User Input Sanitation #9
Comments
|
How am I supposed to "sanitize" queries? |
|
Nah sanitizing queries is a backend thing, but for the front end, stuff like limiting username and password lengths, not allowing racial slurs, etc @Susorodni |
|
I'd sanitize queries to prevent SQL injection from occuring. |
|
@Susorodni it'd be great if you made sure that only alphanumeric characters were allowed to be sent by the frontend. Maybe that and all these special characters: This would prevent a lot of easily preventable attacks. Also filtering out words like admin, root, etc. Most noobie hackers or people trying to pretend to be an admin would be stopped by that. I would do the same filtering on the backend, to prevent people manually sending requests (like with Insomnia). Like as an example, for the register form, only allow a certain set of characters, to prevent SQL injection. |
This will be an ongoing issue, but it should be out here as a reminder. Both the front and backend need to validate and sanitize user Input, whether that means making sure emails look valid, passwords are above 8 characters, slurs aren't aloud in usernames, SQL queries are sanitized, etc.
The text was updated successfully, but these errors were encountered: