>Why would one choose CodeCleaner over URLScan for scanning requests?
I would feel very jittery about giving up urlscan. Its a powerful
tool. I suppose if you pass a lot of urlencoded data via the url you
could eventually hit a snag. However I try to minimize what I expose
over a url so this may be part of why I've never experienced a
problem. As a result of the thread you mentioned I expanded my use of
CodeCleaner to scrub url strings with no ill effects.
>wouldn't URLScan include those in it's scan once the user submits the
form (even if it's
>a post submission)?
a POST-type form variable isn't passed via the url, so I would think
URLScan would miss it completely... unless there's something in
URLScan that I'm unaware of that scrubs POST (non-url) form vars?
Haven't read the docs on that in quite awhile.
>What information in the request is not scanned by URL Scan?
Anything that isn't in the url, subject to the above caveat, but I'm
pretty sure URLScan does exactly -- and only -- what its name implies.
--
--Matt Robertson--
MSB Designs, Inc.
[Todays Threads] [This Message] [Subscription] [Fast Unsubscribe] [User Settings] [Donations and Support]
