The Issue

Previous page
Table of content
Next page

The Issue

The real issue with trusting input is this: many applications today distribute functionality between client and server machines or between peers, and many developers rely on the client portion of the application to provide specific behavior. However, the client software, once deployed, is no longer under the control of the developer, nor the server administrators, so there is no guarantee that requests made by the client came from a valid client. Instead, those requests may have been forged. Hence, the server can never trust the client request. The critical issue is trust and, more accurately, attributing too much trust to data provided by an untrusted entity. The same concept applies to the client. Does the client code really trust the data from the server, or is the server a rogue server? A good example of client-side attacks is cross-site scripting, discussed in detail in Chapter 13, Web-Specific Input Issues.


Previous page
Table of content
Next page
Writing Secure Code
Writing Secure Code, Second Edition
ISBN: 0735617228
EAN: 2147483647
Year: 2001
Pages: 286
Authors: Michael Howard, David LeBlanc
BUY ON AMAZON
Database Modeling with MicrosoftВ® Visio for Enterprise Architects (The Morgan Kaufmann Series in Data Management Systems)
Inside Network Security Assessment: Guarding Your IT Infrastructure
Metrics and Models in Software Quality Engineering (2nd Edition)
Professional Java Native Interfaces with SWT/JFace (Programmer to Programmer)
C++ How to Program (5th Edition)
Mapping Hacks: Tips & Tools for Electronic Cartography
flylib.com © 2008-2017.
If you may any questions please contact us: flylib@qtcs.net
Privacy policy