Do not trust the client

15 January 2014

Whenever you recieve input always, aways, always validate the input. No matter if the client is an other server, a browser or someone else entirely. Check required values are pressent, check inputs seems plausible before using them and do your best to make sure input you accept don’t hurt and mess up your system. It’s not rocket science to do so, it’s just good practice to make sure your not getting garbage in.