Academic Integrity: tutoring, explanations, and feedback — we don’t complete graded work or submit on a student’s behalf.

Input validation is a layer of indirection between what a user enters and what i

ID: 3878516 • Letter: I

Question

Input validation is a layer of indirection between what a user enters and what is executed in a program. Why is this a significant concern on the web? What circumstances involving web pages make this a unique platform for entering malicious input? Give at least two examples of vulnerabilities for web applications that result from users entering malicious input into form fields.

What steps can be taken for input validation in cases in which the entry does not meet regular criteria, such as a phone number in which the pattern can be predicted? What is an example of input that does not have a regular pattern? How could this be protected by input validation?

Some web deployments call on precompiled components or libraries, such as NetBeans and C executables. How could these systems be protected from injection by users? Why might this be necessary?

Explanation / Answer

Input Validation:

-------------------

The Input given by the user can be validated before it hits the server.So you can reduce the network traffic to the database.

It improves the performance of the application.

Client Side Validation can be done using the JavaScript, HTML5 so on.

For example, If the end user enter an invalid email,Then the email can be validated before the user submits the form details.

1) <input type="email" pattern="[a-zA-Z0-9]+[a-zA-Z0-9._%+-]+@[a-z0-9.-]+.[a-z]{2,4}$" placeholder="abc@xyz.com" required>

the above example does not allow the user to submit the form until and unless the user enters the email in the correct format.

  

Since the we are validating it in the client side itself we can reduce the server hit.

  

2) <input type="tel" name="telphone" placeholder="888 888 8888" pattern="[0-9]{3} [0-9]{3} [0-9]{4}" maxlength="12" title="Ten digits code" required/>

the phone number should in the specified format other wise we cannot submit the form.

If the user submits the data incorrect format then it results in the manipulation of the data or redirecting to the blank screen.

So if the input is validated properly then we can avoid such type of situations.

The following are the common scenario where the input is validated.

1) Check the input string having valid length or not.

2) If the string is "required", check that input field cannot be left blank.

3) Check if the input field wants only the numeric should be allowed.

4) Make sure the input field is boolean.

Related Questions

Input below the dollar amount, if assessible, of the penalty described. If an am
Question #2454685
Input data: http://pastebin.ca/3374639 C++ Program using Structs, and functions
Question #3668389
Input file. 1,A,C,B,D,B,A,B,D,C,A 2,B,D,C,A,C,B,A,C,A,B 3,C,A,D,B,B,D,C,B,A,C 4,
Question #3619082
Input file: Each line contains a format, followed by a real number in fixed nota
Question #3938172
Input file: I. The Assignment The Bashemia Parking Garage contains a single lane
Question #3747481
Input format examples: Al 2 O 3 would be typed in as Al2O3 Al 2 (SO 4 ) 3 would
Question #680473
Input information to the central nervous system is carried by what type of nerve
Question #315342
Input is a sequence X of n real numbers, not necessarily in sorted order. It is
Question #3763129

Navigate

Previous
Input txt Follow the instruction below to develop the program. 1) Download the d
Next
Input will be in a file, and output will be to a file. input: The first input on