38
Don’t Trust Your Users Chris Tankersley @dragonmantank [email protected]

Don't Trust Your Users

Embed Size (px)

DESCRIPTION

 

Citation preview

Page 1: Don't Trust Your Users

Don’t Trust Your Users

Chris Tankersley@dragonmantank

[email protected]

Page 2: Don't Trust Your Users

Who are you and why are you in my house?

• Chris Tankersley• Doing PHP for 10 Years• Lots of projects no one uses, and a few that some do• TL;DR https://github.com/dragonmantank

NWO-PUG 2September 20, 2011

Page 3: Don't Trust Your Users

Everyone Loves a Story

http://northweststate.edu/about-nscc/

Page 4: Don't Trust Your Users

Programming Is Just Acronyms• DRY – Don’t Repeat Yourself• KISS – Keep It Simple Stupid• IPO – Input, Process, Output

Page 5: Don't Trust Your Users

GIGO – Garbage In, Garbage Out

Page 6: Don't Trust Your Users

Users Are a Nice Big Family

Page 7: Don't Trust Your Users

Some People Want To Watch The World Burn

Page 8: Don't Trust Your Users

We Love Contact Forms

Page 9: Don't Trust Your Users

Client Side Validation

Page 10: Don't Trust Your Users

HTML 5 Validation

Page 11: Don't Trust Your Users

Browsers Suck

http://caniuse.com/#search=required

Page 12: Don't Trust Your Users

Server Side Is Necessary

http://www.flickr.com/photos/pargon/2444943158/sizes/l/

Page 13: Don't Trust Your Users

PHP’s Filter Module

Page 14: Don't Trust Your Users

Some Background• Enabled by default since 5.2.0• Provides both Validation and Sanitization• Very easy to use to work with data• Exposed via the 7 basic functions

Page 15: Don't Trust Your Users

Filtering Is Easy And Fun

Page 16: Don't Trust Your Users

Basic Filtering Out Of The Box

Page 17: Don't Trust Your Users

We Can Clean Up Data As Well

Page 18: Don't Trust Your Users

What Sanitizers are Available?

Page 19: Don't Trust Your Users

What Sanitizers are Available?

Page 20: Don't Trust Your Users

Manual Filters

Page 21: Don't Trust Your Users

It Does Big Jobs As Well

Page 22: Don't Trust Your Users

Aura.Filter

Page 23: Don't Trust Your Users

Easy To Use

Page 24: Don't Trust Your Users

Rule Types• Soft Rules – Doesn’t Stop Validation Chain • Hard Rules – Stop Validation Chain For This Element• Stop Rules – Stop All Validation

Page 25: Don't Trust Your Users

Validation and Sanitization• RuleCollection::IS – Must match the rule• RuleCollection::IS_NOT – Must not match• RuleCollection::IS_BLANK_OR – Must be blank or match• RuleCollection::FIX – Sanitize The Data• RuleCollection::FIX_IS_BLANK_OR – Fix if not blank

Page 26: Don't Trust Your Users

Bundled Rules• Alnum• Alpha• Between• Blank• Bool• Credit Card• DateTime• Email

• Equal To Field• Equal To Value• Float• In Array Keys• In Array Values• Int• ipv4• Locale

• Max• Min• Regex• Strict Equals• String(length,min,

max)• Trim• Upload• Url

Page 27: Don't Trust Your Users

Custom Rules• Extend Aura\Filter\AbstractRule• Implement validate() and sanitize()• Add to the Rule Locator

Page 28: Don't Trust Your Users

Use Your Framework’s

Page 29: Don't Trust Your Users

Zend\Validator

Page 30: Don't Trust Your Users
Page 31: Don't Trust Your Users
Page 32: Don't Trust Your Users

Symfony2 Validator

Page 33: Don't Trust Your Users

Symfony2 Forms

Page 34: Don't Trust Your Users

Always Look First

Page 35: Don't Trust Your Users

One Final Note

Page 36: Don't Trust Your Users

Validation is Hard

Page 37: Don't Trust Your Users

Questions?

Page 38: Don't Trust Your Users

Thank You!• Please Rate on Joind.in - https://joind.in/10524• @dragonmantank• [email protected]

https://joind.in/10524
https://joind.in/10524

When I get logical, and I don't trust my instincts - that's when I get in trouble. 

When I get logical, and I don't trust my instincts - that's when I get in trouble. 

Documents
Trust, Transparency: What End-Users Want from their Providers!

Trust, Transparency: What End-Users Want from their Providers!

