Hi All, Just sort of throwing this out there for ideas.. I've been mulling over the idea of creating a method for global input sanitisation... (not validation) ensuring that if the URL and Form variables contain what looks like malicious input, the request is brought to a halt before anything else executes.
The idea is that on any form submission: - Referer is checked to avoid cross site scripting - Variable values are checked for SQL and HTTP Header codes to avoid injection and response splitting I'm going to include a 'whitelist' for either pages or form fieldnames exempt from this check, as well as for valid referers. What else should I be checking? Am I missing some potential problems with this idea? Will the execution time be too costly? .. All thoughts welcome, cheers B. --~--~---------~--~----~------------~-------~--~----~ You received this message because you are subscribed to the Google Groups "cfaussie" group. To post to this group, send email to [email protected] To unsubscribe from this group, send email to [EMAIL PROTECTED] For more options, visit this group at http://groups.google.com/group/cfaussie?hl=en -~----------~----~----~----~------~----~------~--~---
