Sharebar?

A reminder for developers

A reminder for developers

Security reminders and character encoding

A reminder for developers

Just thought it would be useful to post a reminder to developers that, as with any web application, you should be conscious of potential exploits and security vulnerabilities in your code. There is nothing intrinisically insecure about LTI, but the UIs built around it can be at risk if appropriate precautions are not taken. Some useful sites about potential exploits (e.g. SQL/XML injection) are:

I am sure there are many others - please post a reply with any you recommend.

I would also like to take this opportunity to note that any data passed in an LTI launch request should be encoded using UTF-8 (as required by OAuth). This is not clearly identified in the LTI specification, but we propose to rectify this in the future. I am not aware of any issues arising from this, so assume that everyone is already using UTF-8 anyway!