Documents
Factors that influence users’ perceptions of trust in e ...his.diva-portal.org/smash/get/diva2:3306/FULLTEXT02.pdfFactors that influence users’ perceptions of trust in e-commerce

Factors that influence users’ perceptions of trust in e ...his.diva-portal.org/smash/get/diva2:3306/FULLTEXT02.pdfFactors that influence users’ perceptions of trust in e-commerce

Documents
Trust from KnowNow - A new service enabling users to stay ...‘TRUST API’ Trust from KnowNow - A new service enabling users to stay in control of their data in realtime all the

Trust from KnowNow - A new service enabling users to stay ...‘TRUST API’ Trust from KnowNow - A new service enabling users to stay in control of their data in realtime all the

Documents
Don't Trust, And Verify - Mobile Application Attacks

Don't Trust, And Verify - Mobile Application Attacks

Mobile
Don't Trust Your Users

Don't Trust Your Users

Technology
1 Naturally Supernatural Part Nine. 2 John 14:1-2 (MSG) 1 "Don't let this throw you. You trust God, don't you? Trust me. 2 There is plenty of room for

1 Naturally Supernatural Part Nine. 2 John 14:1-2 (MSG) 1 "Don't let this throw you. You trust God, don't you? Trust me. 2 There is plenty of room for

Documents
I'm an Expert. Don't Trust Me

I'm an Expert. Don't Trust Me

Business
Customers Don't Trust You...And How You Can Fix That

Customers Don't Trust You...And How You Can Fix That

Documents
Customers Don't Trust You...How You Can Fix That

Customers Don't Trust You...How You Can Fix That

Business
Enabling System Trust fo Users - University of California

Enabling System Trust fo Users - University of California

Documents
USE ME! BUT DON'T TRUST ME!

USE ME! BUT DON'T TRUST ME!

Documents
Computing Cooperatively with People You Don't Trust

Computing Cooperatively with People You Don't Trust

Education
Daily Active Users Don't Matter! | Raj Singh, Tempo AI

Daily Active Users Don't Matter! | Raj Singh, Tempo AI

Technology
Enterprise Information Architecture: Because users don't care about your org chart

Enterprise Information Architecture: Because users don't care about your org chart

Technology
Don't Listen to Users, Sample Their Experience!

Don't Listen to Users, Sample Their Experience!

Business
Don't Ignore Your Special Users By Rahul Verma

Don't Ignore Your Special Users By Rahul Verma

Internet
Mind Reading - Seeing Needs Users Don't Articulate

Mind Reading - Seeing Needs Users Don't Articulate

Technology
navigatingtheinsurancemaze.com...Barb's Axioms of Healthy Distrust 1. Don't trust Dorothy's insurance card 2. Don't trust plan's website / faxed info 3. Don't trust Dorothy Info may

navigatingtheinsurancemaze.com...Barb's Axioms of Healthy Distrust 1. Don't trust Dorothy's insurance card 2. Don't trust plan's website / faxed info 3. Don't trust Dorothy Info may

Documents
How to get a guy to like you Trust me, don't be yourself. - Victoria Pesce -

How to get a guy to like you Trust me, don't be yourself. - Victoria Pesce -

Documents
Driver Monoculture - freedesktop.orglibv/libv_-_outputs... · 2005. 6. 19. · Driver Monoculture: Older hardware is important. Don't expect users to buy specific hardware. Don't

Driver Monoculture - freedesktop.orglibv/libv_-_outputs... · 2005. 6. 19. · Driver Monoculture: Older hardware is important. Don't expect users to buy specific hardware. Don't

Documents
ATECC608A Trust Development Board User's Guideww1.microchip.com/...Trust-Development-Board-Users-Guide-DS5000… · ATECC608A Trust Development Board User's Guide ... Legal Notice

ATECC608A Trust Development Board User's Guideww1.microchip.com/...Trust-Development-Board-Users-Guide-DS5000… · ATECC608A Trust Development Board User's Guide ... Legal Notice

Documents
Don't you trust me?

Don't you trust me?

Technology
Sandvik Embraces Zero Trust and Empowers 35,000 Users to

Sandvik Embraces Zero Trust and Empowers 35,000 Users to

Documents
Trust metrics on controversial users: balancing between tyranny of

Trust metrics on controversial users: balancing between tyranny of

Documents
OTARI-WILTON’S BUSH TRUST - wrhpc.org.nz · OTARI-WILTON’S BUSH TRUST News and Views March, 2012 ... marram grass; they don't readily ... Membership Application Form

OTARI-WILTON’S BUSH TRUST - wrhpc.org.nz · OTARI-WILTON’S BUSH TRUST News and Views March, 2012 ... marram grass; they don't readily ... Membership Application Form

Documents
Inspiring Confidence: 5 Strategies to Establish Users' Trust in Your Website

Inspiring Confidence: 5 Strategies to Establish Users' Trust in Your Website

Marketing
Can We Trust Data Users to Consider Data Quality?

Can We Trust Data Users to Consider Data Quality?

Documents
Mobilization 2017: Don't lose your users because of endless quality issues

Mobilization 2017: Don't lose your users because of endless quality issues

Mobile
Don't Trust Your Eye: Apple Graphics Is Compromised!...Don't Trust Your Eye: Apple Graphics Is Compromised! Liang Chen (@chenliang0817) Marco Grassi (@marcograss) QidanHe (@flanker_hqd)

Don't Trust Your Eye: Apple Graphics Is Compromised!...Don't Trust Your Eye: Apple Graphics Is Compromised! Liang Chen (@chenliang0817) Marco Grassi (@marcograss) QidanHe (@flanker_hqd)

Documents