[FX.php List] [OFF] Filemaker Web Security?

Gjermund Gusland Thorsen ggt667 at gmail.com
Fri Sep 5 15:44:40 MDT 2008


Just a habit, if you are to check for content in authentication fields,
and characters outside [A-Z][a-z][0-9]

ggt667

2008/9/5 Joel Shapiro <jsfmp at earthlink.net>:
> Do you mean setting the index language to unicode within FMP field
> definitions?
>
> I realize that that can help with Case-Sensitivity, but how could it help
> with email addresses?  (since the =="xx" seems to allow for appropriate use
> of @ symbols)?
>
> -Joel
>
>
> On Sep 5, 2008, at 12:43 PM, Gjermund Gusland Thorsen wrote:
>
>> And using unicode for language for the password field as well as
>> unicode for the username; if it's an email, also helps.
>>
>> ggt
>>
>> 2008/9/5 Troy Meyers <tcmeyers at troymeyers.com>:
>>>
>>> Joel,
>>>
>>> Thanks for the acknowledgment. Yes, testing with the two characters "* is
>>> a shocker!
>>>
>>> -Troy
>>>
>>>
>>>> Whoa, thanks Troy!
>>>>
>>>> I know this list has bandied about on using double-equal '==' and
>>>> quotes, a la:
>>>>
>>>>  '=="'.$_POST['user_name'].'"'
>>>>
>>>> as safe for logins, but read Troy's last line (below).  Then try
>>>> entering a valid username and then "* (double-quote asterisk) as the
>>>> password on a site where you've used that structure!
>>>>
>>>> It seems using preg_replace() at LEAST to strip double-quotes is
>>>> really necessary afterall!
>>>>
>>>> Thanks Troy,
>>>>
>>>> -Joel
>>>
>>> _______________________________________________
>>> FX.php_List mailing list
>>> FX.php_List at mail.iviking.org
>>> http://www.iviking.org/mailman/listinfo/fx.php_list
>>>
>> _______________________________________________
>> FX.php_List mailing list
>> FX.php_List at mail.iviking.org
>> http://www.iviking.org/mailman/listinfo/fx.php_list
>
> _______________________________________________
> FX.php_List mailing list
> FX.php_List at mail.iviking.org
> http://www.iviking.org/mailman/listinfo/fx.php_list
>


More information about the FX.php_List mailing list