ONJava.com -- The Independent Source for Enterprise Java
oreilly.comSafari Books Online.Conferences.

advertisement

ONJava Topics
All Articles
Best Practices
Enterprise JavaBeans
Java and XML
Java Data Objects
Java EE (Enterprise)
Java IDE Tools
Java Media
Java SE (Standard)
Java Security
Java SysAdmin
JDO/JDBC/SQLJ
JSP and Servlets
Open Source Java
P2P Java
Web Services
Wireless Java

AddThis Social Bookmark Button
Article:
  Ten Security Checks for PHP, Part 2
Subject:   Avoid Loose Typing Intricacies - fix
Date:   2003-04-07 23:32:18
From:   ljweb
Rather than the
if ($user_id < 0 || $user_id > 2 || !isset($user_id)) {
line, I would advice the use of
if (is_int($user_id) && isset($users[$user_id])) {


The reason is, that even how small or large a usertable must be, there will always be someone skipping out from time to time, leaving empty slots in the list. Checking for larger/less-than is then not optimal and will produce yet another security flaw, as the subject of this very article states. Using "loginnames" rather than a number, would remove this problem same time.


I know, the code produces is not intended for production site (or I hope so), but the examples provided should rate as code worth copying and following.


/ Lars
www.ljweb.com
1 to 1 of 1
  2. Avoid Loose Typing Intricacies - fix
    2003-04-08 00:58:01  clancymalcolm [View]

1 to 1 of 1


Recommended for You