Re: [PHP] Re: languages and PHP

From: per@xxxxxxxxxxxx (Per Jessen)
Date: Fri, 28 Sep 2007 20:49:05 +0200

Edward Vermillion wrote:

On Sep 28, 2007, at 1:05 PM, Per Jessen wrote:

Ed, your question was a good one, but so was my answer. In my case,
I don't cater to an open community, but to a closed one. If you're
not authenticated, you're not getting anywhere to start with. If you
somehow manage to bypass that, and attempt to submit data I don't
expect, my priority is the survival of my application, nothing else.

But that was my point. Your way, your app may disintegrate at some
uncontrolled point.

As long as it is only the app, it's not a real problem. If it affects
apache, it's a different issue. If the app throws a couple of
unexpected exceptions or something, no big deal.

At least if your checking/validating your input then
you can take control of the situation and insure the "survival of your
application". Otherwise who knows where it will break and what it will
mean when it does.

I agree, but to check for unwanted charactersets and do conversions and
what have you, is way overkill IMOH.

And just because the community is closed, don't drop your guard on
basic security practices. You don't control what comes into your site,
you can only react to it.

I agree - like I said, authentication is required.

/Per
.

References:
- languages and PHP
  - From: Angelo Zanetti
- Re: [PHP] languages and PHP
  - From: David Christopher Zentgraf
- Re: [PHP] languages and PHP
  - From: Per Jessen
- Re: languages and PHP
  - From: Colin Guthrie
- Re: [PHP] Re: languages and PHP
  - From: Edward Vermillion
- Re: [PHP] Re: languages and PHP
  - From: Per Jessen
- Re: [PHP] Re: languages and PHP
  - From: Edward Vermillion
- Re: [PHP] Re: languages and PHP
  - From: tedd
- Re: [PHP] Re: languages and PHP
  - From: Edward Vermillion
- Re: [PHP] Re: languages and PHP
  - From: Per Jessen
- Re: [PHP] Re: languages and PHP
  - From: Edward Vermillion

Prev by Date: Re: [PHP] php 5 soap question
Next by Date: How can I configure some values in iis6 like php_admin_value in httpd.conf ?
Previous by thread: Re: [PHP] Re: languages and PHP
Next by thread: Re: [PHP] Re: languages and PHP
Index(es):
- Date
- Thread

Relevant Pages

Re: Opinion wanted
... the details including the nature of my own app (which you mischaraterized ... correct the current control (provided that control is invalid but invalid ... causes you to validate controls that have already been ... largely discreditted for good reason and has very little use these days. ...
(microsoft.public.dotnet.framework.windowsforms)
RE: Beginners Questions
... We do use Windows form on the presentation layer which is on ... terminal server and call web services on the business logic side. ... of using "proxy" authentication on SQL Server. ... > I have written an app with a Windows Forms UI that is deployed to clients ...
(microsoft.public.dotnet.distributed_apps)
Re: Honestly Curious
... Mac apps do not need this. ... you don't have to run an app at all. ... You don't have to look for the right app to uninstall, ... full control over what is being removed from your HD. ...
(comp.sys.mac.advocacy)
Re: Visual Basic for Autorun?
... If changes are required they can't be specific to one app. ... Obviously this doesn't apply to all usercontrols and should ... everything is in the one language. ... >I've done it fairly extensively and it works quite well as long as you keep good control over it. ...
(microsoft.public.vb.general.discussion)
Authentication Sharing Across Apps
... For my part "B" question that I had (Login App was not returning ... authentication to calling app), I found the solution. ... Basically, in both the Login App and Calling App Web.Config, I did ... authenticated connection with SQL server. ...
(microsoft.public.dotnet.framework.aspnet.security)