Member-only story
Backend Data Validations and Why You Need Them
You never know how someone might manipulate your front end code
It’s no secret that the list of 100 largest companies in the world by market value features many tech companies. In particular, it features software companies.
Apple, Microsoft, Amazon, Alphabet, Facebook, and Alibaba occupy six of the top seven positions, proving beyond any reasonable doubt that software rules the world. But if software is omnipresent today, so are software bugs.
In this piece, we’ll discuss one of the most common mistakes that can lead to catastrophic results. We’ll see how such a mistake manifests in your code and a learn simple approach to avoid it.
Never Trust Your User
“Never trust your user” is one of those clichés you’ve probably heard if you’ve been writing software for more than a few months. In other words: Never trust any information submitted by a user. Whoever first said this was absolutely right!
What happens in the user’s browser when running the front end code you’ve developed is beyond your control. Essentially, the browser is a black box that, at some point, after the user has interacted with your code, might send you back a certain piece of data. How can you be unconditionally sure that this data has been generated as a result of the execution of your trusted code? Well, you can’t.
Let’s take a look at an example. You’ll see first-hand why trusting user data is a bad idea.
A Malicious Data Submission
Let’s imagine a banking application that allows users to transfer funds from one account to another:
When the user clicks on the Transfer button in the above scenario, your front end data validation code kicks in. It checks that there are enough funds in your account to allow you to proceed with the transfer and notifies you with an error message if not:
