This series, and my blog, have moved! Check it out!
Trust data from…. No one. Not the database, not APIs, not even your mom.
Me at #MicrosoftIgniteTheTour in Sydney, Australia. I'm the tiny dot.
Any data sent to your application needs to be treated as untrusted, and thus validated before it is used or saved. When I say this, I mean ALL DATA. Whoever saved the data to that database may have made an error while validating that input. The API you are calling may have been compromised. Even a highly intelligent user, such as my mother (degrees in both chemistry and mathematics, an accounting designation, and several certifications, including adult education - She's very bright.), could make a simple error when using an application, such as entering a single quote instead of a double quote, which could potentially send your application into an error state, causing a crash or worse.
Top comments (0)