Hi,
I am building a community type site. There isn't any overly sensitive info stored, but identity is of course a major concern and i would like the login-integrity to be pretty solid for that reason. Sessions have not been a peice of cake to say the least, but i'm getting them with only one nagging concern.
I have read on several sites that no form data should be allowed to be submitted without first having anything questionable parsed out. My problem is that i am not a hacker, and have no clue what exactly should or shouldn't be allowed in. My site is stored on an ISP's box, and i have never been the physical administrator of a server, so I am clueless as to what commands could be submitted to physically alter or damage things. Any thoughts, or pointers to material, on such things?
