Came across this on Twitter this morning: http://www.smashingmagazine.com/2011/01/11/keeping-web-users-safe-by-sanitizing-input-data/
Makes some good points about not relying on inputs to be safe. Personally, I've been using PHPIDS (http://php-ids.org/) to provide some extra security in recent projects, and it seems to be working pretty well for that. Does anyone on the list have experience with that library (or doing some bulletproof security protection in general)? The IDS project seems to do a good job of catching several types of XSS attacks, exploits and SQL injections and can be done pretty transparently if set up right. But, it's not perfect -- it seems to occasionally think one of the auto-generated cookies coming from Chrome is an attack, and it may be overkill for some projects that don't have a lot of public facing interfaces. _______________________________________________ UPHPU mailing list [email protected] http://uphpu.org/mailman/listinfo/uphpu IRC: #uphpu on irc.freenode.net
