devel:security
Differences
This shows you the differences between two versions of the page.
Both sides previous revisionPrevious revisionNext revision | Previous revisionNext revisionBoth sides next revision | ||
devel:security [2015-11-07 16:18] – [Security Guidelines for Plugin Authors] 50.141.100.133 | devel:security [2016-06-20 20:32] – [Typical Vulnerability Example] Grammar 139.174.200.55 | ||
---|---|---|---|
Line 8: | Line 8: | ||
A list of the most common security issues and how to avoid them can be found on this page. A short summary: | A list of the most common security issues and how to avoid them can be found on this page. A short summary: | ||
* Cross Site Scripting (XSS) -- inserts malicious code into website to manipulate site in browser of user | * Cross Site Scripting (XSS) -- inserts malicious code into website to manipulate site in browser of user | ||
- | * Cross Site Request Forgery (CSRF) -- tricks to let you self do unknowingly | + | * Cross Site Request Forgery (CSRF) -- tricks to let you self do unknowingly |
* Remote Code Inclusion -- includes code on server that's executed there | * Remote Code Inclusion -- includes code on server that's executed there | ||
- | * Information leaks -- there is too much information | + | * Information leaks -- there is too much information |
* SQL injection -- one can do unwanted requests on your data | * SQL injection -- one can do unwanted requests on your data | ||
Line 199: | Line 199: | ||
</ | </ | ||
- | What the user's browser | + | What will the user's browser do then? |
The browser will process this image as any other and will send a request to this URL. Your plugin will then see that $_GET[' | The browser will process this image as any other and will send a request to this URL. Your plugin will then see that $_GET[' |
devel/security.txt · Last modified: 2023-08-14 13:41 by Klap-in