Susorodni
commented
3 years ago How am I supposed to "sanitize" queries?
Open billyb2 opened 3 years ago
Susorodni
commented
3 years ago How am I supposed to "sanitize" queries?
billyb2
commented
3 years ago Nah sanitizing queries is a backend thing, but for the front end, stuff like limiting username and password lengths, not allowing racial slurs, etc @Susorodni
billyb2
commented
3 years ago I'd sanitize queries to prevent SQL injection from occuring.
billyb2
commented
3 years ago @Susorodni it'd be great if you made sure that only alphanumeric characters were allowed to be sent by the frontend. Maybe that and all these special characters: +_-!#@
This would prevent a lot of easily preventable attacks. Also filtering out words like admin, root, etc. Most noobie hackers or people trying to pretend to be an admin would be stopped by that. I would do the same filtering on the backend, to prevent people manually sending requests (like with Insomnia).
Like as an example, for the register form, only allow a certain set of characters, to prevent SQL injection.
This will be an ongoing issue, but it should be out here as a reminder. Both the front and backend need to validate and sanitize user Input, whether that means making sure emails look valid, passwords are above 8 characters, slurs aren't aloud in usernames, SQL queries are sanitized, etc.