On Sep 28, 2007, at 1:05 PM, Per Jessen wrote:
Edward Vermillion wrote:
I pretty much gave up on the thread when I got the reply along the
lines of "if it breaks something it's their problem, not mine".
Ed, your question was a good one, but so was my answer. In my case, I
don't cater to an open community, but to a closed one. If you're not
authenticated, you're not getting anywhere to start with. If you
somehow manage to bypass that, and attempt to submit data I don't
expect, my priority is the survival of my application, nothing else.
But that was my point. Your way, your app may disintegrate at some
uncontrolled point. At least if your checking/validating your input
then you can take control of the situation and insure the "survival
of your application". Otherwise who knows where it will break and
what it will mean when it does.
And just because the community is closed, don't drop your guard on
basic security practices. You don't control what comes into your
site, you can only react to it.
Ed
--
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php
