黑名单与白名单在形式的输入过滤和验证 [英] blacklisting vs whitelisting in form's input filtering and validation

问题描述

这是在消毒来自用户输入的首选方法？

which is the preferred approach in sanitizing inputs coming from the user?

谢谢！

推荐答案

最好的方法是使用存储过程或参数化查询。白名单是一个额外的技术，可以防止任何注射到达服务器之前，但不应该被用作您的主要防御。黑色上市通常是一个坏主意，因为它通常是不可能过滤掉所有恶意输入。

The best approach is to either use stored procedures or parameterized queries. White listing is an additional technique that is ok to prevent any injections before they reach the server, but should not be used as your primary defense. Black listing is usually a bad idea because it's usually impossible to filter out all malicious inputs.

顺便说一句，这个答案正在考虑你的意思是消毒为防止SQL注入攻击。

BTW, this answer is considering you mean sanitizing as in preventing sql injection.

这篇关于黑名单与白名单在形式的输入过滤和验证的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！