FUDforum: comp.lang.php » Sanitizing user input

Home » Imported messages » comp.lang.php » Sanitizing user input

Show: Today's Messages :: Polls :: Message Navigator

Re: Sanitizing user input [message #169893 is a reply to message #169884]

Wed, 29 September 2010 13:47

Web Dreamer
Messages: 13
Registered: September 2010

Karma:

Junior Member

Jerry Stuckle a écrit ce mercredi 29 septembre 2010 12:57 dans
<i7v63r$7hh$1(at)news(dot)eternal-september(dot)org> :

> On 9/29/2010 4:01 AM, Web Dreamer wrote:
>> We are talking about "web applications", not "web sites".
>> Small companies can not afford more servers than employees to host web
>> apps (not web sites) useful for their employees.
>> See my other reply in this thread.
>>
>
> That is true. And even small companies want their site to provide one
> consistent interface. What you have is a bunch of different
> applications thrown together with no consistency between them.

Depends, some can be consistent, but will "require" different logins and
separate sessions.

Some not.

i.e. an application may be accessed ONLY by HR, and you do not want the HR
to be automatically logged in this application (for security reasons) if
he/she's logged in another application : you separate session handling (but
can be linked to same user database)
handling sessions separately does not mean you have to separate everything.
This makes sure you are not logged in an application automatically after
having logged in another, if you want separate sessions for security
reasons.

Explain why you would have inconsistency?

Choosing consistency depends on the target and usage of the application, and
can require to be totally separated concerning session handling even with
consistency. I was only mentioning session handling.

> No
> business which knows anything about the internet would want such on
> their site. And only a code hacker would build such a site.

No,

Another example different from the one above:

A shopkeeper can have two companies:
A shoe shop
A flower shop
two different entities.
They share one same server (same boss, different legal entities, and
employees).
You SURELY do not want to mix anything together! But the owner of the shops
can afford only one server (2 or 3 employees in each shop), and you
configure vhosts on the server.

Are you really sure you want top mix this?
I seriously doubt it.

Do you know any small business who would want to have mixed employee
logins/accountability with another small business?
Honestly... no...
But sometimes they share a same "physical" server (same owner for the 2
shops)

>> Once you choose a session.name, you keep the same for the whole web app
>> of course (otherwise everything would brake).
>> What I mean is that for a "new app" you need a "new session.name" and you
>> will keep this same session.name for the whole application of course.
>>
>> If you do not think of choosing a session.name for an application when
>> you create it, and that you are asked to install this application on a
>> server which already runs other applications (not sites), you risk
>> clashes if they all use the same session.name.
>>
>
> And you still run that same risk because some other application may have
> chosen the same name. If you must separate your information, you should
> use some prefix for your session array keys.

There is much less risk, but indeed you are right about adding also a
prefix.

And again, separating sessions does not necessarily mean separating
information.

Sometimes you want things totally separated.
Sometimes only "sessions" to be separated.

And it's the one who pays you who decides.

--
Web Dreamer

Report message to a moderator

[Message index]

		Sanitizing user input By: MikeB on Fri, 24 September 2010 05:42
		Re: Sanitizing user input By: Helmut Chang on Fri, 24 September 2010 07:59
		Re: Sanitizing user input By: MikeB on Fri, 24 September 2010 15:24
		Re: Sanitizing user input By: Web Dreamer on Tue, 28 September 2010 10:11
		Re: Sanitizing user input By: Jerry Stuckle on Tue, 28 September 2010 11:21
		Re: Sanitizing user input By: Web Dreamer on Tue, 28 September 2010 13:14
		Re: Sanitizing user input By: Jerry Stuckle on Tue, 28 September 2010 15:14
		Re: Sanitizing user input By: Michael Fesser on Tue, 28 September 2010 16:24
		Re: Sanitizing user input By: Jerry Stuckle on Tue, 28 September 2010 22:35
		Re: Sanitizing user input By: Web Dreamer on Wed, 29 September 2010 08:01
		Re: Sanitizing user input By: Jerry Stuckle on Wed, 29 September 2010 10:57
		Re: Sanitizing user input By: Web Dreamer on Wed, 29 September 2010 13:47
		Re: Sanitizing user input By: Jerry Stuckle on Wed, 29 September 2010 16:21
		Re: Sanitizing user input By: Web Dreamer on Thu, 30 September 2010 07:44
		Re: Sanitizing user input By: Jerry Stuckle on Thu, 30 September 2010 12:32
		Re: Sanitizing user input By: Web Dreamer on Thu, 30 September 2010 12:51
		Re: Sanitizing user input By: Web Dreamer on Tue, 28 September 2010 16:37
		Re: Sanitizing user input By: Jerry Stuckle on Tue, 28 September 2010 22:34
		Re: Sanitizing user input By: Web Dreamer on Wed, 29 September 2010 07:54
		Re: Sanitizing user input By: Web Dreamer on Wed, 29 September 2010 08:02
		Re: Sanitizing user input By: Jerry Stuckle on Wed, 29 September 2010 11:01
		Re: Sanitizing user input By: Web Dreamer on Wed, 29 September 2010 13:15
		Re: Sanitizing user input By: Jerry Stuckle on Wed, 29 September 2010 16:22
		Re: Sanitizing user input By: Web Dreamer on Thu, 30 September 2010 07:47
		Re: Sanitizing user input By: Jerry Stuckle on Thu, 30 September 2010 12:35
		Re: Sanitizing user input By: Web Dreamer on Thu, 30 September 2010 12:57
		Re: Sanitizing user input By: alvaro.NOSPAMTHANX on Fri, 24 September 2010 08:15
		Re: Sanitizing user input By: MikeB on Fri, 24 September 2010 15:06
		Re: Sanitizing user input By: Michael Fesser on Fri, 24 September 2010 17:12

Previous Topic:	how to write a wsdl for php webservice?
Next Topic:	ANNOUNCE - NHI1 / PLMK / libmsgque - Work-Package-II

Goto Forum:

-=] Back to Top [=-

[ Syndicate this forum (XML) ] [

]

Current Time: Sat Nov 23 18:47:58 GMT 2024

Total time taken to generate the page: 0.05699 seconds