[Phpwm] Fnuction to calculate a formula
Phil Beynon
phil at infolinkelectronics.co.uk
Tue Dec 4 14:56:48 GMT 2007
> As we are all justifiably paranoid about users pumping malicious input
> into eval() wouldn't it be best/safest to calculate these relatively
> simple sums using JavaScript instead?
>
> Pete
On a lot of little sites it probably doesn't matter a fig, but if that site
grows organically to a larger site it could have exploitable holes all over
it. So a lot of the design side is about getting a mindset that covers
possibilities for abuse and using good programming techniques that
minimise the holes.
Some people do have javascript turned off, so that wouldn't allow a fallback
easily.
This is one of the reasons I don't really like using huge chunks of other
peoples code and frameworks since you can build in identifiable
vunerabilities.
For the best security the best approach is using a FORTH type programming
technique where the entire sitewide code block is a function built of
functions, that way as soon as a vunerability becomes known it can be
overcome via altering only one function.
Phil
No virus found in this outgoing message.
Checked by AVG Free Edition.
Version: 7.5.503 / Virus Database: 269.16.13/1169 - Release Date: 03/12/2007
22:56
More information about the Phpwm
mailing list