View Single Post
Old 29th May 2013, 09:38
Ben Ben is offline
Join Date: Jul 2006
Posts: 1,029
Thanks: 7
Thanked 62 Times in 56 Posts

Originally Posted by remy74 View Post
Yes, we knows that. In all forms, we put validators, and when we extract data from Exchange (ActiveDirectory) we also validate the format.

We try our best, but we will also need other "eyes" to be sure that all is conform for ISPConfig and the security.
Good to read. If there is code ready, just provide a link where to look at it.

@Falko / Till: There isn't a kind of security best practices in context of ISPConfig3 module development, so that not every interested developer needs to read all the OWASP stuff totally as probably some of those issues are solve by helper functions. So the dev' "just" needs to unterstand the issue and why to use such helpers.
Reply With Quote