[Phpmyadmin-devel] guidelines for avoiding security pitfalls
Marc Delisle
marc at infomarc.info
Wed Mar 28 14:37:54 CEST 2012
Le 2012-03-28 04:53, Michal Čihař a écrit :
> Hi
>
> Dne Tue, 27 Mar 2012 22:01:05 +0200
> Dieter Adriaenssens <dieter.adriaenssens at gmail.com> napsal(a):
>
>> As discussed on the team meeting in February, I started creating a
>> wiki page with some guidelines for avoiding security bugs [0].
>> The page is not finished yet, I just set out some ideas, that I will
>> work out in the next few days. Feel free to comment, improve or add
>> guidelines as you see fit.
>>
>> [0] http://wiki.phpmyadmin.net/pma/Security_pitfalls
>
> Thanks, looks great so far!
Yes, thanks. I'm wondering, are there places where we really use
htmlentities() for protection?
Also I think we should talk about PMA_sanitize().
--
Marc Delisle
http://infomarc.info
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 898 bytes
Desc: OpenPGP digital signature
URL: <http://lists.phpmyadmin.net/pipermail/developers/attachments/20120328/04a466cf/attachment.sig>
More information about the Developers
mailing list