DEV Community

Tanya Janca
Tanya Janca

Posted on • Updated on

Pushing Left, Like a Boss — Part 5.10 — Untrusted Data

This series, and my blog, have moved! Check it out!


Trust data from…. No one. Not the database, not APIs, not even your mom.

Sydney, Australia, at #MSIginiteTheTour — I’m the tiny dot at the front

Me at #MicrosoftIgniteTheTour in Sydney, Australia. I'm the tiny dot.

Any data sent to your application needs to be treated as untrusted, and thus validated before it is used or saved. When I say this, I mean ALL DATA. Whoever saved the data to that database may have made an error while validating that input. The API you are calling may have been compromised. Even a highly intelligent user, such as my mother (degrees in both chemistry and mathematics, an accounting designation, and several certifications, including adult education - She's very bright.), could make a simple error when using an application, such as entering a single quote instead of a double quote, which could potentially send your application into an error state, causing a crash or worse.


Read the rest on my NEW blog!!


Discussion (0)