On Thu, Feb 28, 2008 at 3:14 PM, Sean <[EMAIL PROTECTED]> wrote: > Joshua, > > Simply by saying that it's more secure because it's more > standardized and better code design, doesn't make it more secure, if you > can be hacked with request, you can be hacked by post and get too. > Standards in this case adds no more security than using tabs in your > code versus spaces. I do agree that it's the better practice overall, > but that doesn't mean it's more secure, just better written. > > You need to dive into security more, then, because better written code is almost always more secure. It's easier to maintain; and problems with maintaining code are one of the biggest reasons web applications get broken into.
Let's take my overwriting the cookie example. If you're doing operations where you're cleansing the $_REQUEST code, and I can override $_REQUEST with a cookie setting and bypass your validation, where are you at now? Easily maintainable code and easily readable code is, inherently, more secure than unmaintainable code and unreadable code. dw -- - http://stderr.ws/ "Insert pseudo-insightful quote here." - Some Guy _______________________________________________ UPHPU mailing list [email protected] http://uphpu.org/mailman/listinfo/uphpu IRC: #uphpu on irc.freenode.net
