This site is the archived OWASP Foundation Wiki and is no longer accepting Account Requests.
To view the new OWASP Foundation website, please visit https://owasp.org
Difference between revisions of "Template:Application Security News"
From OWASP
| Line 1: | Line 1: | ||
* '''[http://www.newsforge.com/article.pl?sid=06/05/23/2141246 Custom escaping considered harmful]''' - "Applications using 'ad-hoc methods to "escape" strings going into the database, such as regexes, or PHP3's addslashes() and magic_quotes' are particularly unsafe. Since these bypass database-specific code for safe handling of strings, many such applications will need to be re-written to become secure." | * '''[http://www.newsforge.com/article.pl?sid=06/05/23/2141246 Custom escaping considered harmful]''' - "Applications using 'ad-hoc methods to "escape" strings going into the database, such as regexes, or PHP3's addslashes() and magic_quotes' are particularly unsafe. Since these bypass database-specific code for safe handling of strings, many such applications will need to be re-written to become secure." | ||
| + | * '''[http://www.cioupdate.com/article.php/3608391 You can teach an old developer]''' - "Quote" | ||
| + | |||
| + | <!-- | ||
* '''[http://link Snarky headline]''' - "Quote" | * '''[http://link Snarky headline]''' - "Quote" | ||
| + | --> | ||
Revision as of 21:40, 24 May 2006
- Custom escaping considered harmful - "Applications using 'ad-hoc methods to "escape" strings going into the database, such as regexes, or PHP3's addslashes() and magic_quotes' are particularly unsafe. Since these bypass database-specific code for safe handling of strings, many such applications will need to be re-written to become secure."
- You can teach an old developer - "Quote"
