From: shawn wilson > On Sun, Oct 2, 2011 at 02:32, Shlomi Fish <shlo...@shlomifish.org> wrote: >> On Sun, 2 Oct 2011 00:07:34 +0300 >> "Octavian Rasnita" <orasn...@gmail.com> wrote: >> >>> Hi, >>> >>> Does anyone have some suggestions for what restrictions should be used on a >>> site to be secure? >>> Do you know some sites where I can get information about this subject? >>> Most of the text I read said that the variables should be filtered before >>> inserting them in DB, but never gave details for what should be filtered. >>> >> >> Well, the SQL injections that you mention are one vector of attack against >> web-sites, but are not the only one. See: >> >> * http://shlomif-tech.livejournal.com/35301.html - my post about Code/Markup >> injection and its prevention. >> >> * http://en.wikipedia.org/wiki/Cross-site_scripting >> >> * http://en.wikipedia.org/wiki/Cross-site_request_forgery >> > > since we're on web security, my favorite general purpose reading is: > http://code.google.com/p/browsersec/wiki/Main > > also this (which iirc, some browsers don't or google say are dangerous > - there doesn't seem to be any script running on this page - cursory > look): > http://ha.ckers.org/xss.html >
For general guidelines and tools, take a look at the OWASP Projects at <http://www.owasp.org/>. Bob McConnell -- To unsubscribe, e-mail: beginners-unsubscr...@perl.org For additional commands, e-mail: beginners-h...@perl.org http://learn.perl.org/
