Chapter 25. Security
Complexity kills. It sucks the life out of developers, it makes products difficult to plan, build and test, it introduces security challenges, and it causes end-user and administrator frustration.
Ray Ozzie
25.0 Introduction
Senior developers must possess the ability to not just create clean and maintainable code, but also construct robust solutions that take into account various software quality attributes, such as performance, resource usage, and security. It is imperative for you to adopt a security-oriented approach while writing code, as you serve as the initial line of defense against potential security vulnerabilities.
25.1 Sanitizing Inputs
Problem
You have code that doesn’t sanitize user inputs.
Solution
Sanitize everything that comes from outside your control.
Discussion
Input Sanitization
Input sanitization involves validating and cleaning user input to ensure that it is safe and conforms to expected formats before you process it. This is important to prevent various security vulnerabilities such as SQL injection, cross-site scripting (XSS), and other attacks that can be executed by malicious users.
Bad actors are always present. You need to be very careful with their input, and you should use sanitization and input filtering techniques. Whenever you get an input from an external resource, you should validate it and check for potentially harmful inputs. SQL injection is a notable example of a threat. You can also add assertions and invariants ...
Get Clean Code Cookbook now with the O’Reilly learning platform.
O’Reilly members experience books, live events, courses curated by job role, and more from O’Reilly and nearly 200 top publishers.
