Edward Vermillion wrote: > On Sep 28, 2007, at 1:05 PM, Per Jessen wrote: >> >> Ed, your question was a good one, but so was my answer. In my case, >> I don't cater to an open community, but to a closed one. If you're >> not authenticated, you're not getting anywhere to start with. If you >> somehow manage to bypass that, and attempt to submit data I don't >> expect, my priority is the survival of my application, nothing else. >> > > But that was my point. Your way, your app may disintegrate at some > uncontrolled point. As long as it is only the app, it's not a real problem. If it affects apache, it's a different issue. If the app throws a couple of unexpected exceptions or something, no big deal. > At least if your checking/validating your input then > you can take control of the situation and insure the "survival of your > application". Otherwise who knows where it will break and what it will > mean when it does. I agree, but to check for unwanted charactersets and do conversions and what have you, is way overkill IMOH. > And just because the community is closed, don't drop your guard on > basic security practices. You don't control what comes into your site, > you can only react to it. I agree - like I said, authentication is required. /Per -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
