Re: [symfony-users] Making Symfony Web Site Secure

2009-12-11 Thread DEEPAK BHATIA
Thanks for the reply.

I am using CSRF Plugin and enable in filters.yml.

Now everytime I click on any link in my web site, I get the error CSRF
attack detected.

How do I prevent that ?

Thanks

Deepak

On Sat, Dec 12, 2009 at 4:20 AM, Alexandre Salomé <
alexandre.sal...@gmail.com> wrote:

> An error i've recently discovered : bad credential definition.
>
> Define some functional tests to check credentials, create paranoid
> definition... there are differents technicals to prevent security backdoors.
>
> 2009/12/11 Augusto Flavio 
>
> Hi,
>>
>>
>> yes, exists anothers kinds of attacks like SQL injection (but the
>> symfony prevents it). Another thing that you need pay atention is the
>> command injection(exec, system, passthru). A good way to prevents this
>> problem is escape the shell output.
>>
>>
>> I believe that with the XSS and CSRF, in most cases,  your site will
>> be secure. It will depends in what kind of service your application
>> provides.
>>
>>
>>
>> bye.
>>
>>
>>
>> Augusto Morais
>>
>> --
>>
>> You received this message because you are subscribed to the Google Groups
>> "symfony users" group.
>> To post to this group, send email to symfony-us...@googlegroups.com.
>> To unsubscribe from this group, send email to
>> symfony-users+unsubscr...@googlegroups.com
>> .
>> For more options, visit this group at
>> http://groups.google.com/group/symfony-users?hl=en.
>>
>>
>>
>
>
> --
> Alexandre Salomé
> http://alexandre-salome.fr
>
> --
> You received this message because you are subscribed to the Google Groups
> "symfony users" group.
>
> To post to this group, send email to symfony-us...@googlegroups.com.
> To unsubscribe from this group, send email to
> symfony-users+unsubscr...@googlegroups.com
> .
> For more options, visit this group at
> http://groups.google.com/group/symfony-users?hl=en.
>

--

You received this message because you are subscribed to the Google Groups 
"symfony users" group.
To post to this group, send email to symfony-us...@googlegroups.com.
To unsubscribe from this group, send email to 
symfony-users+unsubscr...@googlegroups.com.
For more options, visit this group at 
http://groups.google.com/group/symfony-users?hl=en.




Re: [symfony-users] Making Symfony Web Site Secure

2009-12-11 Thread Alexandre Salomé
An error i've recently discovered : bad credential definition.

Define some functional tests to check credentials, create paranoid
definition... there are differents technicals to prevent security backdoors.

2009/12/11 Augusto Flavio 

> Hi,
>
>
> yes, exists anothers kinds of attacks like SQL injection (but the
> symfony prevents it). Another thing that you need pay atention is the
> command injection(exec, system, passthru). A good way to prevents this
> problem is escape the shell output.
>
>
> I believe that with the XSS and CSRF, in most cases,  your site will
> be secure. It will depends in what kind of service your application
> provides.
>
>
>
> bye.
>
>
>
> Augusto Morais
>
> --
>
> You received this message because you are subscribed to the Google Groups
> "symfony users" group.
> To post to this group, send email to symfony-us...@googlegroups.com.
> To unsubscribe from this group, send email to
> symfony-users+unsubscr...@googlegroups.com
> .
> For more options, visit this group at
> http://groups.google.com/group/symfony-users?hl=en.
>
>
>


-- 
Alexandre Salomé
http://alexandre-salome.fr

--

You received this message because you are subscribed to the Google Groups 
"symfony users" group.
To post to this group, send email to symfony-us...@googlegroups.com.
To unsubscribe from this group, send email to 
symfony-users+unsubscr...@googlegroups.com.
For more options, visit this group at 
http://groups.google.com/group/symfony-users?hl=en.




Re: [symfony-users] Making Symfony Web Site Secure

2009-12-11 Thread Augusto Flavio
Hi,


yes, exists anothers kinds of attacks like SQL injection (but the
symfony prevents it). Another thing that you need pay atention is the
command injection(exec, system, passthru). A good way to prevents this
problem is escape the shell output.


I believe that with the XSS and CSRF, in most cases,  your site will
be secure. It will depends in what kind of service your application
provides.



bye.



Augusto Morais

--

You received this message because you are subscribed to the Google Groups 
"symfony users" group.
To post to this group, send email to symfony-us...@googlegroups.com.
To unsubscribe from this group, send email to 
symfony-users+unsubscr...@googlegroups.com.
For more options, visit this group at 
http://groups.google.com/group/symfony-users?hl=en.