[prev in list] [next in list] [prev in thread] [next in thread] 

List:       kde-core-devel
Subject:    Re: A more hands on review process
From:       "Richard Moore" <richmoore44 () gmail ! com>
Date:       2008-08-01 10:37:59
Message-ID: 5491a5150808010337k302613ecmdbb7eddc41f1159e () mail ! gmail ! com
[Download RAW message or body]

On 7/31/08, Stephen Kelly <steveire@gmail.com> wrote:
> Security
> * The application / library has no obvious security flaws.
> * Network accessing protocols
> * html entities ('<', '>', "'", '"', '?') are encoded

For HTML you should quote '<', '>', '"' and '&'. The others are not required.

All places where the application launches external programs should be checked.

Any SQL queries processing untrusted data should be checked.

Cheers

Rich.
[prev in list] [next in list] [prev in thread] [next in thread]