tag:blogger.com,1999:blog-5573468877679373998.comments2021-12-17T00:42:14.437-05:00Jackwillk SecurityJack Kowalskyhttp://www.blogger.com/profile/04395299413325980077noreply@blogger.comBlogger16125tag:blogger.com,1999:blog-5573468877679373998.post-411336692021887802010-09-16T05:34:49.229-04:002010-09-16T05:34:49.229-04:00Dave,
Thank you for the kind words! The rest of th...Dave,<br />Thank you for the kind words! The rest of the series is up now.<br /><br />Thanks,<br />JackJack Kowalskyhttps://www.blogger.com/profile/04395299413325980077noreply@blogger.comtag:blogger.com,1999:blog-5573468877679373998.post-22433600851409864322010-09-12T14:58:38.530-04:002010-09-12T14:58:38.530-04:00Great topic, Jack. And a wonderful first post, lo...Great topic, Jack. And a wonderful first post, looking forward to the rest of this series.<br /><br />tnx for sharing!<br /><br />DaveAnonymousnoreply@blogger.comtag:blogger.com,1999:blog-5573468877679373998.post-26021094526508912022010-07-20T17:14:04.382-04:002010-07-20T17:14:04.382-04:00Hi Brian,
There's a little bit more work to do...Hi Brian,<br />There's a little bit more work to do in the series, but I believe the place we're going to end up is pretty close to what we're asking. I think that customizing the encoder might be a bit out of scope for this series, but the internal phpdocs are actually pretty easy to follow and there are some functions that come pretty close to what you're looking for.Jack Kowalskyhttps://www.blogger.com/profile/04395299413325980077noreply@blogger.comtag:blogger.com,1999:blog-5573468877679373998.post-18935758758850148812010-07-20T17:11:54.834-04:002010-07-20T17:11:54.834-04:00Thanks! I'm actually not sure off hand why con...Thanks! I'm actually not sure off hand why content id would be going in as zero, but I will take a look tonight at the week one code and see if there is a mistake. If so, I'll repost the file and make a note here.Jack Kowalskyhttps://www.blogger.com/profile/04395299413325980077noreply@blogger.comtag:blogger.com,1999:blog-5573468877679373998.post-38840467197521387082010-07-17T10:16:00.150-04:002010-07-17T10:16:00.150-04:00Seems to be it is going to be great a series even ...Seems to be it is going to be great a series even for newbies like me.<br /><br />I had problem with comments. They just don't show up on main page and in DB coment's content_id is always 0. What can cause this?Anonymousnoreply@blogger.comtag:blogger.com,1999:blog-5573468877679373998.post-16757715927881932022010-07-16T10:52:57.673-04:002010-07-16T10:52:57.673-04:00Hi, can you talk about the encoder object next? Th...Hi, can you talk about the encoder object next? There is almost enough here between the three tutorials to begin using in a production environment, but I would like to see a custom encoder which only accepts UTF-8 and the entire process of taking data from $_POST, canonicalizing, validating, sanitizing, inserting it into a database, retrieving it from the database then outputting it in one fell swoop.<br /><br />By the way great tutorials so far.Briannoreply@blogger.comtag:blogger.com,1999:blog-5573468877679373998.post-8936073972922443402010-07-02T01:58:09.319-04:002010-07-02T01:58:09.319-04:00Great first post! Very easy to follow :) Looking f...Great first post! Very easy to follow :) Looking forward to the series.Marisa Faganhttps://www.blogger.com/profile/01185065599379609480noreply@blogger.comtag:blogger.com,1999:blog-5573468877679373998.post-69872139269618426212010-06-25T10:24:11.090-04:002010-06-25T10:24:11.090-04:00Hey David,
Thanks! Everyone has David to thank or ...Hey David,<br />Thanks! Everyone has David to thank or blame for this blog because of the @infosecmentors program.Jack Kowalskyhttps://www.blogger.com/profile/04395299413325980077noreply@blogger.comtag:blogger.com,1999:blog-5573468877679373998.post-52310080453951868642010-06-25T10:13:08.806-04:002010-06-25T10:13:08.806-04:00Hey Brian,
I have definitely reinvented the wheel ...Hey Brian,<br />I have definitely reinvented the wheel a few times when it comes to this sort of thing, and not nearly as well :)<br /><br />It's cool to find a project like this that makes all this a lot simpler.Jack Kowalskyhttps://www.blogger.com/profile/04395299413325980077noreply@blogger.comtag:blogger.com,1999:blog-5573468877679373998.post-18816821102209499602010-06-25T10:10:59.199-04:002010-06-25T10:10:59.199-04:00Hey Patrick,
