Differences
This shows you the differences between two versions of the page.
|
dev_standards:security [2010/01/02 17:32] Linegod created |
dev_standards:security [2019/10/29 15:16] (current) |
||
|---|---|---|---|
| Line 1: | Line 1: | ||
| - | ===== Security ===== | + | ====== Security ====== |
| - | ==== General Validation ==== | + | ===== General Validation ===== |
| Never trust input regardless of where it is coming from! The responsibility falls on the library functions to ensure that potentially dangerous input does not introduce a security hole. Some sort of sanitation, validation, or quoting must be provided for **all** arguments in a function. This ensures that bad data does not make its way into an SQL string, a filename, an executable, or even another function. | Never trust input regardless of where it is coming from! The responsibility falls on the library functions to ensure that potentially dangerous input does not introduce a security hole. Some sort of sanitation, validation, or quoting must be provided for **all** arguments in a function. This ensures that bad data does not make its way into an SQL string, a filename, an executable, or even another function. | ||
