[H-GEN] Server-side Aggregator
Greg Black
gjb at gbch.net
Thu Feb 23 22:12:26 EST 2006
On 2006-02-24, Michael Anthon wrote:
> Any programmer that uses data supplied from untrusted sources without
> performing some sort of validation/cleansing/escaping IN ANY LANGUAGE should
> be taken out the back and shown the error of their ways.
This is true, but "untrusted sources" might need to be explained
for the benefit of the non-programmers in the audience.
In this context, an untrusted source is not just somebody who
might be malicious; it includes any human interacting with the
software -- real users make mistakes, either through typos or
through failure to understand what we expect of them and those
mistakes can create real problems. It also includes any data
that was not generated inside our own code. Although there can
be circumstances where we might know enough about the incoming
data to be able to use it safely, we still need to verify its
integrity and to show why it can be used safely.
Getting things right in software is a difficult problem and
failure to take the time to perform all the laborious checks
that really are needed is one of the basic sources of much of
the serious bugs in so much current software. By the time the
programmers have finally managed to develop some of the required
functionality, issues like data validation in the all the places
it might be needed just seems like it's too hard.
Good programmers ignore the demands of their managers to just
get it finished today and do their design and implementation
with care, incorporating the checks at the outset. (They also
sometimes find themselves looking for another job.)
Cheers, Greg
More information about the General
mailing list