| Issue 51: | Lock down on pages that accept direct HTTP Requests | |
| 1 person starred this issue and may be notified of changes. | Back to list |
Sign in to add a comment
|
Each page needs to be secured by allowing only HTTP request vars once an "entry point" variable has been set. Variable set only at allowed entry points from the user. Examples are like install.php, login.php, admin/index.php, etc. Sweep entire application, identify pages that should allow direct input from web client. Begin to minimize the amount of pages that allow direct input. Analyze each request string and add security checks to make sure each is getting the data we expect and nothing more. |
||||||||||
,
Oct 26, 2008
(No comment was entered for this change.)
Status: AfterTheNextRelease
Owner: --- Labels: -Priority-Critical -Security Priority-Low |
|||||||||||
| ► Sign in to add a comment | |||||||||||
