Ravens PHP Scripts: Forums
 

 

View next topic
View previous topic
Post new topic   Reply to topic    Ravens PHP Scripts And Web Hosting Forum Index -> Security - PHP Nuke
Author Message
montego
Site Admin


Joined: Aug 29, 2004
Posts: 9453
Location: Arizona

PostPosted: Wed Nov 15, 2006 11:23 am Reply with quote

I have to agree with technocrat. When you filter data coming OUT of the database, then you have tied the hands of the admin as to what they can do with their site content. I know that this goes against the "common wisdom" out there in "security land", and I have read several very good books on PHP Security and web security in general.

IMO, one needs to be 100% certain of what gets INTO the database - i.e., ensuring no "garbage in". If you want to add 3rd party add-ons, you, as the site owner/admin, are responsible to ensure these do not open up security holes.

Like I said, this is JMO, and does not follow conventional security wisdom, but I do not believe in putting on "content hand-cuffs" on the site admin.

_________________
Only registered users can see links on this board! Get registered or login!
Only registered users can see links on this board! Get registered or login! 
View user's profile Send private message Visit poster's website
Display posts from previous:       
Post new topic   Reply to topic    Ravens PHP Scripts And Web Hosting Forum Index -> Security - PHP Nuke

View next topic
View previous topic
You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot vote in polls in this forum
You can attach files in this forum
You can download files in this forum


Powered by phpBB © 2001-2007 phpBB Group
All times are GMT - 6 Hours
 
Forums ©