Secure for everyone and everything can not be done in any system of a decent size. In practice, there is always a point where the cost of closing a potential hole will be so high that you'd be better off not implementing the feature.
For instance: do you want to protect yourself against users putting up "illegal" content? (yes, there is such a thing, at least where I live)
Other example: what about DOS attacks?
It's a matter of risk vs usability vs cost of implementation. You really should read the OWASP guide if you want to know about more potential problemns.
Joost
| [reply] |
| [reply] |
secure for everyone and everything...
Nope. Just to name one thing, people could write huge articles, or include images that uncompressed take a large enough amount of memory that the displaying system runs out of memory.
lets say that the only security bugs are the ones described above
So, what does that mean for the answer of "does my script have some hole"? Figure that one out, and you have figured out the answer to "if someone knew the code of my scripts you think he could find some hole".
Abigail
| [reply] |
by saying
"if someone knew the code of my scripts you think he could find some hole"
i meant if someone knew my script's structure , would he be capable to expoit the problems i described above...
so far, after your replies i think problem 2 is ok, but i have to add some check for problem 1.
| [reply]
[d/l] |
by saying "if someone knew the code of my scripts you think he could find some hole" i meant if someone knew my script's structure , would he be capable to expoit the problems i described above...
- Please next time, write what you mean, and don't write something else. That saves people time.
- Maybe he's able to exploit the problem, maybe not. Why take the risk?
Abigail
| [reply] |