Vertraue niemals Benutzereingaben. Einführung

Kommentieren Jul 23 2009

 

Hier mal eine kleine Einführung wie man Benutzereingaben von einem Formular aus filter und sicherstellen kann, das diese nichts falsches machen.

This article is an attempt to show how input from web based forms can be dealt with safely. The first and most fundamental rule in security is ‘NEVER TRUST USER INPUT’. Just in case this is not entirely clear, lets go over it again.. ‘NEVER TRUST USER INPUT’. Whether it be by user stupidity or an attack from a malicious user, every piece of information you get from userland should be treated as suspect. Only by vigilantly adhering to this policy will your scripts and information be secure.

The second rule deals with a legacy from earlier PHP versions.
Never, ever, ever, ever use register globals
PHP now has super globals and it is HIGHLY recommended to use them.
This article is by no means a complete security run down, simply and explanation of a single facet of securing your scripts. At the absolute least, variables must be checked for type and length. In this tutorial we will take some user input from a web form, put it into a database and email the user a message thanking them for their input.



Validating user input in PHP By Kevin Waterson

Banana
out.