Konstantin Rozinov wrote:
Hey guys,
I have a question about logging messages.
Is it safe to log unsanitized, unvalidated user-inputted data into a logfile?
It all depends on how paranoid you are.
Strange text can be toxic to any of the software that processes your
logfiles. For instance, there are some character sequences that can
cause some terminal programs to capture some characters from the screen
and send them back to the command line. Any software that looks at your
log files can potentially have buffer overflows that could be triggered
by them.
_______________________________________________
New York PHP User Group Community Talk Mailing List
http://lists.nyphp.org/mailman/listinfo/talk
http://www.nyphp.org/show_participation.php
