This site is the archived OWASP Foundation Wiki and is no longer accepting Account Requests.
To view the new OWASP Foundation website, please visit https://owasp.org
Difference between revisions of "Don't trust user input"
From OWASP
(→Description) |
|||
| Line 9: | Line 9: | ||
==Description== | ==Description== | ||
| − | |||
| − | |||
| − | |||
| − | |||
A user or client will not always submit data your application will expect. By building robust applications that do not trust user input by default, you ensure the application will be able to handle unexpected data gracefully. Examples of user input include: form data, client information such as user-agent strings, cookies, referer, etc. Anything that is submitted in an HTTP request should be considered user input. | A user or client will not always submit data your application will expect. By building robust applications that do not trust user input by default, you ensure the application will be able to handle unexpected data gracefully. Examples of user input include: form data, client information such as user-agent strings, cookies, referer, etc. Anything that is submitted in an HTTP request should be considered user input. | ||
Revision as of 19:14, 5 September 2008
This is a principle or a set of principles. To view all principles, please see the Principle Category page.
ASDR Table of Contents
Last revision (mm/dd/yy): 09/5/2008
Description
A user or client will not always submit data your application will expect. By building robust applications that do not trust user input by default, you ensure the application will be able to handle unexpected data gracefully. Examples of user input include: form data, client information such as user-agent strings, cookies, referer, etc. Anything that is submitted in an HTTP request should be considered user input.
Examples
Phone number
- A short example description, small picture, or sample code with links
Short example name
- A short example description, small picture, or sample code with links
Related Vulnerabilities
Related Controls
