Originally Posted by remy74
Yes, we knows that. In all forms, we put validators, and when we extract data from Exchange (ActiveDirectory) we also validate the format.
We try our best, but we will also need other "eyes" to be sure that all is conform for ISPConfig and the security.
Good to read. If there is code ready, just provide a link where to look at it.
@Falko / Till: There isn't a kind of security best practices in context of ISPConfig3 module development, so that not every interested developer needs to read all the OWASP stuff totally as probably some of those issues are solve by helper functions. So the dev' "just" needs to unterstand the issue and why to use such helpers.