On 01/02/2013 03:53 PM, Scotto Alberto wrote:
>> Fix problems at the source
>
> Exactly. From my point of view, the "source" is who/what generates
> the input: the user who fills in a form. So, this is why I say that
> the input validation should be done around the View layer, while in
> the back ("rt_auth" function) I should assume with a precondition
> that the input is not evil anymore.It's far too easy for the backend function to start being used somewhere where the validation doesn't happen first, and then you're vulnerable again. The backend is a single point to fix, whereas validation might need to happen across multiple views and interfaces. The path of shoving the shell_exec() validation up into the view is lined with awful websites which prohibit special characters in passwords.
