The downloadable version of this document is located here:
http://techrepublic.com.com/5138-3513-5899557.html
How often is use input validation left out of the specs you work with? Do you make it a point to address that shortcoming?
Discussion on:
View:
Show:
my own specs, and I never leave input validation out.
all user input is validated for the content type expected.
no user input is run as script.
( code tag any user input on validating if it contains scripting data )
all input also has session key tied to the validation, if no valid session key, then input rejected.
( helps keep cross site scripting vulnerabilities and errors down )
why anyone hasn't set up thier own sanitisation functions that they use automatically in todays environment is beyond me.
all user input is validated for the content type expected.
no user input is run as script.
( code tag any user input on validating if it contains scripting data )
all input also has session key tied to the validation, if no valid session key, then input rejected.
( helps keep cross site scripting vulnerabilities and errors down )
why anyone hasn't set up thier own sanitisation functions that they use automatically in todays environment is beyond me.
- Keyboard Shortcuts:
- Prev
- Next
- Toggle
