[documentation] PHP snippets (once again)
Heine Deelstra
info at ustilago.org
Sun May 7 16:09:10 UTC 2006
On Sun, 07 May 2006 17:51:08 +0200, Kieran Lal <kieran at civicspacelabs.org>
wrote:
> How about a write page called common security flaws in snippets. In
> the Drupal community we spend more time explaining coding style then we
> do teaching new users how to avoid security flaws in contributed modules
> or in snippets. Security awareness has to become part of the culture
> and that means explaining security vulnerabilities in public and
> educating the community.
>
> Cheers,
> Kieran
Good idea. If I'm not mistaken, many module authors would also benefit
from this. I imagine several short points with links to more verbose pages
(such as http://drupal.org/node/28984: How to handle text in a secure
fashion).
I think the snippet pages are a great asset to the community, and while we
tell people to look carefully at the snippets before using, I think we
must protect people that don't know much about php & security.
I've reviewed 45 snippets right now:
22 ok
22 not ok (6 XSS, 2 SQL injection, rest access restriction bypass)
1 uncertain
1 duplicates drupal functionality
More information about the documentation
mailing list