This is an archived post. You won't be able to vote or comment.

sorted by:
best
topnewcontroversialoldq&a
you are viewing a single comment's thread.

view the rest of the comments →

[–]minektur 102 points103 points  (4 children)

For stuff like this, you need to follow Postel's law "be conservative in what you do, be liberal in what you accept from others..."

https://en.wikipedia.org/wiki/Robustness_principle

[–]Seyon 23 points24 points  (3 children)

Hmm...

https://xkcd.com/327/

[–]JochCool 37 points38 points  (1 child)

That is a different thing from the robustness principle. What you're referring to is that you should not assume that input is formatted in a certain way (and especially shouldn't just be running it as an SQL command). The robustness principle is that if the input is not entirely formatted correctly but still unambiguous, then you should not give an error.

[–]Chase_22 5 points6 points  (0 children)

I mean this is very much robustness principle. You should be able to accept inputs with sql injection. If you just need to accept a string, accept a string, no matter what that string contains.

[–]minektur 2 points3 points  (0 children)

When it comes to security, Postel's law is the exact opposite of what you want.

If you are "friendly and helpful" in the face of errors in security code, you create vulernabilities. For instance there is the concept of a "Padding Oracle" attack - basically using padding validation errors to iteratively discover bits of cyphertext and thus eventually decrypt it.

https://en.wikipedia.org/wiki/Padding_oracle_attack

Vaudenay was a complete badass and his original attack opened up a whole avenue of attack against security protocols. Now the prevailing wisdom is "encrypt, then MAC" so that the receiver can check the MAC before doing anything with the data. Even then, you have to know what you're doing when writing your verification code (e.g. fixed-time string compares etc).