Thanks for the kind words! I always ...Hey Patrick, <br />Thanks for the kind words! I always gravitate towards examples like this when I'm learning something new, so I hope this series will help some people decide to use ESAPI.Jack Kowalskyhttps://www.blogger.com/profile/04395299413325980077noreply@blogger.comtag:blogger.com,1999:blog-5573468877679373998.post-65328957617859258022010-06-25T10:09:14.226-04:002010-06-25T10:09:14.226-04:00Michael,
Thanks for the input. I updated the post...Michael, <br />Thanks for the input. I updated the post with a link to the source code. <br /><br />ESAPI PHP still seemed to be pretty active, even though the mailing list traffic has died down a bit. I saw commits as recently as about a month ago, so it seems there are still people working on it. It's a very cool project.Jack Kowalskyhttps://www.blogger.com/profile/04395299413325980077noreply@blogger.comtag:blogger.com,1999:blog-5573468877679373998.post-14882139607432287042010-06-24T17:20:50.047-04:002010-06-24T17:20:50.047-04:00Excellent first post Jack, well done!
Looking for...Excellent first post Jack, well done!<br /><br />Looking forward to the rest of this series and your future blog posts!<br /><br />David Rook<br /><br />Security Ninja<br /><br />@securityninjaDavid Rookhttps://www.blogger.com/profile/17825866700317798112noreply@blogger.comtag:blogger.com,1999:blog-5573468877679373998.post-2778159905870800232010-06-24T12:59:25.300-04:002010-06-24T12:59:25.300-04:00Hi,
Thanks for the post. Just starting CodeIgnite...Hi,<br /><br />Thanks for the post. Just starting CodeIgniter and dealing with various security issues such as character encoding, null bytes, UTF-8, buffer overflow of vulnerable PHP extensions, multibyte strings, and so on. CodeIgniter already has an active record class so queries are already escaped, but encoding is proving to be a big headache.<br /><br />Hopefully you continue this series, so people like me can figure out how to harden their PHP applications without reinventing the wheel ;). I'm hoping ESAPI will be the panacea to my woes.BrianLimhttps://www.blogger.com/profile/07107383864607795783noreply@blogger.comtag:blogger.com,1999:blog-5573468877679373998.post-46257831403284767512010-06-24T07:10:23.940-04:002010-06-24T07:10:23.940-04:00Michael,
it's very much alive. I'm out of...Michael,<br /><br />it's very much alive. I'm out of the picture at the moment with fairly terrible family problems, but I will return once that is settled. Mike B is doing a fantastic job.<br /><br />AndrewAndrew van der Stockhttps://www.blogger.com/profile/11645325811466424904noreply@blogger.comtag:blogger.com,1999:blog-5573468877679373998.post-20840487398952307122010-06-24T04:41:22.958-04:002010-06-24T04:41:22.958-04:00Good choice for a first post. These pragmatic, qui...Good choice for a first post. These pragmatic, quick-win type case studies can really help drive adoption of all the ESAPI projects. I'm looking forward to the rest of the series. <br /><br />Also, while you're putting this together make sure that you're planning a conference talk in the back of your head. A few more thoughtful posts and you'll find that you know more about this little corner of infosec than 95% of folks out there. ;)<br /><br />~PST<br />@coffeetocodePatrickhttps://www.blogger.com/profile/15397716556327709665noreply@blogger.comtag:blogger.com,1999:blog-5573468877679373998.post-47489307890319471472010-06-23T14:00:02.790-04:002010-06-23T14:00:02.790-04:00Jack,
This looks it will be an interesting series...Jack,<br /><br />This looks it will be an interesting series. Good first item to tackle - ESAPI PHP. One thing I'd be interested in finding out is that status of the ESAPI PHP project. I originally had thought that it was sort of on hold / had stalled. But based on this post it sounds like it is alive and well.<br /><br />Also, you may want to offer a download link for all of your source code so people can easily grab it all at once to follow along at home.<br /><br />Nice first post.Michael Coateshttps://www.blogger.com/profile/01776444965999374544noreply@blogger.com