<quote who="Wade Preston Shearer"> > i'd like some expounding on this as well... > > do i need worry about security if i'm not doing anything secure or any > credit card stuff?
Yes. > if i'm just using php to display dynamic content in templates, are > there big > security issues that i need to consider? Depends, but probably: yes. Your biggest concern is when you receive user input, and then display that input in the form of HTML later. A user could embed malicious JavaScript or some variant that performs unfavorable actions. Consider this hypothetical example: On a singles site, registerd users can send eachother messages. If I embed JavaScript in a message and send it to another user, when they view my message, my JavaScript executes. And it executes with all their permissions. So, I could write code to go change their password (by submitting a form) and/or mail me their user name. This sort of code could be brewed up in a few sall hours. You can see the repurcussions. If you don't take any user input, then your only major concern is keeping your PHP up to date. --Dave ____________________ BYU Unix Users Group http://uug.byu.edu/ ___________________________________________________________________ List Info: http://phantom.byu.edu/cgi-bin/mailman/listinfo/uug-list
