Browse by Tags
All Tags »
Input Validation (
RSS)
First of I'd like to thank Guy for his excellent screencast - very convenient, so thanks. Specifically I liked introductory screencast for WCF which can be found here: http://blogs.microsoft.co.il/blogs/bursteg/pages/WCF-Introduction-Demo-_2800_ScreenCast_2900_.aspx It is dubbed in Hebrew, but the screens are flipping in so logical way so that one who does not understand Hebrew will be fine - go for it - recommended a lot for WCF newbies like me. My interest was to understand the pipeline that the...
In my previous post [ part I ] I've showed why it is important to do server side input validation and how easy it is to by pass any client side input validations for web services invocation scenarios. Actually anything that utilizes HTTP is pretty easy to intercept and change on the client - classic Web UI, Web Service, and AJAX. One can use http debugging/proxy tools like fiddler . I show this demo to folks and sometimes I hear "Hey it is not relevant to us - we are using Remoting over TCP channel...
Some time ago I was reviewing high level arch spec for really big project. in one place it stated "Input validation checks will be done on the client side for perf reason. Since client part will do the security checks the server part will not performs input validation since it is redundant and may hurt the performance" Huh?.... Watch the video to see what happens when the input is validated on the client only. Double click it to see it in full screen mode. This time it is WinForms client talking...