Chapter 7: Validating Input

Previous page
Table of content
Next page


Overview

Key concepts in this chapter are:

  • Identifying various forms of input

  • Using Windows Forms input-validation features

  • Using ASP.NET validation controls

  • Using regular expressions and Parse commands to validate data

As long as there have been computers, there has been computer input in one form or another. A bank of switches, for example, was used to provide input into the MITS Altair 8800 (the first personal computer) to perform simple computer tasks; the output displayed as a series of blinking lights.

Input has evolved along with the methods of providing input. Today you can use a variety of means to enter data into your computer, including keyboard, mouse, pen, voice, bar-code scanner, or brake-pedal pressure (as input to your car’s ABS braking system)—not to mention nonhuman sources of input such as GPS data input received from a satellite or weather data received from a weather station.

There has always been a need for validating input. As learned with early punch-card input systems, if the programmer made a single mispunch in his punch-card, the program would crash or behave erratically. “Garbage in, garbage out,” as the old saying goes. To fix the problem, the programmer would need to meticulously analyze every punch in every punch card to ensure that all the cards were punched correctly.

These days, you can use a sophisticated debugger provided with Microsoft Visual Basic .NET to help track down garbage input and prevent your application from crashing or behaving erratically. Although there has been rapid advancement in debugging tools used to track down code that doesn’t properly deal with bad input, the need for validating input—writing code that checks input from all sources and prevents the input from doing damage—has grown exponentially. In early personal computers that were confined to a single operator who was the sole recipient of the output, the primary concern was to ensure that the input was correct. In today’s interconnected computing environment, you not only need to verify the input is correct, but also verify the input (received from all sources) is not harmful. In particular, you need to protect your application from all input-related attacks, such as the following:

  • Denial of Service (DoS), SQL-injection, and cross-site scripting attacks as presented in Chapter 6.

  • Information discovery attacks that involve uncovering sensitive information either about the system itself or the data it’s meant to protect. For example, the user might be able to pass in input that leads to an error message that gives away details of the system, such as file names, the directory structure, or the database layout. See Chapter 8 for more information on creating error messages that don’t reveal sensitive information.


Previous page
Table of content
Next page
Security for Microsoft Visual Basic .NET
Security for Microsoft Visual Basic .NET
ISBN: 735619190
EAN: N/A
Year: 2003
Pages: 168
BUY ON AMAZON
Snort Cookbook
Introduction to 80x86 Assembly Language and Computer Architecture
Making Sense of Change Management: A Complete Guide to the Models, Tools and Techniques of Organizational Change
Service-Oriented Architecture (SOA): Concepts, Technology, and Design
Lean Six Sigma for Service : How to Use Lean Speed and Six Sigma Quality to Improve Services and Transactions
DNS & BIND Cookbook
flylib.com © 2008-2017.
If you may any questions please contact us: flylib@qtcs.net
Privacy policy