Re: Need Security info for php
by Kid Stevens <Kidstevens(at)comcast.net>
|
Date: |
Mon, 01 Jul 2002 23:06:07 -0600 |
To: |
Tenley Shewmake <ts(at)awebresource.com>, HWG Techniques <hwg-techniques(at)hwg.org> |
References: |
awebresource |
|
todo: View
Thread,
Original
|
|
In the source of the form page all form input boxes have the text input
boxes limited in size. If the customers are not to use html or Java in the
boxes then save the file as text. Parse the output text file with Perl or
Java to hunt and strip < >, /, \, and = characters from the file. If they
exceed a certain number of characters or xk of file size then auto dump the
document. While you are at it use whatever to record their source IP
address and time marker in the form output.
Then use Java or Perl to re-save the good files as whatever you want it to be.
At 7:46 PM -0700 7/1/02, Tenley Shewmake wrote:
>
>There are a lot of text inputs and I don't know what would happen if a
>prankster were to add code, or the best way to prevent this.
>
>I think I want to restrict the size of the file that gets created, so no
>one could paste in a huge blob of stuff and cause problems.
>--
>Best Regards,
>
>Tenley
>
>Tenley Shewmake, Webmaster Alterra Furniture
>http://www.awebresource.com/furniture/
>ts(at)awebresource.com
--
Sincerely,
Kid Stevens
"One of the profound miracles of the human brain is our capacity for memory"
-Jean Houston
HWG hwg-techniques mailing list archives,
maintained by Webmasters @ IWA