Re: [symfony-users] Making Symfony Web Site Secure
Thanks for the reply. I am using CSRF Plugin and enable in filters.yml. Now everytime I click on any link in my web site, I get the error CSRF attack detected. How do I prevent that ? Thanks Deepak On Sat, Dec 12, 2009 at 4:20 AM, Alexandre Salomé < alexandre.sal...@gmail.com> wrote: > An error i've recently discovered : bad credential definition. > > Define some functional tests to check credentials, create paranoid > definition... there are differents technicals to prevent security backdoors. > > 2009/12/11 Augusto Flavio > > Hi, >> >> >> yes, exists anothers kinds of attacks like SQL injection (but the >> symfony prevents it). Another thing that you need pay atention is the >> command injection(exec, system, passthru). A good way to prevents this >> problem is escape the shell output. >> >> >> I believe that with the XSS and CSRF, in most cases, your site will >> be secure. It will depends in what kind of service your application >> provides. >> >> >> >> bye. >> >> >> >> Augusto Morais >> >> -- >> >> You received this message because you are subscribed to the Google Groups >> "symfony users" group. >> To post to this group, send email to symfony-us...@googlegroups.com. >> To unsubscribe from this group, send email to >> symfony-users+unsubscr...@googlegroups.com >> . >> For more options, visit this group at >> http://groups.google.com/group/symfony-users?hl=en. >> >> >> > > > -- > Alexandre Salomé > http://alexandre-salome.fr > > -- > You received this message because you are subscribed to the Google Groups > "symfony users" group. > > To post to this group, send email to symfony-us...@googlegroups.com. > To unsubscribe from this group, send email to > symfony-users+unsubscr...@googlegroups.com > . > For more options, visit this group at > http://groups.google.com/group/symfony-users?hl=en. > -- You received this message because you are subscribed to the Google Groups "symfony users" group. To post to this group, send email to symfony-us...@googlegroups.com. To unsubscribe from this group, send email to symfony-users+unsubscr...@googlegroups.com. For more options, visit this group at http://groups.google.com/group/symfony-users?hl=en.
Re: [symfony-users] Making Symfony Web Site Secure
An error i've recently discovered : bad credential definition. Define some functional tests to check credentials, create paranoid definition... there are differents technicals to prevent security backdoors. 2009/12/11 Augusto Flavio > Hi, > > > yes, exists anothers kinds of attacks like SQL injection (but the > symfony prevents it). Another thing that you need pay atention is the > command injection(exec, system, passthru). A good way to prevents this > problem is escape the shell output. > > > I believe that with the XSS and CSRF, in most cases, your site will > be secure. It will depends in what kind of service your application > provides. > > > > bye. > > > > Augusto Morais > > -- > > You received this message because you are subscribed to the Google Groups > "symfony users" group. > To post to this group, send email to symfony-us...@googlegroups.com. > To unsubscribe from this group, send email to > symfony-users+unsubscr...@googlegroups.com > . > For more options, visit this group at > http://groups.google.com/group/symfony-users?hl=en. > > > -- Alexandre Salomé http://alexandre-salome.fr -- You received this message because you are subscribed to the Google Groups "symfony users" group. To post to this group, send email to symfony-us...@googlegroups.com. To unsubscribe from this group, send email to symfony-users+unsubscr...@googlegroups.com. For more options, visit this group at http://groups.google.com/group/symfony-users?hl=en.
Re: [symfony-users] Making Symfony Web Site Secure
Hi, yes, exists anothers kinds of attacks like SQL injection (but the symfony prevents it). Another thing that you need pay atention is the command injection(exec, system, passthru). A good way to prevents this problem is escape the shell output. I believe that with the XSS and CSRF, in most cases, your site will be secure. It will depends in what kind of service your application provides. bye. Augusto Morais -- You received this message because you are subscribed to the Google Groups "symfony users" group. To post to this group, send email to symfony-us...@googlegroups.com. To unsubscribe from this group, send email to symfony-users+unsubscr...@googlegroups.com. For more options, visit this group at http://groups.google.com/group/symfony-users?hl=en.