[thelist] PHP help needed
Paul Bennett
Paul.Bennett at wcc.govt.nz
Mon Nov 28 20:04:51 CST 2005
Hi Flavia,
Your approach is basically ok, although you've already raised some security issues.
Getting the username via the $_POST array and then outputting into the html code will give the user the images provided they have the right image name and path.
One thong you do want to be careful of is checking the value that is supplied as $username.
Basically this *may* form the basis of a security exploit if you don't check it and could be the start of people doing nasty things to your application.
<tip type="Web Application security">
OWASP has some very good, in-depth security whitepapers for download.
Read and become paranoid today, rather than very sorry in the future.
http://www.owasp.org/index.jsp
Chris Shiflett has a good, short book entitled 'Essential PHP Security' which is also highly recommended
http://www.amazon.com/gp/product/059600656X/103-9143050-4754204?v=glance&n=283155&n=507846&s=books&v=glance
</tip>
More information about the thelist
mailing list