March 29, 20214 yr Stiglo pismo/molba/zahtjev na PHP internals: Reveal hidden contents We are building a website using CodeIgniter3 & are very much security conscious & believe we have a brilliant idea. If PHP does not follow up with this idea, then undoubtedly Microsoft and or Google will do just that. So let us share the idea with PHP first & before the other 2 giants, that is if PHP ignores this message. We intend to notify those 2 giants after 7 days if PHP does not respond to this message & after 30 days if PHP does respond but demonstrates no interest in pursuing the matter further. PHP should make the Internet a much safer place to browse & to conduct business. PHP has the basic facility but does not appear to be interested in achieving a safe Internet. There should be a central database that stores Face Recognition & Fingerprint Data where if a person joins a PHP website, and maybe other sites, there can be a search if the User has an existing database entry and then report to the website holder as to any adversities. The website holder can then decide whether to proceed with or without conditions and may even create its own database. The website should also have the facility to enable Javascript, HTML, CSS and any other App within the User's browser, to ensure that nothing has been tampered with. Of course there must be a prior warning before that can take place. Once the User is registered in either the base database and or the website database, then he/she can produce a face image & fingerprints each time of logging in and or making a valuable transaction, to identify oneself before proceeding further, that is if the website permits such activity with that person. While we do understand that CodeIgniter does eliminate SQL Injection into a url, we are not so confident if there is any elimination for injecting into a text box or text area. In our project we do have some Javascript & HTML restrictions and then proceed with form_validation to ensure compliance backend. However, we need a more sophisticated system than form_validation and although we have attempted to test callback it does fall short of being sufficient for our intention. When a form_validation is triggered, excepting "required" in the event of no data entered, we will want the User's account to be immediately suspended & the offending data recorded in the Admin section together with User ID & Username & a message sent to the User. Within 24 hours we will need to decide on the fate of the User. PHP maybe thinking why they should get involved in such high level security & feel that it should be left to the security professionals. Let us say that it is the "open" environment that PHP, & others, have created that causes theft & corruption via the Internet therefore PHP & others have an obligation to close that opening. Edited March 29, 20214 yr by Tpojka
Create an account or sign in to comment