Re: PHP

From: Nathan Cook (security@pcsedu.com)
Date: 08/22/01

Previous message: Antonomasia: "Re: appropriate security restrictions for untrusted client-side code?"
In reply to: teo@gecadsoftware.com: "Re: PHP"
Next in thread: David Wheeler: "Re: PHP"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

Message-ID: <011901c12b4c$d5b36fe0$a300000a@pcsedu.com>
From: "Nathan Cook" <security@pcsedu.com>
To: <secprog@securityfocus.com>
Subject: Re: PHP
Date: Wed, 22 Aug 2001 14:55:51 -0600

From: <teo@gecadsoftware.com>
> One can use a MVC model, and have only one entry in the site to do the
> `dispatching'. That entry can do proper checkings and all.

It seems to me like it would be extremely simple to create an auto prepend
script (http://www.zend.com/zend/spotlight/prepend.php#Heading3) and just have
that run before every page is processed to set the variables or unset the
variables that are suspect. That way no matter what page they entered on, you
could regulate it.

Nathan Cook
ncook@pcsedu.com

Previous message: Antonomasia: "Re: appropriate security restrictions for untrusted client-side code?"
In reply to: teo@gecadsoftware.com: "Re: PHP"
Next in thread: David Wheeler: "Re: PHP"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

Relevant Pages

Re: PHP
... >> One can use a MVC model, and have only one entry in the site to do the ... That entry can do proper checkings and all. ... > It seems to me like it would be extremely simple to create an auto prepend ...
(SecProg)
Re: Unchecked_Conversion and task pointer.
... you should definitely use an interface. ... > could be then implemented by an entry. ... > beginning if the intent is to have a dispatching entry Who_Am_I called ... no one can figure out how a dispatching requeue could work - it couldn't ...
(comp.lang.ada)