Report message:*
 

Re: Proposal to secure $xoopsDB->query method

Subject: Re: Proposal to secure $xoopsDB->query method
by nachenko on 2008/4/5 14:30:09

I think we're going out of scope.

We all know we have to make DB queries safer for future developments.

The problem is WHAT THE HELL we do to MAKE OLD MODULES SAFER. How can we secure all these unsafe Xoops modules that are not being updated to use our improvements in security.

xoopsDB->query method syntax must stay unchanged, as all modules use it. So how can we fight against malitious queries given the fact that there are so many Xoops modules out there that are not going to be updated to be more secure?

This is what my code snippet is about. But this code snippet is just an idea expressed in code. What can we do to improve it?