ok terima kasih banyak...wah kayanya anda sangat mahir juga...thanks for support..nanti klo ada masalah lagi saya akan post messagge lagi...thanks ya keep on <? echo"PHP"; ?>..hehehhe
--- In ITCENTER@yahoogroups.com, "Acho" <[EMAIL PROTECTED]> wrote: > > Sebetulnya sih untuk mencegah XSS patokannya bukan terbatas di session > register aja, intinya anda ngga menggunakan variabel luar yg berisi nama > file secara langsung, jadi ada filter dulu. Contoh: > > http://www.situsanda.com/index.php?page=profil.php (url semacam ini bisa > terjadi XSS. sangat tidak disarankan) > > sebaiknya urlnya dirubah menjadi: > > http://www.situsanda.com?index.php?page=profil > > nanti di halaman index.php bikin filter misalnya: > > if $_GET["page"]=="profil" {include"profil.php";} > > else > {echo"Maaf halaman yang anda tuju tidak tersedia";} > > > > > - - - - - - - - - - - - - - - - - > Acho Learns to Write > - - - - - - - - - - - - - - - - - > http://muhadkly.net > > > ========================================================= > ----- Original Message ----- > From: gofur brente > To: ITCENTER@yahoogroups.com > Sent: Thursday, October 04, 2007 2:43 PM > Subject: Re: [ITCENTER] Tanya XSS?? > > > ok masalah teratasi...ternyata ada variabelnya yang tidak di > session_register sebelumnya....sekarang tinggal masalah selanjutnya SQL > injection...ok terima kasih yach... > -- www.itcenter.or.id - Komunitas Teknologi Informasi Indonesia Gabung, Keluar, Mode Kirim : [EMAIL PROTECTED] Yahoo! Groups Links <*> To visit your group on the web, go to: http://groups.yahoo.com/group/ITCENTER/ <*> Your email settings: Individual Email | Traditional <*> To change settings online go to: http://groups.yahoo.com/group/ITCENTER/join (Yahoo! ID required) <*> To change settings via email: mailto:[EMAIL PROTECTED] mailto:[EMAIL PROTECTED] <*> To unsubscribe from this group, send an email to: [EMAIL PROTECTED] <*> Your use of Yahoo! Groups is subject to: http://docs.yahoo.com/info/terms/