Instead of re-inventing the wheel, I suggest taking a look at some of
the code written by others. This is a common problem to any web developer.
One example would be CakePHP's Sanitize class:
http://api.cakephp.org/1.2/sanitize_8php-source.html
Chris Shiflett's blog has a lot of resources on PHP security:
http://shiflett.org/
- Brian
[email protected] wrote:
Hello and Greetings,
I have just been reviewing a script that says its a PHP firewall. It
is using an array with 250 elements that are all basically subsets of
code and injections that hackers use to break into sites. I could
easily take this array and create a preg_match test but was wondering
at what point pattern matching gets unmanageable or impractical. This
script looks a lot like .htaccess using mod rewrite to block badguys.
I would appreciates some feedback on this, what is the rest of the
world using to block or intercept bad guy injection attacks?
--
realm3 web applications [realm3.com]
Information architecture, application development.
phone: (917) 512-3594
fax: (440) 744-3559
_______________________________________________
New York PHP User Group Community Talk Mailing List
http://lists.nyphp.org/mailman/listinfo/talk
http://www.nyphp.org/show_participation.php
