Skip to content

Commit

Permalink
Fix typo s/untrustable/untrusted/
Browse files Browse the repository at this point in the history
Signed-off-by: David A. Wheeler <[email protected]>
  • Loading branch information
david-a-wheeler committed Apr 10, 2024
1 parent 97fa90a commit d2b78a3
Showing 1 changed file with 1 addition and 1 deletion.
2 changes: 1 addition & 1 deletion secure_software_development_fundamentals.md
Original file line number Diff line number Diff line change
Expand Up @@ -1379,7 +1379,7 @@ Learning objectives:

### Input Validation Basics Introduction

Some inputs are from untrustable users, and those inputs (at least) must be validated before being used. If you prevent invalid data from getting into your program, it will be much harder for attackers to exploit your software. Input validation can also prevent many bugs and make your program simpler. After all, if your program can immediately reject some malformed data, you don’t have to write the code to deal with those special cases later. That saves time, and such special-case code is more likely to have subtle errors.
Some inputs are from untrusted users, and those inputs (at least) must be validated before being used. If you prevent invalid data from getting into your program, it will be much harder for attackers to exploit your software. Input validation can also prevent many bugs and make your program simpler. After all, if your program can immediately reject some malformed data, you don’t have to write the code to deal with those special cases later. That saves time, and such special-case code is more likely to have subtle errors.

It can also be a good idea to check inputs from trusted users. Even trusted users make mistakes, and immediately catching those mistakes can make the system more reliable. There is debate on how much validation should be done on the inputs from trusted users. On one hand, trusted users can clearly make mistakes, and validation can prevent costly mistakes. On the other hand, if too much time is spent on validating inputs from trusted users, perhaps other more-important tasks will be skipped, and sometimes trusted users need to be able to do unusual things to respond to unexpected events. Where it is not too time-consuming, it is probably best to do at least some input validation on inputs from trusted users too. For the purpose of this course, we will focus on validating input from untrusted users. Just remember that the same techniques can also be applied to trusted inputs.

Expand Down

0 comments on commit d2b78a3

Please sign in to comment.