03-18-2008, 06:25 PM
|
#9 (permalink)
|
|
The Acquainted
Join Date: Nov 2007
Posts: 166
Thanks: 0
|
Recently there was a long debate on a local PHP mailing list which I'm subscribed to. The only argument that was valid against using $_REQUEST was the variables getting over written. Exploits using $_REQUEST can be done just as easily through $_GET, $_POST, or $_COOKIE. Sanitize your data and run your checks.
VB, phpBB and probably a lot more large scripts use $_REQUEST.
Quote:
Originally Posted by Village Idiot
Exploitation to be a security risk would be really difficult, unless you have the source of the script. Here is a scenario that it could happen in.
You are passing an ID variable though POST, the script generated that number after authenticating the other stuff. Point is, the POST variable is secure. You go though the process and edit the row with that ID. All the user would have to do to edit another row is set a cookie with the same name and a different ID. $_REQUEST will process the value of the cookie.
|
You could write a script that submits the data as POST. Cookie or not it doesn't really matter. You should be checking to see if the person actually has the ability to do the action before doing the action. You don't have to use the forms within the program to submit data.
Quote:
Originally Posted by abiko
Nowdays everything is crawling with script kiddies and XSS maniacs - just remember the whole story with phpBB about two years ago when they were having major security issues.
|
That has nothing to do with $_REQUEST though.
__________________
Eric
|
|
|
|