I wanted to start a list of common web security threats. Below are two basic ones I know of. Share any you know!
The super long string. If you ever create a forum and someone makes a post with AAAAAAA a thousand times it expands your page and never wraps the word. Solution: Have your code check the length of each word and cut it when it is long. PHP has a function called wordwrap, but cuts every Nth character regardless if spaces already exist.
Submitting of DHTML. When your page displays someone that submitted DHTML it can change the look, redirect, and create popups. Solutions: Remove DHTML entities before you display the message. For PHP you can use htmlentities function.
Ok that first one isnt really a security threat. The second on is and its called a XSS Attack (Cross Site Scripting) not a DHTML attack.
Been done. http://www.phpbuilder.com/board/showthread.php?s=&threadid=10253310 http://www.phpbuilder.com/board/showthread.php?s=&threadid=10266519 http://www.sklar.com/page/article/owasp-top-ten (OWASP Top 10 as applied to PHP)
I should of looked first. Of course someone would have done this topic before.
