Validating Input For A Secure Program

Share:    

In web development, the first thing to be done is to check every piece of data received

. A software process must always make sure that the input is in the expected form. Avoiding the entry of any malicious data will ensure a high data quality level. This article frames the techniques of validating an input to secure programs.

Validating the Input

Check every data received.

Avoid unsecure data"s to protect the program from attacks.

Checking to be done at the beginning as well as later while using data.

Checking Incorrect Input

Checking for illegal data values are the biggest mistakes, as attackers might use another data value.

Data must match the definition, otherwise reject it.

Match the input to a certain pattern; reject the inputs that do not follow that pattern.

Avoid dangerous values.

Expected data for the web development (UK) process are discussed below:

Numbers:

Here, the data is in number format. Digits can be checked using the regular expression ^[0-9]+$). In most cases there will be a minimum as well as a maximum value, to check whether the number is inside its legal range.

In web development (UK), the lack of minus sign doesn"t mean that there are no negative numbers. The presence of excessively large number in many number-reading routines will result in the rolling over of the value into a negative number. Developers" neglecting this enables attackers to overwrite critically important data.

In the case of floating point number, the normal checking routines, allow values such as "NaN" (not a number). This creates confusion later, as NaN is not equal to NaN!.

Strings:

Regular expressions are the tools that describe legal string values in case of web development (UK). The string that doesn"t match the pattern is rejected. An example is the expression ^[A-Za-z0-9]+$ that specifies that the string must be at least one character long and that it can only include upper-case letters, lower-case letters, and the digits 0 through 9 (in any order).

While using regular expressions, symbolize the beginning with ^ and end with $. Otherwise illegal data would be inserted by the attacker into the text. These symbols might vary.

The characters that can cause trouble are:

Characters with values less than 32

Includes character 0, traditionally called NUL.

It is confused with C's NULL pointer

The line ending characters can be interpreted as command endings.

Characters with values higher than 127

Often used for international characters.

Care should be taken while interpreting them, as they have many possible meanings.

They are mostly UTF-8 encoded characters with their own complications.

Metacharacters

These characters have special meanings to programs or libraries.

Characters with special meaning in the program

They are mainly characters used as delimiters. Some programs use commas, tabs, or colons; to separate the data fields in the data files. Those values must be encoded in the data. The most common problem being faced today is the less-than sign (

by: jakson

POST COMMENT

A Tourist's Guide to Altea All You Need To Know About Wedding Invitations – Tips On Choosing The Best Design Starting A Web Business Based Around Niche Marketing Tips for Choosing the Best Freshwater Aquarium Design Income Drawdown Calculators To Help You Work Out Retirement Income Hair Loss Remedies for Women - Female Hair Loss Treatment The franchise for today's economy is not a franchise anymore Wedding Planners Making Weddings A Wonderful Experience 2010 Mens Summer Fashion Facts about pawn wedding ring Tarzana How to Make Money With Article Marketing-5 Article Marketing Tips for Marketing Your Home Business Shopping Bebe Apparels Online In India Avoid Hassle When Sending Parcels During The Festive Period