[Catalyst] Input/Parameter Checks
Mesdaq, Ali
amesdaq at websense.com
Thu Dec 13 21:21:44 GMT 2007
Anyone have some suggestions or references to good modules or best
practices in this regards? This is mainly in regards to using these
inputs in sql queries or other areas where common attacks against web
applications happen. I wonder in the catalyst world what best practices
are. Would it be a catalyst plugin that would best fit that role or a
module that gets used in the controller possibly maybe just some code in
the model? It just feels like its one of those things that has been
solved by someone else way better than I would have done it and I am
just not aware of it. Kinda like when I wrote my own logging module
because at the time I didn't find a good one then I stumble accross
log4perl and realize how badly I wasted my time!
Thanks,
------------------------------------------
Ali Mesdaq (CISSP, GIAC-GREM)
Security Researcher II
Websense Security Labs
http://www.WebsenseSecurityLabs.com
------------------------------------------
Protected by Websense Messaging Security ? www.websense.com
More information about the Catalyst
mailing list