2001).]

Preserved Topic: PHP & Security (Page 1 of 1) $Pages that link to <a href="https://ozoneasylum.com/backlink?for=20999" title="Pages that link to Preserved Topic: PHP &amp; Security (Page 1 of 1)" rel="nofollow" >Preserved Topic: PHP & Security <span class="small">(Page 1 of 1)</span>\$

mr.maX
Maniac (V) Mad Scientist

From: Belgrade, Serbia
Insane since: Sep 2000

posted 07-08-2001 13:36

Recently, I've stumbled across SecureReality web site, and found a few interesting discussions about security in PHP apps...

Take a look at these two links:
A Study In Scarlet - Exploiting Common Vulnerabilities in PHP Applications
Remote command execution vulnerabilities in phpMyAdmin and phpPgAdmin

Dracusis
Maniac (V) Inmate

From: Brisbane, Australia
Insane since: Apr 2001

posted 07-08-2001 14:25

Christ MAX, not only do you always answer my questions but now you answering them before I even get a chance to ask!

Thanks for the links.. 'd been my next PHP question..

everybody needs a swamp bear

WarMage
Maniac (V) Mad Scientist

From: Rochester, New York, USA
Insane since: May 2000

posted 07-08-2001 17:51

Great set of links.

Dracusis
Maniac (V) Inmate

From: Brisbane, Australia
Insane since: Apr 2001

posted 07-08-2001 18:39

Arr. Crap.. Now I need to re-write my script.

I'm writing a news post script but...

Some of the information there went over my head, but by doing this will my script should be secure right?

Everything in the script happens through a function() call.
All variabules passed from the form are only used in function() calls.
There are NO global variabules.
All username and password variabules are checked on an equality basis, if false, a die() is called. If true the script continues to run.
All database connections and includes only happen inside defined functions.

That should pretty much work shouldn't it?

everybody needs a swamp bear

Edit: Wanted to try out the [list] ubb code/.....

[This message has been edited by Dracusis (edited 07-08-2001).]