code sanitization question
Is it safe to leave data submitted by admin users unsanitized, and on开发者_开发问答ly sanitize the data submitted by non-admin users?
You should sanitise all input, trusting your admin users is a naive approach.
If you decide to sanitize user data, it should be done for all users, including admin user inputs.
Being an Admin user doesn't mean that the data that they input is always safe.
It's probably not a good idea to not sanitize admin input, unless some part of the sanitizing process will prevent the admin from doing what she needs to do. You have to consider two things:
- Is the admin trustworthy? (I should hope so)
- Is there any risk that someone could become admin without my knowledge/permission? (this is more likely -- someone could crack the admin password or use an exploit to elevate their permissions).
In short, yes, you should sanitize everything -- unless it's such a hindrance on the admin that you're willing to compromise security. Whether you sanitize the admin input or not, make sure admin has a very secure password stored very securely.
Think about it in wider perspective: If your system at all contains an "admin" account, this means that you have there some special operations that a "normal user" would never see, maybe even some critical, strategic or just dangerous to data/stability/usability of the system.
Admins are humans. Humans make errors. Unnoticed error in critical/strategic/dangerous operation means a catastrophe.
You should sanitize the admin's input even more than a normal user's, because it is the 'admin' who most easily can accidentially trash your system.
Of course, being paranoid with admin input makes little sense if your whole admin-panel is just a textfield that accepts raw SQL queries to execute :)
精彩评论