michael.vancann...@wisa.be wrote: > > > On Mon, 27 Feb 2012, ik wrote: > >> Hello, >> >> I'm thinking now to use fpweb for a web application I need to build, >> but the application is going to be over the internet, and I'm >> interesting in knowing about few security issues that are supported or >> not. >> >> Does it have any CSRF protection ? >> What other if any security tools does it have ? >> > > None. It is a HTTP handling framework. Other than Basic Authentication on > the web server level, HTTP does not offer security mechanisms, and > therefor > none are implemented in FPweb either.
HTTP doesn't really address security, but a web framework can provide some security, such as SQL escaping to prevent sql injection, along with URL escaping to prevent URL injection through url variables. Using SQL prepared statements instead of regular sql queries should help, but I've heard that even SQL prepared statements can be injected. CSRF protection.. that's a good question.. this guy has an interesting article and blog comments on it: http://www.codinghorror.com/blog/2008/10/preventing-csrf-and-xsrf-attacks.html _______________________________________________ fpc-pascal maillist - fpc-pascal@lists.freepascal.org http://lists.freepascal.org/mailman/listinfo/fpc-pascal
