When do you trust the data / variables

Posted by Wizzard on Stack Overflow See other posts from Stack Overflow or by Wizzard
Published on 2010-05-22T01:27:08Z Indexed on 2010/05/22 1:30 UTC
Read the original article Hit count: 287

Filed under:

validation

|

security

|

design

We all know that all user data, GET/POST/Cookie etc etc needs to be validated for security.

But when do you stop, once it's converted into a local variable?

eg

if (isValidxxx($_GET['foo']) == false) {
  throw InvalidArgumentException('Please enter a valid foo!');
}

$foo = $_GET['foo'];
fooProcessor($foo);

function fooProcessor($foo) {
  if (isValidxxx($foo) == false) {
    throw Invalid......
  }
//other stuff
}

To me thats over the top. But what if you load the value from the database...

I hope I make sense :)

© Stack Overflow or respective owner

Related posts about validation

How can I use Windows Workflow for validation of a Silverlight application?

as seen on Programmers - Search for 'Programmers'
I want to use Windows Workflow to provide a validation service. The validation that will be provided may have multiple tiers with chaining and redirecting to other stages of validation. The application that will generate the data for validation is a Silverlight app. I imagine the validation will… >>> More
HTML5 Form Validation

as seen on Stephen Walter - Search for 'Stephen Walter'
The latest versions of Google Chrome (16+), Mozilla Firefox (8+), and Internet Explorer (10+) all support HTML5 client-side validation. It is time to take HTML5 validation seriously. The purpose of the blog post is to describe how you can take advantage of HTML5 client-side validation regardless of… >>> More
HTML5 Form Validation

as seen on Stephen Walter - Search for 'Stephen Walter'
The latest versions of Google Chrome (16+), Mozilla Firefox (8+), and Internet Explorer (10+) all support HTML5 client-side validation. It is time to take HTML5 validation seriously. The purpose of the blog post is to describe how you can take advantage of HTML5 client-side validation regardless of… >>> More
Introducing Data Annotations Extensions

as seen on ASP.net Weblogs - Search for 'ASP.net Weblogs'
Validation of user input is integral to building a modern web application, and ASP.NET MVC offers us a way to enforce business rules on both the client and server using Model Validation. The recent release of ASP.NET MVC 3 has improved these offerings on the client side by introducing an unobtrusive… >>> More
jQuery validation per multiple fieldsets, how to use different event to trigger validation per secti

as seen on Stack Overflow - Search for 'Stack Overflow'
Hi All! I have a really, really long form (about 300 fields) that I broke down into different sections using this slick jQuery plugin Form Wizard. If you group your form into different fieldsets, the FormWizard will automagically display one section at a time, with a Next hyperlink to take you to… >>> More

Related posts about security

sudo apt-get update errors

as seen on Ask Ubuntu - Search for 'Ask Ubuntu'
Here is what I get on my terminal when running sudo apt-get update errors. I dont know if the issue is from my sources.list or my proxy setup(have not made any changes to proxies). Thank you for any help in advanced. Ign http://security.ubuntu.com oneiric-security Release.gpg Ign http://security… >>> More
The Security-Developer Gap: Why IT Security Can't Fix Your Security Problems Alone

as seen on Devx - Search for 'Devx'
Two well-known white hats explain how hackers take advantage of security holes left by enterprise application developers. >>> More
The Security-Developer Gap: Why IT Security Can't Fix Your Security Problems Alone

as seen on Internet.com - Search for 'Internet.com'
Two well-known white hats explain how hackers take advantage of security holes left by enterprise application developers. >>> More
StackOverFlowError while creating Mac object on AS400/Java

as seen on Stack Overflow - Search for 'Stack Overflow'
Hello all, I am a newbie to AS400-Java programming. I am trying to create my first program to test the implementation of Message Authentication Code (MAC). I am trying to use the HMACSHA1 hash function. My (Java 1.4) program runs fine on a dev box (V5R4).But fails terribly on the QA box (V5R3). My… >>> More
Google App Engine - Spring Security Issue (java.security.AccessControlException)

as seen on Stack Overflow - Search for 'Stack Overflow'
I'm currently getting the AccessControlException below when I deploy to app engine (I don't see it when I run in my local environment). I'm using GAE 1.3.1, Spring 3.0.1, and Spring Security 3.0.2. Any ideas how to get around this issue? It appears to be an issue with Spring Security trying to get… >>> More