SitePoint Sponsor

User Tag List

Results 1 to 7 of 7
  1. #1
    SitePoint Addict
    Join Date
    Feb 2001
    Posts
    302
    Mentioned
    0 Post(s)
    Tagged
    0 Thread(s)

    Security of forms?

    Is it correct that you need to strip certain tags out of the replies you get in forms, because hackers or whoever can send javacript etc in the form and hack your site/server?

    If this is correct does anyone know what tags I need to strip from the replies?

    Thanks in advance.

  2. #2
    SitePoint Enthusiast
    Join Date
    Jul 2001
    Posts
    51
    Mentioned
    0 Post(s)
    Tagged
    0 Thread(s)
    I would recommend using SSL on your site and adding a PGP key when sending e-mails.
    PalmVersa Communications
    PalmVersa.com
    ICQ# 120775841

  3. #3
    SitePoint Zealot
    Join Date
    Apr 2001
    Location
    Toronto, Ontario, Canada, Earth
    Posts
    138
    Mentioned
    0 Post(s)
    Tagged
    0 Thread(s)
    what type of security are you talking about and what data is being submitted with your form? are you referring to sending sensitive data like credit card info, or is it for something like a public forum? by the way, javascript can't be used to hack into a server because it's a client-side technology.

    Jason Weinstein
    http://www.MaximumEdge.com/

  4. #4
    SitePoint Member m0by's Avatar
    Join Date
    Sep 2001
    Location
    Earth
    Posts
    8
    Mentioned
    0 Post(s)
    Tagged
    0 Thread(s)
    You can strip SHTML tags so that no one can use that to hack your Perl/CGI scripts. I don't know much JavaScript or PHP but should be some security risks involved.
    -- m0by

  5. #5
    Yugo full of anvils bronze trophy hillsy's Avatar
    Join Date
    May 2001
    Location
    :noitacoL
    Posts
    1,859
    Mentioned
    0 Post(s)
    Tagged
    0 Thread(s)
    Yes, it is possible to use JavaScript or even straight HTML to screw up a site thru a form submission.

    Have a look at

    http://hotwired.lycos.com/webmonkey/00/18/index3a.html
    that's me!
    Now A Pom. And a Plone Nut
    Broccoli Martinez Airpark

  6. #6
    SitePoint Addict
    Join Date
    Feb 2001
    Posts
    302
    Mentioned
    0 Post(s)
    Tagged
    0 Thread(s)
    Thanks hillsy that was exactly what I was looking for.

  7. #7
    Yugo full of anvils bronze trophy hillsy's Avatar
    Join Date
    May 2001
    Location
    :noitacoL
    Posts
    1,859
    Mentioned
    0 Post(s)
    Tagged
    0 Thread(s)
    You're welcome
    that's me!
    Now A Pom. And a Plone Nut
    Broccoli Martinez Airpark


Bookmarks

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •