今天就开通帐号,24,700 门业界名师课程任您挑!
Input validation
- Sometimes attackers will try to trigger a bug in your code. A common way is to send all kinds of bad data, which hopefully will crush your code. It's very important, both for the correctness of your code and for security that you validate every incoming piece of data before you start processing it. Assume you have a system that processes payments. So, we have the payment structure with the time, the user, who he's paying to, and the amount. And we have the handler code, which creates a new JSON decoder and decodes it into the payment and then start processing. And finally, returns okay. But then an attacker might decide to send the negative value in the amount field, and this will add money to their account, let's fix that. So, I'm going to copy the file from fix to the local directory, and let's see the changes in the code. I've added a method, validate to payment and it checks that the amount is not zero or less…
下载课程离线学习
下载课程到移动设备,轻松离线学习。在领英学习 iOS 或安卓版 APP 下载课程