James,

That is what good input validation is all about - sanitizing and/or
validating input. However, even with the best of intentions, input
validation can be weakened due to a variety of reasons:

*Client-side validation via Javascript is easily defeated unless
double-checked on the server
*Some input is hard to validate - and address field is likely to contain
large numbers of most any character data - hard to validate and thus a good
candidate for SQL injection for example
*Developers can sometimes get lazy since validation is a fairly laborious
task. (ASP.NET has done much to improve this)

Chip

----- Original Message -----
From: "James Fleming" <jamesfleming94588yahoo.com>
To: <webappsecsecurityfocus.com>
Sent: Friday, January 11, 2002 3:41 PM
Subject: Preventing Buffer Overflows in Web Apps

> I had an idea. If my input filter doesn't accept any
> binary data on input (ie i check the object type and
> only allow String, Int etc....how can anyone pass a
> overflow payload to the application ?
>
> __________________________________________________
> Do You Yahoo!?
> Send FREE video emails in Yahoo! Mail!
> http://promo.yahoo.com/videomail/
>

• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]