NYCPHP Meetup

[Chris Shiflett]

Dan Cech wrote:
> Personally, I'm of the opinion that right now people
> tend to focus too much on input filtering, and not
> enough on safe storage and display practices.

I agree. This is why I've been trying to promote the idea of FIEO
(filter input; escape output) for a more complete picture of properly
handling data, but even this doesn't address all security concerns. Some
exploits (CSRF, session fixation, etc.) play by the rules.

A similar problem is that there's too much focus on filtering user
input, as if the user is the only source of input.

Chris

-- 
Chris Shiflett
Principal, OmniTI
http://omniti.com/