Sebetulnya sih untuk mencegah XSS patokannya bukan terbatas di session register aja, intinya anda ngga menggunakan variabel luar yg berisi nama file secara langsung, jadi ada filter dulu. Contoh:
http://www.situsanda.com/index.php?page=profil.php (url semacam ini bisa terjadi XSS. sangat tidak disarankan) sebaiknya urlnya dirubah menjadi: http://www.situsanda.com?index.php?page=profil nanti di halaman index.php bikin filter misalnya: if $_GET["page"]=="profil" {include"profil.php";} else {echo"Maaf halaman yang anda tuju tidak tersedia";} - - - - - - - - - - - - - - - - - Acho Learns to Write - - - - - - - - - - - - - - - - - http://muhadkly.net ========================================================= ----- Original Message ----- From: gofur brente To: ITCENTER@yahoogroups.com Sent: Thursday, October 04, 2007 2:43 PM Subject: Re: [ITCENTER] Tanya XSS?? ok masalah teratasi...ternyata ada variabelnya yang tidak di session_register sebelumnya....sekarang tinggal masalah selanjutnya SQL injection...ok terima kasih yach... -- www.itcenter.or.id - Komunitas Teknologi Informasi Indonesia Gabung, Keluar, Mode Kirim : [EMAIL PROTECTED] Yahoo! Groups Links <*> To visit your group on the web, go to: http://groups.yahoo.com/group/ITCENTER/ <*> Your email settings: Individual Email | Traditional <*> To change settings online go to: http://groups.yahoo.com/group/ITCENTER/join (Yahoo! ID required) <*> To change settings via email: mailto:[EMAIL PROTECTED] mailto:[EMAIL PROTECTED] <*> To unsubscribe from this group, send an email to: [EMAIL PROTECTED] <*> Your use of Yahoo! Groups is subject to: http://docs.yahoo.com/info/terms/
