Reply to Re: Validating input — PHP Programming Language

Posted by steve.high on 06/19/06 15:04

Argh. The intent of my reply was lost due to lack of caffeine. Now
that I had a few cups, let me rephrase:

You might want to consider validating before you post IN ADDITION TO
validating once the request hits the server. You should always try to
pre-format requests to your server whenever possible (unless the
overhead is too expensive or you might reveal some sort of algorithm or
data format you wish to keep secret)...WHILST KEEPING IN MIND that once
on the server, you should never trust the request until the appropriate
security measures have been taken.

Thank you for forcing me to clarify. I shall never post again until I
am certain my stimulant level is appropriate.

Cheers,

Gordon Burditt wrote:
> >You might want to consider validating your inputs before submitting to
> >the server.
>
> Validating inputs ONLY before submitting to the server is
> worse than no validation at all. In this case, the attacker
> gets to do his own validation.
>
> Gordon L. Burditt

[Back to original message]

Удаленная работа для программистов • Как заработать на Google AdSense • England, UK • статьи на английском • PHP MySQL CMS Apache Oscommerce • Online Business Knowledge Base • DVD MP3 AVI MP4 players codecs conversion help

Home • Search • Site Map • Set as Homepage • Add to Favourites

Сайт изготовлен в Студии Валентина Петручека —
изготовление и поддержка веб-сайтов, разработка программного обеспечения, поисковая оптимизация