What about the combination of POST method driven forms and REFERER filtering? It seems to be trustable at least against external attacks (we couldn't stop a CSS attack comming from inside this way and), right?! William Slow2Show wrote: > In-Reply-To: <OF6FCFDC2A.59A56994-ON03256BAD.006A1C06at_private> > >>Much if has said in holes of Cross Site Scripting. > > > > > Yep...some even say "too much" and argue that it isn't > > a "real security hole", but if you've had your admin cookie > > stolen on a forum then you would say otherwise. > > > > >>Happily, language PHP supplies to the programmer a great > > > function to > > >>prevent that this happens > > > > > yep PHP can handle input sanitizing very well...hopefully > > all new webApp langs will have sanitizing functionality > > built into their frameworks...(MS actually does in asp.net) > > > > I suggest you check out the webAppSec list, the OWASP > > project, and cgisecurity.com for more info. > > http://online.securityfocus.com/archive/107 > > http://www.owasp.org > > http://www.cgisecurity.com > > > > Take care, > > > > -Slow2Show- >
This archive was generated by hypermail 2b30 : Fri May 03 2002 - 10:34:37 PDT