Security
I've been beating my head against a wall trying to figure out a small but still potentially serious security issue that's tied to PHP and uploading.
On the brighter side of things, I've run dozens of XSS tests on the comment and mail forms and have found zero security holes there which is a big relief. I've also spent a fair amount of time with the search feature and the site's page-handling in general and all results have been positive.
Back to the issue at hand though... I'm pretty sure I have a mechanism in place now to block any potential exploits but I'm waiting on some feedback from an acquaintance in regards to the issue before I consider the problem solved. Unfortunately this security testing has set me back about a week and given me a sleepless night in exchange for peace of mind; not that fair of a trade in my opinion.
Regardless, all that I have left is a proper category menu (which I've been hammering away at) and the site, functionality-wise, will be complete.
On the brighter side of things, I've run dozens of XSS tests on the comment and mail forms and have found zero security holes there which is a big relief. I've also spent a fair amount of time with the search feature and the site's page-handling in general and all results have been positive.
Back to the issue at hand though... I'm pretty sure I have a mechanism in place now to block any potential exploits but I'm waiting on some feedback from an acquaintance in regards to the issue before I consider the problem solved. Unfortunately this security testing has set me back about a week and given me a sleepless night in exchange for peace of mind; not that fair of a trade in my opinion.
Regardless, all that I have left is a proper category menu (which I've been hammering away at) and the site, functionality-wise, will be complete.
[ 01 March, 2008 ] • [ William Hedrick ] • [
]