Bipin Sasi
Bipin Sasi Techie, Author of the book Leadership Puzzles You can follow me on X formerly called twitter @BipinSasi No comments

THE MYTH OF USER-SUPPLIED CONTENT



Do not accept baggage or articles from others without checking the contents yourself.
Never agree to allow strangers to check in their baggage with yours or to carry something
by hand for others. –Japan Airlines Safety Notification



With all this talk about identifying an Ajax application’s attack surface and validating the
input, can developers ever trust the input they receive from the user? After all, a major
theme in Web 2.0 is harnessing user-generated content. Flickr, del.icio.us,MySpace,
Facebook,Wikipedia, and others simply provide mechanisms for storing, searching, and
retrieving user-created information. Regardless of whether this data is photos from a trip
to Japan, a list of favorite Web sites, blog entries, or even a list of the members of the
House of Representatives, the data is created, entered, tagged, and filed by users.But who are these users? Who is Decius615 or sk8rGrr1 or foxyengineer? Maybe


Decius615 is a username on your Web site that registered with the email address
tom@memestreams.net.What does that actually mean? Let’s say your registration
process consists of a prospective user first choosing a user name and then supplying an
email address. You then email an account confirmation link to that email address.When
the prospective user clicks that link, they are taken to a confirmation Web page that will
finalize the creation of their desired account. But first, they have to type in a word that
appears in an obstructed picture (a process known a solving a CAPTCHA—a
Completely Automatic Public Turing test to tell Computers and Humans Apart). This
ensures that a human, and not an automated program, is registering the account. Now
the user is created and is part of your online community. The user can now post scandalous
photos of herself and write blog entries about how no one understands her.


Can you trust this user? No. In this example, the barriers of entry to being a fully
trusted member of your Web site is someone who has an email address, who knows how
to click on a hyperlink in an email, and who can read some squiggly letters in an image
with a mosaic background. You cannot trust this user. There are no special exclusions for
certain kinds of users. All input must be validated all of the time. There are absolutely no
exceptions to this rule

5 Strategies for Overcoming Ego: Tips from the Bhagavad Gita

Sal Bipin Sasi
12/31/2022, 4:29:00 AM6 min read

5 Habits of Wealthy Individuals: Tips for Building and Maintaining Financial Success

Sal Bipin Sasi
12/31/2022, 4:20:00 AM6 min read

Embracing a Growth Mindset: The Key to Improved Resilience, Motivation, and Success

Sal Bipin Sasi
12/31/2022, 4:02:00 AM6 min read

Copyright © 2020 BIPIN SASI

Mediumish Blogger Theme by Kang Sunu