The new platform could also make it harder for someone to pass bogus
data by:
* Always removing 0-bytes from input (input is typically URLs and
their parameters, POSTed data and HTTP headers (including
cookies)).
* Force input fetching through some validation function, eg:
request.form.getInteger("foo", 0, 100)
to have an integer between 0 and 100, rather than
request.form.get("foo")
and then do proper error handling automatically (abort and log if
the parameter was not supposed to be tampered with, redisplay form
with an error message if data was supposed to be typed in by a user).
* Automatically providing tamper control (eg. message digests) to
data that are not supposed to be tampered with.
* Automatically checking the length of input where possible.
To make everything even more automatic, the system could start with a
high level definition of all objects (and possibly all web pages).
Given this definition (these definitions), one could automatically
generate database tables, type checking code, length cheching code,
form input fields and so on.
I'm not sure how to do all this, but I'm sure someone will be able to
do it.
Sverre.
--
shhat_private Computer Geek? Try my Nerd Quiz
http://shh.thathost.com/ http://nerdquiz.thathost.com/
This archive was generated by hypermail 2b30 : Mon Oct 14 2002 - 10:28:22 PDT