don't trust your users

Report

Post on 28-Nov-2014

1.794 Views

Category:

Technology

2 Downloads

Preview:

Click to see full reader

DESCRIPTION

 

TRANSCRIPT

Don’t Trust Your Users

Chris Tankersley@dragonmantank

chris@ctankersley.com

Who are you and why are you in my house?

• Chris Tankersley• Doing PHP for 10 Years• Lots of projects no one uses, and a few that some do• TL;DR https://github.com/dragonmantank

NWO-PUG 2September 20, 2011

Everyone Loves a Story

http://northweststate.edu/about-nscc/

Programming Is Just Acronyms• DRY – Don’t Repeat Yourself• KISS – Keep It Simple Stupid• IPO – Input, Process, Output

GIGO – Garbage In, Garbage Out

Users Are a Nice Big Family

Some People Want To Watch The World Burn

We Love Contact Forms

Client Side Validation

HTML 5 Validation

Browsers Suck

http://caniuse.com/#search=required

Server Side Is Necessary

http://www.flickr.com/photos/pargon/2444943158/sizes/l/

PHP’s Filter Module

Some Background• Enabled by default since 5.2.0• Provides both Validation and Sanitization• Very easy to use to work with data• Exposed via the 7 basic functions

Filtering Is Easy And Fun

Basic Filtering Out Of The Box

We Can Clean Up Data As Well

What Sanitizers are Available?

What Sanitizers are Available?

Manual Filters

It Does Big Jobs As Well

Aura.Filter

Easy To Use

Rule Types• Soft Rules – Doesn’t Stop Validation Chain • Hard Rules – Stop Validation Chain For This Element• Stop Rules – Stop All Validation

Validation and Sanitization• RuleCollection::IS – Must match the rule• RuleCollection::IS_NOT – Must not match• RuleCollection::IS_BLANK_OR – Must be blank or match• RuleCollection::FIX – Sanitize The Data• RuleCollection::FIX_IS_BLANK_OR – Fix if not blank

Bundled Rules• Alnum• Alpha• Between• Blank• Bool• Credit Card• DateTime• Email

• Equal To Field• Equal To Value• Float• In Array Keys• In Array Values• Int• ipv4• Locale

• Max• Min• Regex• Strict Equals• String(length,min,

max)• Trim• Upload• Url

Custom Rules• Extend Aura\Filter\AbstractRule• Implement validate() and sanitize()• Add to the Rule Locator

Use Your Framework’s

Zend\Validator

Symfony2 Validator

Symfony2 Forms

Always Look First

One Final Note

Validation is Hard

Questions?

Thank You!• Please Rate on Joind.in - https://joind.in/10524• @dragonmantank• chris@ctankersley.com

https://joind.in/10524
https://joind.in/10524

top related

customers don't trust you...how you can fix that
Business
mobilization 2017: don't lose your users because of endless...
Mobile
enabling system trust fo users - university of california
Documents
don't take it on trust
Documents
computing cooperatively with people you don't trust
Education
getting users to trust your mobile apps and mobile web sites
Technology
daily active users don't matter! | raj singh, tempo ai
Technology
what users don't say: uncovering latent needs through design...
Design
use me! but don't trust me!
Documents
navigatingtheinsurancemaze.com...barb's axioms of healthy...
Documents
the elephant in the room or why people don't trust geeks...
Documents
a practical guide for potential users - carbon trust
Documents
don't ignore your special users by rahul verma
Internet
i'm an expert. don't trust me
Business
1 naturally supernatural part nine. 2 john 14:1-2 (msg) 1...
Documents
don't design websites. design web systems! (ut austin drupal...
Design
don't trust atoms – they make up everything…
Documents
don't trust, and verify - mobile application attacks
Mobile
don't listen to users, sample their experience!
Business
otari-wilton’s bush trust - wrhpc.org.nz ·...
Documents