ljr/livejournal/doc/raw/ljp.book/prog-guide/security.xml

<chapter id="ljp.prog-guide.security">
  <title>Security</title>
  <itemizedlist>
    <title>Security</title>
    <listitem>
      <para>
        All GET/POST form values go into %FORM into BML, but check <function>LJ::did_post()</function> on critical actions.  GET requests can be easily spoofed, or hidden in images, etc.
      </para>
    </listitem>
    <listitem>
      <para>
        Never read in arbitrary amounts of input
      </para>
    </listitem>
    <listitem>
      <para>
        Never use unsanitized data in a command or SQL
      </para>
    </listitem>
  </itemizedlist>
</chapter>
init 2019-02-05 21:49:12 +00:00			`<chapter id="ljp.prog-guide.security">`
			`<title>Security</title>`
			`<itemizedlist>`
			`<title>Security</title>`
			`<listitem>`
			`<para>`
			`All GET/POST form values go into %FORM into BML, but check <function>LJ::did_post()</function> on critical actions. GET requests can be easily spoofed, or hidden in images, etc.`
			`</para>`
			`</listitem>`
			`<listitem>`
			`<para>`
			`Never read in arbitrary amounts of input`
			`</para>`
			`</listitem>`
			`<listitem>`
			`<para>`
			`Never use unsanitized data in a command or SQL`
			`</para>`
			`</listitem>`
			`</itemizedlist>`
			`</chapter>`