Need information on the flaws of web programming.

[Umberto-Micro]

Sponsored Links

Web site programming, there is a rule may be we need to keep in mind, it is for the user and the user's input, have to be skeptical, cannot be completely trusted. Therefore, the user's input, not simply the direct use, but must undergo a rigorous verification to determine whether the user's input before they can enter the rules of reality, the database entry. So I need to know the flaws or in other words what are the things should be taken care of while doing the input validation.

[Techguru01]

This point we might have less attention, because we tend to believe that ordinary users will not knowingly enter the over-stretched a little trouble, some users may, however, at this point may not be harmful. In fact, as long as we carefully consider, if not for input validation and may harm will be enormous, and why? If the user enters the information to a few megabytes, and we verify that the length of the procedure there is no, then think about the harm there: a, program verification errors; b, variable up large amounts of memory, the memory overflow occurs, to enable the server service stops and even shutdown.

[johnson22]

Check for the case sensitive information.
This is usually in the design process when we are likely to have attention, the main concern is the sensitivity of some javascript characters, such as message boards in the design of the time, we will, "" "and other symbols of the information removed, to prevent users from leaving pages bomb. However, whether these would have been enough? Still far from enough. We still have a lot of did not notice, the following aspects need special attention.

[Jackson2]

Email the information we tend to only verify whether it contains "@" symbol, others with no restrictions, easy to form two flaws: First, input is too long of memory overflow; two characters such as those containing JavaScrript information, resulting in the formation of display when the user Email Page bombs.

[Techno01]

Search for information have to do validation? Of course, to verify! While searching for information will not be directly saved to the Web server, but the search information database or the server does all the documents closely related to the search for information if there is a problem could easily have been exposed to some of the database should not be exposed to information or file information.

[Trio]

In many cases, we may not realize that a number of loopholes, and this time, is not that we do not pay attention to safety issues, but our lack of experience. Such a situation, we need to learn more about some of the network the attacker's offense as a way to modify the program, strengthening the network, the program security. We already know some of the loopholes in this situation is generated. In some account password verification, there is the existence of universal password is thus created.