httpd-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Vadim N. Lyalikov" <>
Subject [users@httpd] Re: [OBORONA-SPAM] Re: [users@httpd] Re: [OBORONA-SPAM] RE: [users@httpd] escaped input mod_rewrite
Date Tue, 02 Nov 2004 21:33:47 GMT
<!DOCTYPE html PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN">
  <meta http-equiv="Content-Type" content="text/html;charset=ISO-8859-1">
<body text="#000000" bgcolor="#ffffff">
Joshua Slive write:<br>
<blockquote type="cite"
  <pre wrap="">Have your app do its own encoding/escaping that replaces anything
dangerous.  Something like base-64 encoding or the like would probably
be easy and safe.

I'll be glad to do smth like base-64, but these url would not be human
friendly. And may be nor search engine friendly. I think that keywords
(cake names ...) give some points, when searched by spider.<br>
It seems, that much less difficult and as SEF as base-64 encoding is
the standard way:<br>
&nbsp;&nbsp;&nbsp; ...blah.php?var1=val1&amp;var2=val2<br>
&nbsp;&nbsp;&nbsp; ...blah/var1/val1/var2/val2/<br>
and may be this is only appropriate way to work with "arbitrary
strings". Exactly, no way. With strings. Only numbers.<br>

The official User-To-User support forum of the Apache HTTP Server Project.
See <URL:> for more info.
To unsubscribe, e-mail:
   "   from the digest:
For additional commands, e-mail:

View raw message