indeedle » sanatise http://indeedle.com blogging the indeedle way Tue, 27 Jul 2010 02:41:06 +0000 en hourly 1 http://wordpress.org/?v=3.0.1 Trust Nobodyhttp://indeedle.com/blog/2010/01/16/trust-nobody/ http://indeedle.com/blog/2010/01/16/trust-nobody/#comments Sat, 16 Jan 2010 04:22:38 +0000 Cody http://indeedle.com/?p=71 One important lesson when developing applications (I’m focusing on websites here, but this applies to all types of applications) is to ditch user trust.

In a nut shell, do not trust any input you receive from a user. Seriously, do not assume it is clean and good, treat all user input (whether it be cookies, text from a text box or something else) as potentially dangerous. Check it, filter it, escape it.

Never let input from a user go straight into your database or on to a page without it being filtered. If you let it straight into the database you leave yourself open to SQL Injections and other attacks.

This is why you should clean up all input. (Click for bigger version)

Keep that in mind when you are developing an application, any and all user input needs to be checked out, torn to pieces, ripped apart, put back together before being considered safe.

© 2008 - 2010 for indeedle. All rights are reserved. | For more information please visit indeedle. | Permalink.

]]> http://indeedle.com/blog/2010/01/16/trust-nobody/feed/ 2