Re: Input validation

On Thu, 2003-06-19 at 10:38, Kooper, Larry wrote:
> I am a newbie to this list - apologies if this question is often asked. (I

I personally like #3. Sometimes proper sanity checking can be difficult to implement in some cases... but maybe less difficult as an alternative to massaging data back into conformity as suggest by #1. I personally find the hardest part not the code itself, but remembering to do the sanity checking on all input and not becoming lazy in the process.

The 3 main things I do when sanity checking input that keeps things safe are...

Character-Set Check, Length Check, and Escape all input. Making sure I only get the characters I expect, in the max/min length I expect it, and always escape all data. Anything else, I kick an error, and never echo user supplied input.

About the # and - characters, escaping should solve the problem or simply just allowing a few more characters in your set. Just watch those meta characters.

for your apt. question, my regex skills on display: /^([\d#\-]{1,5})$/

regards,

Do you need help?

In addition to our free technical library, Pantek provides professional IT services to companies who utilize Open Source software: Learn more about Pantek's Technical Support offerings Place an order for 24/7/365 Technical Support here Learn more about Pantek, who we are, and what we do Chat with a Live Operator Related securityfocus.com Links bugtraq certification focus-bsd focus-ids focus-ih focus-linux focus-ms focus-sun focus-unix-other focus-virus forensics incidents libnet linux-secnews ms-secnews pen-test secpapers secprog sectools secureshell security-basics securityjobs sf-news vuln-dev webappsec Request more information about Pantek

Jer- Received on Thu Jun 19 22:45:39 2003