TiM-SE

Member Since 07 Apr 2007
Offline Last Active Jan 13 2012, 08:47

Find content

About Me

osCommerce Forums is one angry place. People throw too much dirt on eachother for being constructive. That's why I rarely attend to any discussions. I'm too busy from throwing pies around.

Community Stats

Group Community Member
Active Posts 14 (0.01 per day)
Most Active In Security (7 posts)
Profile Views 9,404
Age Age Unknown
Birthday Birthday Unknown
Real Name
TiM
Gender
Male

Contact Information

Website URL http://www.tim-international.net

2 Neutral

Friends

Posts I've Made

In Topic: [TiM's] Safer Database Input Method

13 May 2011, 18:15

Safer Database Input Method is not purposely developed for being an Anti XSS contribution. Of all the thounsands of columns in mysql not many are purposely made for storing html content. I wouldn't say anyone is but several people use products_description for this, which is convenient. Of course you can instead plug all vulnerabilitites i.e. whos online vulnerability, or any other core functions or add-ons letting users post form data to database.

But instead of the method Allow from all - deny from some, and relying on the scripts to clean input, this reverses the method Deny from all, allow from some.

Website owners who have experience from spam links, hotlinked images, or malicious code knows the headache from this if users posts html code to script.

So instead of spending days making sure all scripts passing data cleans input from undesired content, you can use this 5 min add-on.

I am aware that some may find this useful and some may not, just like any other add-on.