Posted by Peter Fox on 11/04/05 12:32

Following on from Chung Leong's message. . .
>Gordon Burditt wrote:
>> I'll strongly disagree with this one. If an input should be a
>> number, and it's not, you should generate an error message (and
>> possibly log a tampering attempt), not process the input as though
>> it were zero or something else. Fixing an over-long string by
>> chopping it has potential for causing more (security and other)
>> problems than it fixes. Chances are a numeric input should be
>> checked against an application-specific range of allowable values
>> also.
>
>You misunderstood me. I said you shouldn't rely on validation for
>security purpose. I didn't say don't do validation. My point is that
>input validation is a functional requirement and not a security
>measure. You do it so that you can, as you said, tell the user he did
>something wrong. You don't want to rely on it, at the same time, to
>protect your code downstream.
>
Input validation is a great asset to security because it simplifies the
inputs that the security has to field. Any typed input is going to have
typing errors or the user has misunderstood what goes where so when
unexpected input arrives it is best _in the first instance_ to deal with
these as an interface matter not as a security issue.

But /then/ there are two matters (One for the programmer one for the
designer) which are 'Is this a bit of bent wire being used to pick the
lock?' and 'Is this key in the right hands?' Neither should be assumed.


I like to weed out ununderstood data as soon as possible and protect
(say) the database as close to the database as possible. In the first
case it is the meaning and structure I'm interested in, in the second
its is the particular threats to (say) sql injection that I'm addressing
and I couldn't care if the (say) string is 1 or 1000 characters long -
just so as it can't do naughty things by accident or design.

Below the raw input validation is logic such as they say they want 5
starters, 5 main courses and 50 sweets - odd! (So how did that happen -
could be a bug or misunderstanding problem rather than malicious.



--
PETER FOX Not the same since the poster business went to the wall
peterfox@eminent.demon.co.uk.not.this.bit.no.html
2 Tees Close, Witham, Essex.
Gravity beer in Essex <http://www.eminent.demon.co.uk>

• Next in forum: PHP simple plain text menu, suggestions ?
• Prev in forum: Re: char replacement
• Thread view: Re: PHP Security

[Reply to this message]