Trust Management

• Trust is transitive
• Do not trust other programs you invoke (e.g. editor from a restricted shell)
• Do not trust input you do not control (e.g. hidden web fields)
• Do not trust code you do not control (e.g. Javascript validation)
• Be careful with metacharacters and interpreted languages (Perl, SQL, sh, PHP, ASP)

• PreviousApplying Cryptography
• Contents
• NextUntrusted Input

 Last change: Friday, July 4, 2003 2:51 pm
 Unless otherwise expressly stated, all original material on this page created by Diomidis Spinellis is licensed under a Creative Commons Attribution-Share Alike 3.0 Greece License.