If you store a user’s User-Agent and use it again, make sure you scrub that data first.

[If you store anything, make sure you scrub it. Of course, this isn’t user-inputted data, it’s data that the server gets from the client’s browser.]

We were hacked? abused? today by a member who had javascript in place of his User Agent. A very clever hack. However, we have learned our lesson.

Here’s hoping you do, too.

Comments are closed.