Monday, June 16, 2008

NO! BAD! STOP!


NO, performance systems international; we do NOT sanitize our input in java!
That is how we get our boxes hacked!

Java is on a different layer than the traffic transmission. Setting a java script to limit input of a record search number from 1-100 will do nothing when someone modifies the HTML POST on its way out, and changes 50 to 1000000, instantly tying up your database with a single request. Or perhaps you are trying to remove special characters? Can you say; SQL INJECTION?

We sanitize our input on the BACK END...
Say it with me; BAAAAACCCKKKK EEEENNNNDDD

You know how you defeat back end limits?
If you code it right; you can't.

NETWORK SECURITY IS EVERYONE'S RESPONSIBILITY.

YES, EVEN LAZY CODERS.

No comments: