Can my webpage be subject to attack when a genuine user is submitting a form?

-

basically on sanitizing form data , validating against expected input in circumstances struggling know if after sanitization if data not match expected values, particularly if form being used genuine user @ time, poses question:

can page attacked @ same time genuine user submitting form, or using administration pages?

if can happen best thing if expected values not user input? wouldn't want redirect or cause error if had filled out form correctly other intrusion had entered form.

for example, values changed genuine user has input?

also on hidden fields, genuine user cannot see, these values changed?

my code this:

$sanitized = filter_input(input_post, 'form field', filter_sanitize_string);

$post['form field'] = $sanitized;

// validate either against expected arrays (if list menu), or expected patterns such letters or numbers

// on fields error presented if not expected not in case of hidden fields

is still possible values of posted form have been changed / added after these checks? , if best course of action?

i forward expalnation, gratefully received. 

>can page attacked @ same time genuine

>user submitting form, or using administration pages?

 

that's not how attacks work. common attacks need guard against sanitization include attacker using form inject code database. or bypass form , attack php script page directly. allow them exploit weaknesses in application , gain entry system, or cause cross site scripting attack affect legitimate users.

 

>for example, values changed genuine user has input?

 

probably result of xss type attack. example, user might click on link site contains malicious code in querystring web application processes without checking. alter values in form submit. long evaluate , sanitize data, should fine.

 

and attacker eavesdrop on site , gather data submitted unencrypted pages - exposing login credentials , other sensitive data. used gain access system, or used access other systems users use same credentials on many systems.



More discussions in Develop server-side applications in Dreamweaver


adobe

Comments

Post a Comment

Popular posts from this blog

How to change text Component easybook reloaded *newbee* - Joomla! Forum - community, help and support

-
Image
hi all, i started building websites joomla not long ago, can use help.. for got problem guestbook. i have installed easybook. , running on following website http://odoorn321.nl/ (under gastenboek) i want change text: waardering website (is dutch valuate website) waardering. idea rid of word website, because have valuate vacation home, not website. i have made screenshot of text want change. where , how going find css file change text? your appreciated! thanks no one? Board index Joomla! Older Version Support Joomla! 2.5 General Questions/New to Joomla! 2.5
Read more

After Effect warning: A problem occurred when processing OpenGL commands

-
i have after effects cs6 in computer cs5.5 installed. 64bit windows 7 ultimate 20gb memory , 2 amd radeon hd 6900 series display adapters drivers updated hour ago (driver date 27.7.2012, version 8.982.0.0).   when trying use after ecffects, error message " after effect warning: problem occurred when processing opengl commands " when clicking composition window.   what done? not much, i'm afraid. need older graphics driver. other disable second card or play configuration. unfortunately not smart person decided cs6 no longer need manual opengl control user, there's no way suppress within program force-revert software-only modes in case of such issues...   mylenium More discussions in After Effects adobe
Read more

Preconditions Failed. - Joomla! Forum - community, help and support

-
hello! i'm having problem; every time click save&close button, or save button, or close button module; following message appears: "precondition failed the precondition on request url /administrator/index.php evaluated false. additionally, 404 not found error encountered while trying use errordocument handle request." it happens modules. thanks in advance. problem description :: forum post assistant (v1.2.3) : 13th november 2012 wrote: can\'t save changes or close module. log/error message :: forum post assistant (v1.2.3) : 13th november 2012 wrote: precondition failed precondition on request url /administrator/index.php evaluated false. additionally, 404 not found error encountered while trying use errordocument handle request. last php error(s) reported :: forum post assistant (v1.2.3) : 13th november 2012 wrote: [04-mar-2012 01:25:56] php fatal error: call member function get() on non-object in /home/joommmy1/addon/youngstaer/sub/teenace/public_html/templates/...
Read more