In nearly all secure programs, your first line of defense is to check every piece of data you receive. If you can keep malicious data from entering your program, or at least keep it from being processed, your program becomes much harder to attack. This article shows how to validate input — one of the first lines of defense in any secure program.
Secure Programmer: Validating Input
2003-11-03 General Development 4 Comments
does anyone know of a good all around php form validator? preferably one that can verify ssn’s, credit cards, phone numbers, passport numbers, zip codes, etc…
This is well-and-good for web applications implemented in Perl/PHP, I suppose, but does little for those working with binary protocols, especially in a lower level language like C.
What this article mainly does is give food for thought. I think the most important thing the author said was to screen for valid input rather than trying to reject invalid input.
I think the most important thing the author said was to screen for valid input rather than trying to reject invalid input.
This is where binary protocols are advantageous. Because input validation becomes largely numerical, the difference between these two can become simply reversing the branch condition.