IS 337: Website Administration
Lecture for November 7: Security and Sessions
+
-
Topics
Getting onto Yardley
- Set your passwords on the Linux side of the GLUW lab so that Fife won't hunt you down.
- Fife will run a password cracker, and he will ban you from yardley if your password stinks.
HTTP Redirection
<meta http-equiv="refresh" content="seconds;URL=url">toggle- In the
<head>element - Not really an HTTP redirection
- In the
Security
- JavaScript injection toggle
- Two contradictory meanings.
- Clean user's input! toggle
- Encode characters as entities: toggle
htmlspecialchars($str)htmlentities($str)
- Strip out (X)HTML tags toggle
strip_tags($str),strip_tags($str, $allowed)- whitelist versus blacklist
- Encode characters as entities: toggle
Urlacher Store and Sessions
- Sessions are not a good solution for storing lots of data.
- Things to do: Clear cart. Compute totals on cart.php page.
Readings and Resources
- PHP Manual
Quick Written Assignment for Next Time
Write the (X)HTML for two form elements to collect interesting
data about a user (e.g., email address, telephone number, website,
etc.). Also write two statements that saves these values into the
$_SESSION.
© 2007 Calvin College and Jeremy D.
Frens.
This work is licensed under a Creative
Commons Attribution-Noncommercial-Share Alike 3.0 United States
License.