Gossamer Forum
Home : Products : DBMan SQL : Discussion :

Security

Quote Reply
Security
I've recently been reading up on security issues related to html forms.

I am now concerned about dangerous character or code that could be entered into my DBManSQL html forms. Could someone explain what should be done to protect my site from such an attack. (e.g should every field have a regular expression to block certain characters? And if so, what characters?)

Thank you.

Simon.
Quote Reply
Re: [jai] Security In reply to
I think that would probably be overkill and might prove annoying for your users. Besides that, it would be extremely difficult if not impossible to imagine every possible attack and devise a regex to stop it. I use regexes on file upload fields (for obvious security reasons) and sometimes on email or url fields (just to prevent people from omitting the "http://" for example). But, IMHO, one of the advantages of using a script like DBManSQL instead of a custom written script that might be more precisely designed to suit your needs, is that the guys at GT have much more experience than you or I with perl and security issues. Perhaps I'm just being naive, but I'm inclined to trust that all but the most obscure or sophisticated security holes have been plugged by GT before you ever download the script.

Now, I'm assuming that the content in your database is relatively mundane/innocuous. Obviously if you're dealing with highly sensitive or valuable information (e.g. cc numbers, medical records, etc.), then you should get advice from a real security expert and not just some second-rate script hack like me. =)

Fractured Atlas :: Liberate the Artist
Services: Healthcare, Fiscal Sponsorship, Marketing, Education, The Emerging Artists Fund