DEV Community 👩‍💻👨‍💻

Cover image for Trust No One - Be Warned!
Volker Schukai
Volker Schukai

Posted on • Updated on

Trust No One - Be Warned!

The Log4j debacle has once again brought into focus an old mantra of web development:

Trust no one!

As a developer, you are responsible for the data you retrieve from various sources. Especially for data that comes from a context you can't control.

Then, first of all, for data coming through the Web API, but also for data coming from a database or data coming from the file system.

But if the data .... NO!
But the operating system has validated the data ... NO!
But my users are sweet ... NO!

All data must be validated and it must be ensured that these inputs are not malicious.

And when we talk about data, we mean all kinds of data. That includes metadata like the headers as well as environment variables of the operating system.

You also never know what will happen to the data later (see Log4j).

Anyone who continues to use unverified data is on a path to hell.

Therefore: Validate your data!

You can't trust anyone. You are the developer and you are responsible!

References

Top comments (0)

Here is a post you might want to check out:

Regex for lazy developers

regex for lazy devs

Sorry for the callout 😆