[Typo3] SQL Injection
Daniel Novak
dannov at hotmail.com
Fri Mar 4 12:15:34 CET 2005
The problem is the _bad_ coding. Using $_GET vars in php _with_ typo3 is
very _bad_ behaviour.
_WHY NOT_ use the build in typo mechanisms like GPvars, and PIvars?
If those guys who programm extensions would program them after the coding
guidelines, we wouldn't have problems like these ....
just my 2cents
"Kraft Bernhard" <kraftb at gmx.net> schrieb im Newsbeitrag
news:mailman.1.1109889027.24250.typo3-english at lists.netfielders.de...
> Ries van Twisk wrote:
>
>
>> I am not a member of that list... nor that I even knew (forgot...) that
>> it existed,
>
> The list is a closed (restricted) one. Just some people are one it. It
> isn't good
> to have to many people knowing of security leaks. Some could do bad
> things.
>
>
>> sorry for the post on this list anyways,
>
> I did the mistake myself ... think I was to curious :(
>
>
> greets,
> Bernhard
> --
> ----------------------------------------------------------------------
> "Freiheit ist immer auch die Freiheit des Andersdenkenden"
> Rosa Luxemburg, 1871 - 1919
> ----------------------------------------------------------------------
More information about the TYPO3-english
mailing list