October 2014
Intermediate to advanced
472 pages
10h 44m
English
Content preview from Secure Development for Mobile Apps
Become an O’Reilly member and get unlimited access to this title plus top books and audiobooks from O’Reilly and nearly 200 top publishers, thousands of courses curated by job role, 150+ live events each month,
Start your free trial
298
seCure develoPment For mobIle APPs
e regular expression is exactly the same, and the result is the same. is ensures
consistent validation results in the client and in the server.
If instead the PHP function below is used,
return filter_var($string, FILTER_SANITIZE_STRING);
the result can be different than what was allowed client side, and can create difficulty
in tracking down bugs.
Client side validation can be bypassed, so the server has to be diligent in protec-
tive filtering. When client side validation is followed, the server should mimic the
validation rule, not enforce a different one. Another way to put this is that prop-
erly validated client side data should pass through server side validation unaltered.
Data that does not pass successf ...