Logo Icon Logo
A Crowd-sourced Cookbook on Writing Great Android® Apps
GitHub logo Twitter logo OReilly Book Cover Art
"Never Trust User Input"Back to Android Cookbook Home | Up to Chapter: Securing Your Application

Author: Ian Darwin ('idarwin')
In Published Edition? Yes
FormatLanguage: AsciiDoc

"Never Trust User Input"

Problem

You want to see why user input can not be trusted, and what to do about it.

Solution

In their classic 1978 work The Elements of Programming Style, Brian W. Kernighan and P. J. Plauger posited a number of axioms for reliable programming. One of the most fundamental was "Never Trust User Input". It is clear that in the intervening four decades, this advice has been ignored to a dunning level; things have not improved.

One primary manifestation is injection attacks, and one of the most common of these is the SQL Injection Attack. See xkcd Exploits of a Mom for a classic webcomic which contains that exact source code of a plausible, maybe-working attack.

Discussion

T/K

Download

The source code for this project is in the Android Cookbook repository, http://github.com/IanDarwin/Android-Cookbook-Examples/tree/master/