If
JError isn't up to this task, we should use $mainframe->close().
Handling input from a URI query is very easy in Joomla! and the data type casting
alone provides us with a massive form of protection against security flaws. We should
remember that we can use the JRequest alias methods to easily cast an input value.
Taking input value preprocessing one step further, we can use REs to ensure that
data is the expected format. Remember that we can also use REs to retrieve certain
parts from a data pattern. This is especially useful if one input value contains
multiple pieces of data.
When we deal with sensitive data we can restrict user access using the Joomla!
GACL access control implementation. When we are creating components using the
MVC architecture, we can use the controller to check for authorization.
Attackers are very resourceful and will go to great lengths to discover and exploit
security flaws. Remember to always sanitize incoming data and escape outgoing
data. Joomla! and PHP provide us with a plethora of utilities that, if used correctly,
can ensure that our extensions are as secure as possible.
Pages:
445
446
447
448
449
450
451
452
453
454
455
456
457
458
459
460
461
462
463
464
465
466
467
468
469