Re: [fw-general] Security - Preventing SQL Injections, XSS etc

2009-06-07 Thread Matthew Weier O'Phinney
-- iceangel89 wrote (on Saturday, 06 June 2009, 08:51 PM -0700): > Matthew Weier O'Phinney-3 wrote: > > (In 2.0, we will make escaping the default within Zend_View, and require > > you to explicitly ask for raw data if you don't want escaping.) > > that will be much better! > > hmm sometimes if

Re: [fw-general] Security - Preventing SQL Injections, XSS etc

2009-06-07 Thread till
On Sun, Jun 7, 2009 at 11:12 AM, iceangel89 wrote: > > oh Matthew Weier O'Phinney mentioned that ... i meant when escaping for SQL > this time. Read this first: http://framework.zend.com/manual/en/zend.db.html#zend.db.adapter.quoting Then take a look at this example: http://framework.zend.com/man

Re: [fw-general] Security - Preventing SQL Injections, XSS etc

2009-06-07 Thread iceangel89
oh Matthew Weier O'Phinney mentioned that ... i meant when escaping for SQL this time. vince. wrote: > > You could use > $this->view->escape > -- View this message in context: http://www.nabble.com/Security---Preventing-SQL-Injections%2C-XSS-etc-tp23900449p23909053.html Sent from the Zend

Re: [fw-general] Security - Preventing SQL Injections, XSS etc

2009-06-06 Thread Vadim Gabriel
You could use $this->view->escape On Sun, Jun 7, 2009 at 6:51 AM, iceangel89 wrote: > > > Matthew Weier O'Phinney-3 wrote: > > > > (In 2.0, we will make escaping the default within Zend_View, and require > > you to explicitly ask for raw data if you don't want escaping.) > > > > that will be muc

Re: [fw-general] Security - Preventing SQL Injections, XSS etc

2009-06-06 Thread iceangel89
Matthew Weier O'Phinney-3 wrote: > > (In 2.0, we will make escaping the default within Zend_View, and require > you to explicitly ask for raw data if you don't want escaping.) > that will be much better! hmm sometimes if i have a complex query with joins to alot of tables ... and i dont have

Re: [fw-general] Security - Preventing SQL Injections, XSS etc

2009-06-06 Thread Matthew Weier O'Phinney
-- iceangel89 wrote (on Saturday, 06 June 2009, 03:12 AM -0700): > what do i need to know to develop an app that is relatively safe from common > security issues like SQL Injections, XSS etc etc? > > did i read some where that getRequest()->getParam('something') will be > filtered by default?

[fw-general] Security - Preventing SQL Injections, XSS etc

2009-06-06 Thread iceangel89
what do i need to know to develop an app that is relatively safe from common security issues like SQL Injections, XSS etc etc? did i read some where that getRequest()->getParam('something') will be filtered by default? btw, if something is filtered/escaped for SQL, i need to unescape it for dis