NO, performance systems international; we do NOT sanitize our input in java!
That is how we get our boxes hacked!
Java is on a different layer than the traffic transmission. Setting a java script to limit input of a record search number from 1-100 will do nothing when someone modifies the HTML POST on its way out, and changes 50 to 1000000, instantly tying up your database with a single request. Or perhaps you are trying to remove special characters? Can you say; SQL INJECTION?
We sanitize our input on the BACK END...
Say it with me; BAAAAACCCKKKK EEEENNNNDDD
You know how you defeat back end limits?
If you code it right; you can't.
NETWORK SECURITY IS EVERYONE'S RESPONSIBILITY.
YES, EVEN LAZY CODERS.
No comments:
Post a Comment