Safest way to sanitize input

Safest way to sanitize input By Chad Perrin, Special to ZDNet Asia Tuesday, December 16, 2008 12:43 PM   Sanitizing user input is a critical part of software development, but code can be made more secure by avoiding having to sanitize input altogether. Recently, I finished some work on a small development project for a new client. Thanks to that, I found myself in a frame of mind that gave me the urge to write more code and turned that to good use by finally getting to work on the long neglected task of writing a new contact page back end for my professional Web site. I had a contact page there, of course, but it was essentially an ugly hack of a contact page back end I had written in PHP for a completely different Web site a few years ago. Worse, it bore no resemblance to the rest of the site, and I had not bothered to give it a navigation element (i.e., what users tend to call a "menu"). The back end for this contact page would be written in Ruby, of course. I wrote out a rather pretty script, if I do say so myself, that made use of the TMail library, a tool that abstracts away a lot of the behind-the-scenes drudgery of specifying e-mail headers and content and preparing it for transmission using SMTP (Simple Mail Transfer Protocol). I wrote it such that it would work equally well from the browser and the command line. Then, I tested it. Read more » Recent IT Security TechGuides   Simple hardware approaches to secure laptops Find out some ways to quickly and easily enhance the security of employees' personal laptops with a limited budget. Tuesday, December 09, 2008 11:45 AM Find more stories in::  Security, Hardware DNS resource records still open to malicious redirection Attacks against DNS cache integrity are an easy way for criminals to redirect your unsuspecting users to malicious sites. Learn more about how DNS works and what exactly DNS cache poisoning is. Tuesday, December 02, 2008 03:18 PM Find more stories in::  LANs and WANs, Network security, Domain names Prevent employees from 'going rogue' There is often a personal crisis trigger that causes an already borderline employee to cross the border. Would intervention prevent information compromise or system loss? Tuesday, November 25, 2008 03:05 PM Find more stories in::  Communication skills, Personnel management, Security Management, Security implementation/standards, Data security

Kicking the tires with Perfmon in Server 2008 Tips and tricks for the command line Create a complex type using XML schema inheritance Use custom field headers to create more professional Access reports Run code automatically when SQL Server starts Whitepapers / Case Studies Understanding Windows Mobile Security 5 Keys to a Successful Identity and Access Management Implementation BT Saves More Than ?15 million and improves customer services with Identity & Access Management IDENTITY AND ACCESS MANAGEMENTIDENTITY AND ACCESS MANAGEMENT SOCIAL NETWORKING: THE PROS, THE CONS AND THE SOLUTION Related IT Security News Banks drop, tech firms rise in privacy trust rankings Taking the classical approach to security Microsoft: Hole exploit endangers all IE versions Jobless techies turning to crime Symantec, VMware team up for disaster recovery Blog Central Reducing value leakage: back to basics Negotiating a good contract, managing volume reductions and managing service reductions are all important steps in terms of sourcing, especially...Read more » Sourcing Insight - Sunday, December 14 2008 05:49 PM Why Starbucks still brews in Vienna I'm chilling out in wintry Vienna this week, home to Wolfgang Amadeus Mozart and where boutique cafés can be found...Read more » By The Way - Friday, December 12 2008 06:35 AM