 Registration, Security? |
|
ISO Image
Creator
Registration, Security?
Jan 24 2006, 11:39 AM
Post
#1
Themer
Group: Members
Posts: 120
Joined: 17-March 05
From: England
Member No.: 29,841
United Kingdom
Just wondering how much security I would need while registering members. Which characters shall I not allow? Or just replace the dangerous ones with their ascii versions?
Replies
(1 - 2)
Feb 6 2006, 08:21 PM
Post
#2
Administrator
Group: Admin
Posts: 10,302
Joined: 9-February 03
From: Jacksonville, FL
Member No.: 1
United States
Hello....this is an end-all debate really.
Firstly, replace backticks ` - they're used in XSS attacks.
Replace hex entities, they are almost never used for valid reasons, so assume if you see them they are XSS attacks. By hex entities, I mean like
k
Yes, you can do html entities that way, and IE parses them....
Also, any characters that would ever be used for bbcode should probably get replaced, or they can break bbcode.
i.e. [ ] | ' " ;
and so on.
It's very hard to say the right combination. Just be careful of what you DO allow...
Feb 7 2006, 11:15 AM
Post
#3
Themer
Group: Members
Posts: 120
Joined: 17-March 05
From: England
Member No.: 29,841
United Kingdom
Thanks dude, sounds good.
Where've you been man? Sure took a while 
2 User(s) are browsing this forum (2 Guests and 0 Anonymous Users)
0 Members:
Lo-Fi Version
Time is now: 23rd May 2012 - 09:39 PM
Webber Enhanced skin created by Im4eversmart of RuneHQ.
