REQUEST: database security issues in PHP manual

From: "Gyozo Papp" <gerzson(at)php(dot)net>
To: pgsql-admin(at)postgresql(dot)org
Subject: REQUEST: database security issues in PHP manual
Date: 2002-01-07 17:50:33
Message-ID: a1cn33$16h0$1@news.tht.net
Views: Raw Message | Whole Thread | Download mbox | Resend email
Thread:
Lists: pgsql-admin


Hello,

I' m currently working with the PHPDOC team on maintaining and
keeping up-to-date the PHP manual. I proposed in the PHPDOC
list to include some information about database security issues.
It aims to be an introduction into the very basics of how to
access and manipulate databases within PHP scripts. (the SQL
injection was that started up this idea.)

If you have any spare time to write a short paragraph or expose
a commonly used bad practise which can be hascked easily or
knowing a site or page that's worth reading it, please let me
know!

I hope you may share your valuable knowledge about this topic,
because I'm not a security professional who has been around a
very lot (but not a newbie).

I' m about to gather as much information as possible to
formulate the startings.

As an ex member of this mailing list I expect your proposals,
but please note that the primary goal of this article will be
an overview about how to use _any database_ in a _web based_
application what to allow and what to resist, not specifically
PostgreSQL. However I'm happy to receive such information, too.
(I've personally never used anything else but postgres :))
If a reasonable amount of tips and hints were received related
to postgres, then a database specific section would be opened
in the PHP manual, too.

Best regards,

--
Gyozo Papp
- gerzson(at)php(dot)net PS please CC me your replies!

Responses

Browse pgsql-admin by date

  From Date Subject
Next Message Jodi Kanter 2002-01-07 21:01:43 granting all to user
Previous Message Peter Eisentraut 2002-01-06 05:18:44 Re: libcrypt problem