httpd-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Vadim N. Lyalikov" <vadim-lyali...@yandex.ru>
Subject [users@httpd] Re: [OBORONA-SPAM] Re: [users@httpd] Re: [OBORONA-SPAM] RE: [users@httpd] escaped input mod_rewrite
Date Tue, 02 Nov 2004 21:33:47 GMT
<!DOCTYPE html PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN">
<html>
<head>
  <meta http-equiv="Content-Type" content="text/html;charset=ISO-8859-1">
  <title></title>
</head>
<body text="#000000" bgcolor="#ffffff">
Joshua Slive write:<br>
<blockquote type="cite"
 cite="mide498c16604110213115400d7c5@mail.gmail.com"><!----><br>
  <pre wrap="">Have your app do its own encoding/escaping that replaces anything
dangerous.  Something like base-64 encoding or the like would probably
be easy and safe.
...
Joshua.

  </pre>
</blockquote>
I'll be glad to do smth like base-64, but these url would not be human
friendly. And may be nor search engine friendly. I think that keywords
(cake names ...) give some points, when searched by spider.<br>
It seems, that much less difficult and as SEF as base-64 encoding is
the standard way:<br>
move<br>
&nbsp;&nbsp;&nbsp; ...blah.php?var1=val1&amp;var2=val2<br>
to<br>
&nbsp;&nbsp;&nbsp; ...blah/var1/val1/var2/val2/<br>
and may be this is only appropriate way to work with "arbitrary
strings". Exactly, no way. With strings. Only numbers.<br>
Vadim.<br>
</body>
</html>


---------------------------------------------------------------------
The official User-To-User support forum of the Apache HTTP Server Project.
See <URL:http://httpd.apache.org/userslist.html> for more info.
To unsubscribe, e-mail: users-unsubscribe@httpd.apache.org
   "   from the digest: users-digest-unsubscribe@httpd.apache.org
For additional commands, e-mail: users-help@httpd.apache.org


Mime
View raw message