August 2024
Beginner to intermediate
488 pages
11h 1m
Korean
Content preview from 실무로 통하는 클린 코드
Become an O’Reilly member and get unlimited access to this title plus top books and audiobooks from O’Reilly and nearly 200 top publishers, thousands of courses curated by job role, 150+ live events each month,
O’Reilly covers everything we've got, with content to help us build a world-class technology community, upgrade the capabilities and competencies of our teams, and improve overall team performance as well as their engagement.I wanted to learn C and C++, but it didn't click for me until I picked up an O'Reilly book. When I went on the O’Reilly platform, I was astonished to find all the books there, plus live events and sandboxes so you could play around with the technology.I’ve been on the O’Reilly platform for more than eight years. I use a couple of learning platforms, but I'm on O'Reilly more than anybody else. When you're there, you start learning. I'm never disappointed.I'm always learning. So when I got on to O'Reilly, I was like a kid in a candy store. There are playlists. There are answers. There's on-demand training. It's worth its weight in gold, in terms of what it allows me to do.
450
실무로 통하는 클린 코드
25.1
입력값 검열하기
문제
사용자 입력을 검열하지 않은 코드가 있습니다.
해결
통제할 수 없는 모든 것을 검열하세요.
노트
입력 검열
입력 검열
input
sanitization
은 사용자의 입력을 처리하기 전에 입력이 안전하고 형식을 준수하는지 확인하기 위해
유효성을 검사하고 정리하는 작업입니다. 악의적인 사용자가 실행할 수 있는
SQL
삽입, 사이트 간 스크립팅
(
XSS
), 기타 공격과 같은 다양한 보안 취약점을 방지할 수 있습니다.
설명
악의적인 사용자는 항상 존재합니다. 따라서 사용자의 입력에 매우 주의를 기울여야 하
며, 입력 필터링 기술을 사용하고 검열해야 합니다. 외부 자원에서 입력을 받을 때마다 그 유효
성을 검사하고 잠재적으로 유해한 입력이 있는지 확인해야 합니다.
SQL
삽입은 대표적인 위협
입니다. 입력에 어서션과 불변성을 추가할 수도 있습니다 (
13
.
2
절 ‘전제 조건 적용하기’ 참조 ).
노트
SQL
삽입
SQL 삽입
SQL
injection
은 공격자가 데이터베이스와 통신하는 프로그램에 악성
SQL
코드를 삽입하는 것입니다. 공
격자는 텍스트 상자나 양식과 같은 입력 필드에
SQL
코드를 입력합니다. 그러면 애플리케이션이 해당 코드를
실행해 데이터에 접근하거나 수정하고, 민감한 정보를 검색하거나, 심지어 시스템을
Become an O’Reilly member and get unlimited access to this title plus top books and audiobooks from O’Reilly and nearly 200 top publishers, thousands of courses curated by job role, 150+ live events each month,
and much more.
Read now
Unlock full access
More than 5,000 organizations count on O’Reilly
O’Reilly covers everything we've got, with content to help us build a world-class technology community, upgrade the capabilities and competencies of our teams, and improve overall team performance as well as their engagement.Julian F.
I wanted to learn C and C++, but it didn't click for me until I picked up an O'Reilly book. When I went on the O’Reilly platform, I was astonished to find all the books there, plus live events and sandboxes so you could play around with the technology.Addison B.
I’ve been on the O’Reilly platform for more than eight years. I use a couple of learning platforms, but I'm on O'Reilly more than anybody else. When you're there, you start learning. I'm never disappointed.Amir M.
I'm always learning. So when I got on to O'Reilly, I was like a kid in a candy store. There are playlists. There are answers. There's on-demand training. It's worth its weight in gold, in terms of what it allows me to do.