[ic] cleanliness of session values
Kevin Walsh
interchange-users@icdevgroup.org
Mon Nov 18 21:37:00 2002
Jeff Dafoe [jeff@badtz-maru.com] wrote:
>
> Is it OK to take something from the CGI hash and assign it to the Values
> hash? I want to confirm that the data in the values hash is considered to
> be tainted user input and that I do not need to perform any sanitization
> prior to assigning user data to it.
>
"CGI" and "values" can both be tainted by user-supplied CGI values.
If you want to ensure that your data cannot be tainted then use the
scratch space instead.
--
_/ _/ _/_/_/_/ _/ _/ _/_/_/ _/ _/
_/_/_/ _/_/ _/ _/ _/ _/_/ _/ K e v i n W a l s h
_/ _/ _/ _/ _/ _/ _/ _/_/ kevin@cursor.biz
_/ _/ _/_/_/_/ _/ _/_/_/ _/ _/