Home > General Development > Secure Programmer: Validating Input

Secure Programmer: Validating Input

General Development 4 Comments

In nearly all secure programs, your first line of defense is to check every piece of data you receive. If you can keep malicious data from entering your program, or at least keep it from being processed, your program becomes much harder to attack. This article shows how to validate input — one of the first lines of defense in any secure program.

About The Author

Eugenia Loli

Ex-programmer, ex-editor in chief at OSNews.com, now a visual artist/filmmaker.

Follow me on Twitter @EugeniaLoli

4 Comments

  1. 2003-11-03 6:58 pm
    Anonymous

    does anyone know of a good all around php form validator? preferably one that can verify ssn’s, credit cards, phone numbers, passport numbers, zip codes, etc…

  2. 2003-11-03 8:12 pm
    Anonymous

    This is well-and-good for web applications implemented in Perl/PHP, I suppose, but does little for those working with binary protocols, especially in a lower level language like C.

  3. 2003-11-03 11:15 pm
    Anonymous

    What this article mainly does is give food for thought. I think the most important thing the author said was to screen for valid input rather than trying to reject invalid input.

  4. 2003-11-04 1:55 am
    Anonymous

    I think the most important thing the author said was to screen for valid input rather than trying to reject invalid input.

    This is where binary protocols are advantageous. Because input validation becomes largely numerical, the difference between these two can become simply reversing the branch condition.