Trust is everything in this day and age. You have to trust
a lot of people, from the guy who gives you directions to your
local plumber. After all, you're not always the authority. However, when
developing applications for the web, you must assume the
role of authority. Otherwise, the user will assume the role, which is a big gamble:
total data integrity, data corruption, or diversion of data -- if the
user is the authority, you don't know what the results will be.
We blame a lot of problems on "bad code". However, bad code isn't
necessarily written with malicious intent; good code can go bad through simple
misunderstandings and misuse of technologies. Three basic
steps can be taken to avoid creating bad code. The first step is
ensuring that you can trust your input. The next step is manipulating that input
data carefully. The final step is providing the appropriate people with
secure, reliable access to that data.