All being said here is really good. One extra tip, usually you don't want to make filters for things you don't want like: antiInjection, antiXSS, antiXXXXX, since attackers usually find new ways to attack your site.
So my recommendation is to take the inverse approach, that means check that each field has what you expect it to have. If is a numeric field validate that only numbers comes in it, if is an alphanumeric id validate it only contains letters and numbers, and so forth. This will give you much better specially when same filters apply to all fields you end up making them less strict to allow different variation work
Also even though your application filters SQL inejection the attacker can still take your site down if the query is heavy, so make sure you limit your slow queries and use the proper caching
-
Are you posting in the right place? Check out Where do I post X? to know for sure.
-
Posts may use any of the Perl Monks Approved HTML tags. Currently these include the following:
<code> <a> <b> <big>
<blockquote> <br /> <dd>
<dl> <dt> <em> <font>
<h1> <h2> <h3> <h4>
<h5> <h6> <hr /> <i>
<li> <nbsp> <ol> <p>
<small> <strike> <strong>
<sub> <sup> <table>
<td> <th> <tr> <tt>
<u> <ul>
-
Snippets of code should be wrapped in
<code> tags not
<pre> tags. In fact, <pre>
tags should generally be avoided. If they must
be used, extreme care should be
taken to ensure that their contents do not
have long lines (<70 chars), in order to prevent
horizontal scrolling (and possible janitor
intervention).
-
Want more info? How to link
or How to display code and escape characters
are good places to start.
|
