current community

your communities

more stack exchange communities

Stack Exchange
tour help

Tagged Questions

3
votes
4answers
92 views

Can I save & store a user's submission in a way that proves that the data has not been altered, and that the timestamp is accurate?

There are many situations where the validity of the timestamp attached to a certain post (submission of information) might be invaluable for the post owner's legal usage. I'm not looking for a service ...
4
votes
3answers
189 views

Name for sanitizing at the right time?

Recently we had an issue on our site where someone attempted SQL injection via a cookie (we'll call it lastID). NOC was in a frenzy and angry about how the cookie as an attack vector could be ...
0
votes
2answers
199 views

What is the logic behind filtering/sanitizing input?

I have always found it more logic to validate input instead of filtering it. How to appropriately filter data depends on the situation, so IMO it should be done in output or when saving to a database. ...
2
votes
3answers
412 views

Validating allowed characters or validating disallowed characters

I've always validated my user input based on a list of valid/allowed characters, rather than a list of invalid/disallowed characters (or simply no validation). It's just a habit I picked up, probably ...
4
votes
2answers
107 views

Would it be hard to screen form submissions (e.g., comments) for non-words/non-sentences?

I've been thinking a lot lately about the need for better form security, and good ways to accomplish that. We currently use captcha codes to screen for bots, but that's annoying to users and may not ...
18
votes
5answers
3k views

Data input validation - Where? How much? [closed]

Data input validation always was quite an internal struggle to me. On the verge of adding a real security framework and code to our legacy application rewrite project (which so far pretty much keeps ...
19
votes
9answers
2k views

Is an 'if password == XXXXXXX' enough for minimum security?

If I create a login for an app that has middle to low security risk (in other words, its not a banking app or anything), is it acceptable for me to verify a password entered by the user by just saying ...