News Feed
Sections




News Archive
Looking for more information on how to do PHP the right way? Check out PHP: The Right Way

Symfony Blog:
Security must be taken seriously
October 03, 2008 @ 08:49:25

On the symfony blog Fabien Potencier encourages all symfony developers that the security of your application must be taken seriously and that, despite the built-in protection the framework offers, there still could be issues.

The symfony framework has always provided the tools needed by the developers to secure their applications. With the new form framework, we have added an automatic protection against CSRF. Speaking of the form framework, we have also added a lot of security features to protect you against all sort of injections.

He does include an example, though, of a situation where it's not just about protecting from cross-site scripting or attacks. It's about checking user input to ensure it's what it should be. They give the example of a user pushing an "is_admin" value into a form posting where there wasn't one and updating the right column to give them admin rights.

He mentions some work the Rails team has tried to do to prevent this sort of thing automatically, but Fabian points out what the symfony framework already does - prevent any injected fields other than what's in the forms from being submitted and included.

0 comments voice your opinion now!
symfony form user input security xss csrf


blog comments powered by Disqus

Similar Posts

Digett.com: How to Theme the Comment Form in Drupal 6

International PHP Magazine: Poll Question: The Features of Symfony Include

Zend: Webinar - PHP Security Basics (Nov 28th @ 9am PST)

Davey Shafik\'s Blog: 1st Tampa Bay PHP User Group Meeting!

Fabien Potencier: SensioLabs raises 5 million euros to boost the Symfony ecosystem


Community Events





Don't see your event here?
Let us know!


symfony podcast introduction api tips zendserver development deployment series bugfix laravel interview language list release conference threedevsandamaybe community code framework

All content copyright, 2014 PHPDeveloper.org :: info@phpdeveloper.org - Powered by the Solar PHP Framework