Can data types other than strings be potentially dangerous if they are obtained from external sources?

Question

Can data types other than strings be potentially dangerous if they are obtained from external sources?

It is well known that you cannot trust user inputs. These inputs can even be a security issue if they are used without filtering. XSS and SQL injections are possible problems that arise when using unfiltered user input (or input that can be modified by the user).

To avoid such problems, you must control all the lines that external resources may affect. Perl supports this with "taint-mode".

The problems that I know about are related to manipulated strings. Do you know examples of security issues coming from ints, floats, etc., driven by external influences? Or can these data types be safe?

+3

string security types code-injection

Mnementh Mar 30 '09 at 14:55

source share

4 answers

, , . () , , , , , , . , , , .

+1

Vatine 30 . '09 15:09

, - .

, - (SQL ). , .

, , - , , - " ".

+1

mwigdahl 30 . '09 15:09

, trust boundary.

, . , , , .
, -

Microsoft (SDL) Blog, ( ) Threat , " PlaySound" , , .

+1

Grant Wagner 30 . '09 17:32

David M · Accepted Answer · 2009-03-30T15:08:18+0000

Ultimately, all values are passed as strings to your program, regardless of whether you ultimately convert them or not. Everything should be considered as potentially dangerous, and not just for this reason.

, , . , , . , , , , , - . , , . , ASP.NET, , , , , .

, , , , , .

Can data types other than strings be potentially dangerous if they are obtained from external sources?

More articles: