Security tutorial request

Теги: Security

GHengeveld	#12501 14.05.2009 19:52
Team Thanked: 52 рази	Basic security for you plugin is provided by following these rules: - Use the SED_CODE check as the first line of your plugin code - ALWAYS use the sed_import() function for importing http request parameters (don't forget to use the right datatype and use the optional maxlenght if applicable) - Use sed_sql_prep() function in SQL statements, or cast using (int) for integer values (usually IDs) - Try to use Cotonti's core functions (see functions.php and database.mysql.php) instead of your own as much as possible, this includes using functions that replace default php functions such as sed_sql_query (mysql_query()) - Don't trust ANY data given by a user, always expect data to be unsafe - Don't do anything stupid A tutorial might be a good thing to have though.
Відредаговано: Koradhil (14.05.2009 20:01, 15 років тому)

GHengeveld

#12501 14.05.2009 19:52

Basic security for you plugin is provided by following these rules:

- Use the SED_CODE check as the first line of your plugin code

- ALWAYS use the sed_import() function for importing http request parameters (don't forget to use the right datatype and use the optional maxlenght if applicable)

- Use sed_sql_prep() function in SQL statements, or cast using (int) for integer values (usually IDs)

- Try to use Cotonti's core functions (see functions.php and database.mysql.php) instead of your own as much as possible, this includes using functions that replace default php functions such as sed_sql_query (mysql_query())

- Don't trust ANY data given by a user, always expect data to be unsafe

- Don't do anything stupid

A tutorial might be a good thing to have though.

Відредаговано: Koradhil (14.05.2009 20:01, 15 років тому)