NYCPHP Meetup

NYPHP.org

[nycphp-talk] Managing form data with PHP

David Mintz david at davidmintz.org
Thu Dec 13 12:53:00 EST 2007


Once upon a time someone said it was a security risk to echo back $_POST
data unconditionally, even if you escape it, and even though you are only
showing them the very thing they just submitted to you. But I forget what
that risk was. Maybe I misremember.

I suppose if someone were to submit a string the length of War and Peace, it
would squander bandwidth if you sent it back without truncating, but is that
a true security risk?

-- 
David Mintz
http://davidmintz.org/

The subtle source is clear and bright
The tributary streams flow through the darkness
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.nyphp.org/pipermail/talk/attachments/20071213/81f61e83/attachment.html>


More information about the talk mailing list