![]() Note: We can not trust any input that we can not control as its contents are unknown and might exploit a vulnerability in our software. Usually at schools and at universities when one starts to write programs, that person learns how to receive input, while teachers usually say to that person “assume that the data you receive is valid”. When developing a program, it is likely that it will interact with the user in some way, even if that means only reading files in the system and presenting the data. You may also be interested in The Power of 10 for concise advise. Please remember that this document is about educating for better coding, not a guide for hacking and cracking programs. In fact, it's only a brief overview of how we need to see our code and program, and how to avoid many common problems our there. Please note that the document is only a start to teach how to write better and somewhat more secure code, but it does not attempt to be a complete guide on how to do so. ![]() The page uses very simple examples to show that many problems can be taken advantage of in order to create a security attack on a computer, a program or on an entire system. This wiki page is an attempt to teach a different approach in how to create software. 6.3.2 Restricting input by SQL query parameters. ![]()
0 Comments
Leave a Reply. |
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |