Difference between revisions of "Template:Application Security News"

Revision as of 12:02, 24 May 2006

Custom escaping considered harmful - "Applications using 'ad-hoc methods to "escape" strings going into the database, such as regexes, or PHP3's addslashes() and magic_quotes' are particularly unsafe. Since these bypass database-specific code for safe handling of strings, many such applications will need to be re-written to become secure."

Revision as of 12:01, 24 May 2006 (view source) Jeff Williams (talk \| contribs) ← Older edit		Revision as of 12:02, 24 May 2006 (view source) Jeff Williams (talk \| contribs) Newer edit →
Line 1:		Line 1:
−	* '''[[http://www.newsforge.com/article.pl?sid=06/05/23/2141246 \| Custom escaping considered harmful]]''' - "Applications using 'ad-hoc methods to "escape" strings going into the database, such as regexes, or PHP3's addslashes() and magic_quotes' are particularly unsafe. Since these bypass database-specific code for safe handling of strings, many such applications will need to be re-written to become secure."	+	* '''[http://www.newsforge.com/article.pl?sid=06/05/23/2141246 Custom escaping considered harmful]''' - "Applications using 'ad-hoc methods to "escape" strings going into the database, such as regexes, or PHP3's addslashes() and magic_quotes' are particularly unsafe. Since these bypass database-specific code for safe handling of strings, many such applications will need to be re-written to become secure."