Computers| Computers |
|
04-17-2006, 03:54 PM
| #1 (permalink) |
| Dope Tech Join Date: Jan 2004
Posts: 3,589
   |  A Modular Approach to Data Validation in Web Applications A Modular Approach to Data Validation in Web Applications by Stephen de Vries on 07/04/06 Data that is not validated or poorly validated is the root cause of a number of serious security vulnerabilities affecting applications. This paper presents a modular approach to performing thorough data validation in modern web applications so that the benefits of modular component based design; extensibility, portability and re-use, can be realised. It starts with an explanation of the vulnerabilities introduced through poor validation and then goes on to discuss the merits of a number of common data validation methodologies. Finally, a modular approach is introduced together with practical examples of how to implement such a scheme in a web application. This follows two main principles: Data should be validated in the data model, where the validation rules have maximum scope for interpreting the context; and Escaping of harmful meta-characters should be performed just before the data is processed, typically in the data access components. Implementing such a modular approach contributes to the application being loosely coupled and ensures that it can safely be extended and components reused, without incurring unnecessary development time to re-implement validation routines.
__________________ Tech IMO.com | ExtremeTech.com | ASP Free.com | SysOpt.com | Tech Support Guy.org DB Forums.com | Cyber Tech Help.com | Lazy Forums.com | Warrior Nation.net 'If you don't stand for somethin you'll fall for anything' - Dr. Dre Been there, done that |
|  |
Linear Mode
