Error Handling and Security
[ 328 ]
How to Avoid Common Attacks
The security flaws that we will investigate are some of the most likely to be exploited
because they tend to be the easiest to initiate and there is plenty of literature
explaining how to initiate them.
The attack types described here should not be considered a complete list. There
are many ways in which an attacker can attempt to exploit a system. If you are
concerned about attacks, you should consider hiring a security professional to help
evaluate security vulnerabilities in your extensions.
Using the Session Token
A session is created for every client that makes a request. Joomla! uses its own
implementation of sessions; integral to this is the JSession class. The session token,
also refered to as the 'token', is a random alphanumeric string that we can use to
validate requests made by a client. The token can change during a session.
Imagine that an attacker uses a utility to bombard a site with data; the data itself
may not be suspicious.
Pages:
430
431
432
433
434
435
436
437
438
439
440
441
442
443
444
445
446
447
448
449
450
451
452
453
454