Validating Input For A Secure Program
In web development, the first thing to be done is to check every piece of data received
. A software process must always make sure that the input is in the expected form. Avoiding the entry of any malicious data will ensure a high data quality level. This article frames the techniques of validating an input to secure programs.
Validating the Input
Check every data received.
Avoid unsecure data"s to protect the program from attacks.
Checking to be done at the beginning as well as later while using data.
Checking Incorrect Input
Checking for illegal data values are the biggest mistakes, as attackers might use another data value.
Data must match the definition, otherwise reject it.
Match the input to a certain pattern; reject the inputs that do not follow that pattern.
Avoid dangerous values.
Expected data for the web development (UK) process are discussed below:
Numbers:
Here, the data is in number format. Digits can be checked using the regular expression ^[0-9]+$). In most cases there will be a minimum as well as a maximum value, to check whether the number is inside its legal range.
In web development (UK), the lack of minus sign doesn"t mean that there are no negative numbers. The presence of excessively large number in many number-reading routines will result in the rolling over of the value into a negative number. Developers" neglecting this enables attackers to overwrite critically important data.
In the case of floating point number, the normal checking routines, allow values such as "NaN" (not a number). This creates confusion later, as NaN is not equal to NaN!.
Strings:
Regular expressions are the tools that describe legal string values in case of web development (UK). The string that doesn"t match the pattern is rejected. An example is the expression ^[A-Za-z0-9]+$ that specifies that the string must be at least one character long and that it can only include upper-case letters, lower-case letters, and the digits 0 through 9 (in any order).
While using regular expressions, symbolize the beginning with ^ and end with $. Otherwise illegal data would be inserted by the attacker into the text. These symbols might vary.
The characters that can cause trouble are:
Characters with values less than 32
Includes character 0, traditionally called NUL.
It is confused with C's NULL pointer
The line ending characters can be interpreted as command endings.
Characters with values higher than 127
Often used for international characters.
Care should be taken while interpreting them, as they have many possible meanings.
They are mostly UTF-8 encoded characters with their own complications.
Metacharacters
These characters have special meanings to programs or libraries.
Characters with special meaning in the program
They are mainly characters used as delimiters. Some programs use commas, tabs, or colons; to separate the data fields in the data files. Those values must be encoded in the data. The most common problem being faced today is the less-than sign (
by: jakson
Abuse: Five Signs That You Are Dating An Abusive Man What If You Are Not Really Over Your Former Girlfriend? How To Make A Dating Profile To Date With People My Boyfriend Left - Why Men Leave A Relationship Your Ex Girlfriend - Should You Try To Get Over Her Or What? How Do I Patch Things Up With My Ex Girlfriend? Some Advice On What You Can Do Is Your Ex Girlfriend Giving You The Silent Treatment? This Is What You Need To Do 6 Questions You Should Ask Your Girlfriend Dating Tips - Making A Excellent First Impression Senior Dating Tips: The 4 Steps To Detoxify Your Dating Life Web Dating For Men: Ways To Improve Your Chances Of Success Single Parent Dating: Are You Uncertain About Your Relationship? Hints To Make Dating A Good Time
