(03-20-2015, 04:14 AM)KwiceroLTD Wrote:(03-19-2015, 07:47 AM)TGates Wrote: Yes, we know there are no know flaws in security right now. They have not shown any proof that the current release has any. If they do find them and post them up, we of course will jump right on it!
EDIT: They provided proof and good examples of the issues. Now we have something to work from then just 'vulnerabilities' LOL
I'm saddened by your immaturity on this matter. Security is very important.
There are multiple, MULTIPLE issues in this, and I don't even do auditing for a living or as a hobby.
Code:$sql = $zdbh->prepare("INSERT INTO $database.$table_name $insert");
Just a prime example, a safer practice would be:
Code:$sql = $zdbh->prepare("INSERT INTO ?.? ?");
$sql->execute(array($database, $table_name, $insert));
Therefore removing the possibility of SQL injection.
Thanks for the input we care for security and the above statement express only the point of view of TOM. You know we are many trying here our best and we might have different expertise area.
OK I agree SQL injection might be better prevented, I've even gone further and asked we move to stored procedures!
No support using PM (Auto adding to IGNORE list!), use the forum.
How to ask
200$ free to start your VPS 60 days credit
How to ask
200$ free to start your VPS 60 days credit
