On Sun, Oct 2, 2011 at 02:32, Shlomi Fish <shlo...@shlomifish.org> wrote: > On Sun, 2 Oct 2011 00:07:34 +0300 > "Octavian Rasnita" <orasn...@gmail.com> wrote: > >> Hi, >> >> Does anyone have some suggestions for what restrictions should be used on a >> site to be secure? >> Do you know some sites where I can get information about this subject? >> Most of the text I read said that the variables should be filtered before >> inserting them in DB, but never gave details for what should be filtered. >> > > Well, the SQL injections that you mention are one vector of attack against > web-sites, but are not the only one. See: > > * http://shlomif-tech.livejournal.com/35301.html - my post about Code/Markup > injection and its prevention. > > * http://en.wikipedia.org/wiki/Cross-site_scripting > > * http://en.wikipedia.org/wiki/Cross-site_request_forgery >
since we're on web security, my favorite general purpose reading is: http://code.google.com/p/browsersec/wiki/Main also this (which iirc, some browsers don't or google say are dangerous - there doesn't seem to be any script running on this page - cursory look): http://ha.ckers.org/xss.html ps - i like that 'bobby tables' link - that's just awesome :) i like the run down they give of the proper way to do sql in each language. -- To unsubscribe, e-mail: beginners-unsubscr...@perl.org For additional commands, e-mail: beginners-h...@perl.org http://learn.perl.org/
