And it is developers that think like you that enable exploits like
buffer overflows, SQL injection, etc
Sudsy has it 100% right. The server can NEVER trust what the client is
sending it. ALWAYS revalidate EVERYTHING that you receive.
I tried repeatedly to explain but you remain convinced I am advocating
risky behaviour. Far from it. The revalidation system I am suggesting
provides the same security as the traditional one, in theory, and more
security in practice.
1. When you transport numbers in binary, there are no keystrokes to
validate. Not only is it more efficient to avoid revalidating the
keystrokes, it is IMPOSSIBLE to revalidate them. They no longer exist.
All you need to do is validate the equivalent binary value. There is
nothing shoddy about this.
2. The system introduces no new holes for a hacker to exploit. There
is no way to exploit it to sneak in invalid values. If you don't
believe me, see if you can think of a way to do it. If you try, it
should soon become obvious why there is no leak. You are worrying
about imaginary, theoretically impossible, problems. You are doing
the equivalent of writing
if ( a > 2 || a > 2 )
because you are worried the first one might not take.
3. The revalidation required at the server is much simpler than the
validation done on the client. There this thus less chance it will be
coded incorrectly. It is easier to proofread, easier to test. There
is no temptation to skimp on validation to keep the serverside code
small.
4. It provides a proper separation of duty. Clients produce clean
data; servers deal only in clean data, with the final checks necessary
to ensure data truly has been cleaned, not to clean it.
5. Consider that if a hacker creates a record identical to the one you
create with your Applet, that is ok, no matter how he constructs it --
e.g. with a hex editor. You are not trying to block that. You are
merely trying to block any records a hacker would send you that could
not have come from your Applet. If you Applet allowed the keying of a
single field and insisted the value be between 100 and 200, the only
binary records it could produce are binary ints between 100 and 200.
So all you need do serverside is check if the binary int is between
100 and 200. There are no other possible acceptable records, and all
of them in that range are acceptable.