At 12:29 PM -0400 9/9/06, Robert Cummings wrote:
On Sat, 2006-09-09 at 12:12 -0400, Mark Charette wrote:
As a senior member of the software QC department in a major industrial
company, I generally find more errors and omissions in validation
routines during code reviews and ethical hacks than anywhere else.
http://en.wikipedia.org/wiki/Appeal_to_authority
Where's Tedd, he's got the latin to go with the above link >:)
Cheers,
Rob.
Rob:
Don't throw me in that briar patch. I know the
saying "Locus ab auctoritate est infirmissimus"
may appear to fit, but I think in this case "se
méfier de l'eau qui dort" is better.
Besides:
A) I was the one that started this fire storm.
B) Mark came in and backed me up.
C) Stu, who respect greatly, surprisingly waded in on the other side.
Now, I stand cowardly between two opinions not
wanting to offend either, nor embarrass myself
publicly, which I do often enough anyway.
However with that said, my original question/statement still stands.
I realize (AS WE ALL DO), that *all* data coming
from outside *must* be sanitized -- BUT -- using
$_REQUEST still does not provide as much
information as to where the data came from as the
use of $_GET, $_POST, and $_COOKIE -- that's an
unarguable fact, is it not?
This thread was like an old-west circled wagon
train with everyone inside expounding about the
obvious dangers of an Indian attack* but failing
to listen to some who are saying "They're
attacking from the West", while arguing it's not
important to know which way the attack comes. I
think some just misread the point of the post.
tedd (as he scurries around to the east side of a rock while dodging arrows)
*In keeping with current Political correctness,
it was an US "Indian" attack -- also note the
attack was from the West and not from the East.
:-)
--
-------
http://sperling.com http://ancientstones.com http://earthstones.com
--
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php
