Logo Icon Logo
A Crowd-sourced Cookbook on Writing Great Android® Apps
GitHub logo Twitter logo OReilly Book Cover Art

"Never Trust User Input"

In Chapter: Securing Your Application
Author: Ian Darwin ('idarwin')
Published? true
FormatLanguage: AsciiDoc


You want to see why user input can not be trusted, and what to do about it.


In their classic 1978 work The Elements of Programming Style, Brian W. Kernighan and P. J. Plauger posited a number of axioms for reliable programming. One of the most fundamental was "Never Trust User Input". It is clear that in the intervening four decades, this advice has been ignored to a dunning level; things have not improved.

One primary manifestation is injection attacks, and one of the most common of these is the SQL Injection Attack. See xkcd Exploits of a Mom for a classic webcomic which contains that exact source code of a plausible, maybe-working attack.