[Date Prev][Date Next][Thread Prev][Thread Next][Interchange by date ][Interchange by thread ]

[ic] cleanliness of session values

Subject: [ic] cleanliness of session values
From: interchange-users@icdevgroup.org (Kevin Walsh)
Date: Mon Nov 18 21:37:00 2002
In-reply-to: <001001c28f5d$6f19fda0$0a01000a@badtzmaru.com>

Jeff Dafoe [jeff@badtz-maru.com] wrote:
> 
> Is it OK to take something from the CGI hash and assign it to the Values
> hash?  I want to confirm that the data in the values hash is considered to
> be tainted user input and that I do not need to perform any sanitization
> prior to assigning user data to it.
> 
"CGI" and "values" can both be tainted by user-supplied CGI values.
If you want to ensure that your data cannot be tainted then use the
scratch space instead.

-- 
   _/   _/  _/_/_/_/  _/    _/  _/_/_/  _/    _/
  _/_/_/   _/_/      _/    _/    _/    _/_/  _/   K e v i n   W a l s h
 _/ _/    _/          _/ _/     _/    _/  _/_/    kevin@cursor.biz
_/   _/  _/_/_/_/      _/    _/_/_/  _/    _/

References:
- [ic] cleanliness of session values
  - From: interchange-users@icdevgroup.org (Jeff Dafoe)

Prev by Date: [ic] most viewed items report
Next by Date: re[2]: [ic] promotion diplays price not sale_price
Previous by thread: [ic] cleanliness of session values
Next by thread: [ic] 404 Error upon Secure Page
Index(es):
- Date
- Thread