RE: [PHP] Re: [PHP-WIN] Re: [PHP] Re: Question on virus/worms

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



> 
> Seak, Teng-Fong wrote:
> > No, I don't deserve anything because, as I've written in the
> > original post (but I suppose you didn't notice), the website is
> > outsourced and made by a 3rd company.

Then you should be having this conversation with the 3rd party.  They need
to validate *EVERY* bit of data that comes into the script from outside.
This includes items passed on the URL, POSTed items, uploaded files, etc.
You CANNOT TRUST that your URL has not been tampered with, regardless of the
scripting language you use (ASP, PHP, JSP, etc)  If they do not validate the
inputted data, they have problems like you have seen.

Relying on register_globals is taboo.  Any competent PHP programmer knows
that, and likely has known it for a long time.

>      I know ASP and JSP, but not PHP.  I've not got much time 
> to invest
> into this.

Sounds like you need a good consultant.  My rates are reasonable.  ;-)

JM

-- 
PHP Windows Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php


[Index of Archives]     [PHP Home]     [PHP Users]     [PHP Database Programming]     [PHP Install]     [Kernel Newbies]     [Yosemite Forum]     [PHP Books]

  Powered by Linux