Home / PHP / How to protect against Log Injection attacks in PHP?

Rabu, 13 Maret 2019

How to protect against Log Injection attacks in PHP?

What is the best way to protect against Log Injection attacks in PHP ? Of course, we should sanitize input, but the question is how, and what has to be sanitized ?

For example, if I am logging something that can come from the user, first step would be to make sure that what he enters, do not cause some problems in the OS, or strange behaviours of the application. Then, if we display log entries somewhere in the application, we need to make sure that XSS and similar attacks are not possible.

I am looking at PHP sanitize filters as a possible solution, but I do not really know what should I filter out. What characters can be dangerous ?



from How to protect against Log Injection attacks in PHP?

How to protect against Log Injection attacks in PHP? Rating: 4.5 Diposkan Oleh: Admin

0 komentar:

Posting Komentar

Langganan: Posting Komentar (Atom)

Popular Posts

  • 寄生植物
    菟絲子屬為莖的全寄生植物,宿主是產於巴基斯坦的金合歡屬植物。 寄生植物 指的是其營養乃全部或部份於來自其他生物(其他植物)者。目前已發現營寄生的開花植物大約有19科,4,100種 [1] 。寄生植物具特化的根, 吸器 (haustorium),會穿過宿主的組織達到木質部、或韌皮部...
  • elegant way to downgrade all angular components for angular js
    My app is supposed to migrate from angularjs to angular. I'm creating new angular components. Is there an elegant way to automatically i...
  • Rendering ContentEditable component without getting ContentEditableWarning?
    I get the following warning when rendering my component: Warning: A component is contentEditable and contains children managed by React. I...