Security: Sanitise Text Input Before Hashing for a More Secure Application

Hashing can be a resource-intensive process for many programming languages. If your application has a text input interface that doesn't limit the number of characters, it can be exploited by attackers who supply excessively large inputs. This can potentially slow down your application or, in the worst-case scenario, cripple it entirely—an attack known as a Denial of Service (DoS).

To protect your application, always validate and sanitise text input by checking its length before hashing. This simple measure can significantly enhance the security and stability of your application.

Disclosure: This entry is based on a collection of my personal notes, and some of the information may be outdated or no longer relevant. If you notice any inaccuracies, please let me know in the comments. I appreciate your feedback and will correct the entry as needed. :)

Comments

Post a Comment

Popular posts from this blog

Words: You Aren't Gonna Need It (YAGNI)

Another daily muse. It’s not surprising that our technical team continues to discover unused functions within a particular feature library. Although the names of these functions may sound promising, the logic inside is often outdated, as they haven’t been refactored to align with the current context of the feature. Some of these functions were written ages ago. This is where I need to borrow a concept from my university days, when my mates and I often applied Extreme Programming (XP) principles in our software projects. The core idea: Don’t add functionality until it’s actually needed. This is essentially the You Aren't Gonna Need It (YAGNI) philosophy. To quote Ron Jeffries, a co-founder of XP, as taken from Wikipedia: "Always implement things when you actually need them, never when you just foresee that you [will] need them."
Read more

Words: Domain-Driven Development

Today, I stumbled upon a simple read on Reddit that serves as a reminder for both new and seasoned programmers about the importance of Domain-Driven Development (DDD). The post shared this article by Google: Write Change-Resilient Code with Domain-Driven Design . While it just touches on DDD, it's good enough to raise awareness. In case DDD is new to you, here’s a brief description from Wikipedia: Domain-Driven Development is a major software design approach that focuses on modeling software to match a domain based on input from that domain’s experts. DDD opposes the idea of having a single, unified model. Instead, it divides a large system into bounded contexts, each with its own model. For a more in-depth exploration of DDD, here are some useful articles: DDD 101: The 5-Minute Tour Domain-Driven Design (DDD) From my perspective, the DDD concept allows for simpler collaboration between technical teams and domain experts through the use of a consistent language. It also reduces th...
Read more

Words: Chaos Engineering

"Chaos Engineering" is a rather cool IT discipline, but I haven't had the privilege of implementing it—perhaps because the systems I work with are never complex enough to require such a high degree of redundancy. Essentially, chaos engineering involves testing a system by introducing controlled faults or failures to identify its weaknesses and ensure it can handle unexpected disruptions. Examples of Chaos Engineering : Killing servers or nodes in a High Availability configuration to see if the service continues to run as expected. Introducing latency between servers/nodes (in a microservices environment) to observe how the system handles slow communication. Why It’s Important : Proactive Resilience : It helps you uncover weaknesses before they escalate into actual incidents, enabling teams to build more resilient systems. Improved Incident Response : By simulating real-world failures, teams gain valuable experience in handling outages, making them better equipped to resp...
Read more