课程: Programming Foundations: Web Security

今天就学习课程吧!

今天就开通帐号,24,600 门业界名师课程任您挑!

Label variables

Label variables

课程: Programming Foundations: Web Security

开始一个月试用 购买团队方案

Label variables

- It's important to keep track of which data has been sanitized and which has not. We can use variable names to label which data is potentially dangerous and which data is safe to use. Before sanitization, we can use names such as dirty, raw, or unsafe. After sanitization, we can use names such as clean, sanitized, or safe. Let me show you an example using PHP. An email address is received from a web forum and assigned to the variable, raw_email. The prefix raw makes it obvious that it's not been sanitized. After the value passes through a sanitized function, it's assigned to a new variable, safe_email. The prefix safe makes it clear it has been sanitized. Of course, it can also be done as a one step process without using the variable raw_email, but still, the variable name indicates that it has been sanitized. Here's another example, using Ruby on Rails. An empty hash is assigned to the variable, dirty_params, which…

内容