http://www.cafuego.net/taxonomy/term/30 The taxonomy view with a depth of 0. en http://www.cafuego.net/2007/11/29/osdc-4 <p>Well, as it turns out Rasmus Lerdorfs filter made apache segfault, so I've disabled it again. XSS indeed!</p> <p>On a lighter note, this work of art was created last night during the OSDC dinner:<a href="http://www.youtube.com/watch?v=NfVL_4uRLSo"> http://www.youtube.com/watch?v=NfVL_4uRLSo</a> <!--break--></p> http://www.cafuego.net/2007/11/29/osdc-4#comments conference open source osdc php rasmus is evil silly Thu, 29 Nov 2007 17:07:28 +1100 cafuego 19 at http://www.cafuego.net http://www.cafuego.net/2007/11/28/osdc-3 <p>Well, as it turns out there is a ready-made fix to some of the horrid inser-input-filtering problems I - and probably any PHP coder - encounter.</p><p>This morning was the first time I saw Rasmus Lerdorf speak and, although his views on web security want me to give up coding in general and become a potato farmer more specifically, he did point out some tools to make it a lot harder for a macilious user to abuse any web app you write. </p><p>The pecl <em>filter</em> module contains ready-made data validation and input filtering functions that you can relatively easily stick on the top of any page that takes user input and impose some saniation. Additionally, you can force a default filter on <em>all</em> GPC vars.</p><p>A short but helpful tutorial is available at <a href="http://devzone.zend.com/node/view/id/1113" target="_blank">http://devzone.zend.com/node/view/id/1113</a>&nbsp;</p> http://www.cafuego.net/2007/11/28/osdc-3#comments conference open source osdc php Wed, 28 Nov 2007 12:59:27 +1100 cafuego 18 at http://www.cafuego.net http://www.cafuego.net/2007/11/27/osdc-2 Hot news right off the press: PHP6 will include Chuck Norris! http://www.cafuego.net/2007/11/27/osdc-2#comments conference open source osdc php Tue, 27 Nov 2007 13:51:49 +1100 cafuego 17 at http://www.cafuego.net