[FX.php List] [OFF] Filemaker Web Security?
Gjermund Gusland Thorsen
ggt667 at gmail.com
Sat Sep 6 01:04:26 MDT 2008
It's is simple to avoid "FileMaker XML RPC injections" you make sure
WPE and web server is on 2 different machines, and you block access to
WPE from the outside world, but open for the web server.
ggt
2008/9/6 Dale Bengston <dbengston at tds.net>:
> Yes. Besides the malicious use of "sql injections" and such, people copy
> text from word files, emails, and just about everywhere else and paste it in
> your input fields. (This is a good thing - people shouldn't have to
> re-type.) If they have curly quotes, or other high-ascii stuff, and their
> document uses different encoding than your site, weird things can result.
> Better to catch it and wash the data before it hits your tables.
>
> Dale
>
> On Sep 5, 2008, at 2:21 PM, Joel Shapiro wrote:
>
>> As to my question "Do people here do that on *all* submittable
>> fields?...", the "that" I'd meant was filtering the fields in PHP before
>> submission to FM, e.g. using htmlentities(), strip_tags(), etc. Do people
>> do *that* on all submittable fields?
>
> _______________________________________________
> FX.php_List mailing list
> FX.php_List at mail.iviking.org
> http://www.iviking.org/mailman/listinfo/fx.php_list
>
More information about the FX.php_List
mailing list