The new platform could also make it harder for someone to pass bogus data by: * Always removing 0-bytes from input (input is typically URLs and their parameters, POSTed data and HTTP headers (including cookies)). * Force input fetching through some validation function, eg: request.form.getInteger("foo", 0, 100) to have an integer between 0 and 100, rather than request.form.get("foo") and then do proper error handling automatically (abort and log if the parameter was not supposed to be tampered with, redisplay form with an error message if data was supposed to be typed in by a user). * Automatically providing tamper control (eg. message digests) to data that are not supposed to be tampered with. * Automatically checking the length of input where possible. To make everything even more automatic, the system could start with a high level definition of all objects (and possibly all web pages). Given this definition (these definitions), one could automatically generate database tables, type checking code, length cheching code, form input fields and so on. I'm not sure how to do all this, but I'm sure someone will be able to do it. Sverre. -- shhat_private Computer Geek? Try my Nerd Quiz http://shh.thathost.com/ http://nerdquiz.thathost.com/
This archive was generated by hypermail 2b30 : Mon Oct 14 2002 - 10:28:22 PDT