Comments on: Getting with the mod_rewrite voodoo http://www.oneafrikan.com/archives/2006/07/31/getting-with-the-mod_rewrite-voodoo/ Share what you know, Learn what you don't. This is the evolution of one Afrikan. Fri, 09 Jan 2009 22:35:35 +0000 http://wordpress.org/?v=2.5.1 By: Gareth Knight http://www.oneafrikan.com/archives/2006/07/31/getting-with-the-mod_rewrite-voodoo/#comment-37771 Gareth Knight Thu, 03 Aug 2006 23:20:39 +0000 http://www.oneafrikan.com/archives/2006/07/31/getting-with-the-mod_rewrite-voodoo/#comment-37771 Yea yea yea... shecurity shmecurity! Just kidding!! Thanks for the heads up ;-) Just so you know, I am doing input validation... wouldn't do it any other way... Yea yea yea… shecurity shmecurity!

Just kidding!! Thanks for the heads up ;-) Just so you know, I am doing input validation… wouldn’t do it any other way…

]]> By: Daniel http://www.oneafrikan.com/archives/2006/07/31/getting-with-the-mod_rewrite-voodoo/#comment-37681 Daniel Mon, 31 Jul 2006 07:34:13 +0000 http://www.oneafrikan.com/archives/2006/07/31/getting-with-the-mod_rewrite-voodoo/#comment-37681 1st things 1st, Apache has a <a href="http://secunia.com/advisories/21197/" rel="nofollow">serious</a> vulnerability with mod_rewrite that allows attackers to execute code on your web server, so make sure you've updated your apache before you get r00ted. The one thing thats annoying us security peeps about Web 2.0 is that the SAME security mistakes are being made. Its like no-one has learnt anything from us poking holes in Web 1.0 and are hellbent on making the same mistakes. Take this "hiding" of query strings that everyone is being made to do with Web 2.0. Great, your making it look prettier but i'll bet my camera kit that the developer isnt doing the correct input validation on the user-supplied input being passed back to the server. On a daily basis now im still training developers on why this is a bad thing and im still getting that blank look. One day... 1st things 1st, Apache has a serious vulnerability with mod_rewrite that allows attackers to execute code on your web server, so make sure you’ve updated your apache before you get r00ted.

The one thing thats annoying us security peeps about Web 2.0 is that the SAME security mistakes are being made. Its like no-one has learnt anything from us poking holes in Web 1.0 and are hellbent on making the same mistakes.

Take this “hiding” of query strings that everyone is being made to do with Web 2.0. Great, your making it look prettier but i’ll bet my camera kit that the developer isnt doing the correct input validation on the user-supplied input being passed back to the server.

On a daily basis now im still training developers on why this is a bad thing and im still getting that blank look.

One day…

]]>