开发者

What is the best way to go about whitelisting?

开发者 https://www.devze.com 2023-03-18 23:23 出处:网络
Essentially, exactly what the title states. I\'ve never whitelisted before and don\'t know where to 开发者_StackOverflowstart. Do I need a gem? Help PleaseWhitelisting is a basic programming notion re

Essentially, exactly what the title states. I've never whitelisted before and don't know where to 开发者_StackOverflowstart. Do I need a gem? Help Please


Whitelisting is a basic programming notion regarding how input to a program is regarded as valid & good or bad.

Whitelist: checks against input looking for valid conditions and proceeding if all good; aborts action by default unless all is well.

Blacklist: checks against input looking for bad input and rejecting if so; aborting the action with an error if so, otherwise proceeding with action.

The realm of possible bad inputs is infinite, the realm of possible good inputs is finite therefore:

Whitelists check input like this

if %w(some valid input).include?(params[:input])
  # proceed with action
else
  # not in whitelist, throw error
end

Blacklists: (Dont do this)

if %(some invalid input).include?(params[:input])
  # throw error, detected invalid
else
  # proceed with action
end

Always apply a whitelist logic where possible above blacklist.

0

精彩评论

暂无评论...
验证码 换一张
取 消