[Phpmyadmin-devel] guidelines for avoiding security pitfalls

Marc Delisle marc at infomarc.info
Wed Mar 28 14:37:54 CEST 2012

Le 2012-03-28 04:53, Michal Čihař a écrit :
> Hi
> Dne Tue, 27 Mar 2012 22:01:05 +0200
> Dieter Adriaenssens <dieter.adriaenssens at gmail.com> napsal(a):
>> As discussed on the team meeting in February, I started creating a
>> wiki page with some guidelines for avoiding security bugs [0].
>> The page is not finished yet, I just set out some ideas, that I will
>> work out in the next few days. Feel free to comment, improve or add
>> guidelines as you see fit.
>> [0] http://wiki.phpmyadmin.net/pma/Security_pitfalls
> Thanks, looks great so far!

Yes, thanks. I'm wondering, are there places where we really use
htmlentities() for protection?

Also I think we should talk about PMA_sanitize().

Marc Delisle

-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 898 bytes
Desc: OpenPGP digital signature
URL: <http://lists.phpmyadmin.net/pipermail/developers/attachments/20120328/04a466cf/attachment.sig>

More information about the Developers mailing list