ljr/livejournal/doc/raw/ljp.book/prog-guide/security.xml

21 lines
603 B
XML
Raw Normal View History

2019-02-05 21:49:12 +00:00
<chapter id="ljp.prog-guide.security">
<title>Security</title>
<itemizedlist>
<title>Security</title>
<listitem>
<para>
All GET/POST form values go into %FORM into BML, but check <function>LJ::did_post()</function> on critical actions. GET requests can be easily spoofed, or hidden in images, etc.
</para>
</listitem>
<listitem>
<para>
Never read in arbitrary amounts of input
</para>
</listitem>
<listitem>
<para>
Never use unsanitized data in a command or SQL
</para>
</listitem>
</itemizedlist>
</chapter>