Secure Coding Technigues - Validating User Input

David Wheeler (from Unix Secure programming HOWTO fame) published a secure programming article this week on validating input.

My presentation I give to the local universities on secure coding techniques is pretty much what David is talking about here. You can not trust data moving between untrusted boundaries such as the user input and trusted boundaries in your code. You must validate all user input.

More to the point, you should consider all input suspicious until proven otherwise. This means you don't validate and check for WRONG data, you only accept data that is formatted correctly. Everything else is denied!

Anyway you look at it, it is always good to remember this technique. David does that well in this article.

Happy reading.