Validating data from the database or better yet - the road map to validation

Validating data from the database or better yet - the road map to validation

Anthony Miracho Anthony Miracho

Anthony Miracho

Senior Golang Developer (Go & PostgreSQL)

发布日期: 2023年10月18日
+ 关注

The number one rule of programming is do not trust the client(I sound like Dr. Json bull from the "Bull" television show)

Hi everyone today let's embark on system security and how we can't trust anyone even ourselves

Step 1 validating content before sending it to the server

Content validation is as important as anything else in programming but very important when it comes to security.

I use Valibot to parse my content before sending it on its way to the server

by no means am I an expert in javscript so do not judge I am merely making a point!
frontend validation

after the data is parsed and meets the criterion I want it is safe to send to the server

Step 2 validating on the backend?

I am a gopher through and through so the very aspect that Golang is a typed language is very reason I loved it very much.

So after authorisation is done it is time to make sure that the front end wasn't corrupted and validate the data again

Backend validation


Step 3 validating on the database

with that, I think you could add a step on the database schema so as to validate the items on creation but I think I am good- probably not!

besides Golang and its type character is a security on its own.

领英推荐

Either way you can never be too careful so it's safe to add to constraints to the schema.

Step 4 validating items from the server

When my colleague suggested this, I was like are you serious? You are so paranoid that you even don't trust yourself.

come to think of it

It has nothing to do with paranoia and everything to do with your peace of mind, like tests and other security measures are meant to!

With that said, it began to take root in my coding and this are the reasons?

  1. How long does it take, for you to lose track of what you are doing in a model while creating a big system?
  2. Or while working with a team someone is responsible for the backend - how can you be sure that the data they sent you is what you expect?

This may seem fine but how sure are you that the contents of major are not empty?

Although with this, you cannot get items that are not defined on the major interface -- the typescript way, how sure are you that the name will be a string instead of a empty or undefined?

With that said, this is the reason for validating items originating from the backend

validating items originating from server using Valibot

In the screenshot above we have validated the items and now you are sure you are working with the correct data

And that wraps our journey of validation

I wish you lovely day ahead!

要查看或添加评论,请登录

Anthony Miracho的更多文章

社区洞察

其他会员也浏览了