Re: Another sanitize Question
why would you even bother trying to find that out? as long as you use h() you dont need to worry about those users they cant do anything if you still want to find that out you would need to check the post data match them against "known" hazard-strings but this is time-consuming and very hard to check on anyway so if i was you i'd drop this idea On 4 Jan., 19:16, "Dave" wrote: > I have asked various questions about data sanitization and I came across > teknoids blog post about the same subject > > read it here:http://teknoid.wordpress.com/2009/08/06/save-now-sanitize-later/ > > I did get the same answer from fellow bakers "no need to sanitize, use h() > and see users trying to do stuff they should not be doing". > > My only question is how do you track users who are attempting to add scripts > or what not? If you have a site with say 2000 users making changes everyday > how do you possibly monitor each edit? How do you find these users other > than going thru everything daily / hourly? Just wondering how would you find > such a user easily in endless list of possible users? > > Thanks, > > Dave Check out the new CakePHP Questions site http://cakeqs.org and help others with their CakePHP related questions. You received this message because you are subscribed to the Google Groups "CakePHP" group. To post to this group, send email to cake-php@googlegroups.com To unsubscribe from this group, send email to cake-php+unsubscr...@googlegroups.com For more options, visit this group at http://groups.google.com/group/cake-php?hl=en
Another sanitize Question
I have asked various questions about data sanitization and I came across teknoids blog post about the same subject read it here: http://teknoid.wordpress.com/2009/08/06/save-now-sanitize-later/ I did get the same answer from fellow bakers "no need to sanitize, use h() and see users trying to do stuff they should not be doing". My only question is how do you track users who are attempting to add scripts or what not? If you have a site with say 2000 users making changes everyday how do you possibly monitor each edit? How do you find these users other than going thru everything daily / hourly? Just wondering how would you find such a user easily in endless list of possible users? Thanks, Dave Check out the new CakePHP Questions site http://cakeqs.org and help others with their CakePHP related questions. You received this message because you are subscribed to the Google Groups "CakePHP" group. To post to this group, send email to cake-php@googlegroups.com To unsubscribe from this group, send email to cake-php+unsubscr...@googlegroups.com For more options, visit this group at http://groups.google.com/group/cake-php?hl=en
Re: Sanitize Question
Doesn't seem like it would be necessary...
The only data that's "dangerous" for your DB is any sort of SQL
exploit, which you are already protected from by the core.
(i.e. the values are escaped before insertion or selection from DB).
On the other hand, you do need to make your data safe in the view...
so that one cannot add malicious javascript as part of the comments,
for example.
cake has a handy function h(), which you can use like: echo h
($someData); ... which will escape HTML chars and prevent script
injection, etc.
On Dec 19, 3:44 pm, Tim wrote:
> I want to sanitize the post before working with it or saving it to the
> database.
>
> Like this:
> App::import('Sanitize');
> $this->data['Upload'] = Sanitize::clean($this->data['Upload']);
> ?>
>
> I have two questions:
> 1) Is this even necessary? Is this going to do anything for me or is
> it already being done?
> 2) After I change "<>$%$" to this "<>$%$" with the
> sanitizer; how do I get it back to "<>$%$" in the view? Is there a
> helper for this?
>
> Any help is appreciated. There are a few other unanswered posts about
> this...
--~--~-~--~~~---~--~~
You received this message because you are subscribed to the Google Groups
"CakePHP" group.
To post to this group, send email to cake-php@googlegroups.com
To unsubscribe from this group, send email to
cake-php+unsubscr...@googlegroups.com
For more options, visit this group at
http://groups.google.com/group/cake-php?hl=en
-~--~~~~--~~--~--~---
Sanitize Question
I want to sanitize the post before working with it or saving it to the database. Like this: data['Upload'] = Sanitize::clean($this->data['Upload']); ?> I have two questions: 1) Is this even necessary? Is this going to do anything for me or is it already being done? 2) After I change "<>$%$" to this "<>$%$" with the sanitizer; how do I get it back to "<>$%$" in the view? Is there a helper for this? Any help is appreciated. There are a few other unanswered posts about this... --~--~-~--~~~---~--~~ You received this message because you are subscribed to the Google Groups "CakePHP" group. To post to this group, send email to cake-php@googlegroups.com To unsubscribe from this group, send email to cake-php+unsubscr...@googlegroups.com For more options, visit this group at http://groups.google.com/group/cake-php?hl=en -~--~~~~--~~--~--~---
