Re: FN-FORUM: PHP PostData security

date posted 29th May 2007 18:29

> Sorry Anthony, on both points you have failed to understand the outcome
> of this long thread - particularly on the second point. Feedback on this
> subject has been based on a lot of failure to understand.

It was actually the start of the thread that I failed to understand :)

> Disconnecting logic and methods from the client/business/data tier is
> just that - whole disconnection. Noting of security flaws can get
> through.

Well, I suppose if you completely separate everything, but then getting
user-supplied data into the system isn't going to be very easy ;)

> I repeated what I meant about $_SESSION variables but there is still a
> failure ad nauseum to pick up that I do not, and would never, advocate
> dumping request variables into a session variable.

Good, I thought you were, for a moment, based on the first few posts. That
was what I was worried about.

> I couldn't resist having a look at some of the websites produced by
> critics

One of the joys of the web :) Although well-written (X)HTML doesn't
necessarily mean secure code (or vice versa).

Cheers!

Anthony
--
www.fonant.com - Quality web sites