20
I’m making a form, and I’m doing the validation part...
I see the term a lot sanitize or sanitizar, what it means?
I’ve even seen some functions in the php that carry this term in their parameters.
3 answers
19
Delete text snippets in a data entry that have metadata characteristics, and that may cause some security problem.
For example: in HTML the < > & characters are part of the Markup, If a data string contains these characters, it will cause problems because the browser will interpret it as HTML. When uploading to the browser, such characters should be rewritten as < > & respectively. (Incidentally, I had to do this here while writing my answer, otherwise the substitute symbols would not appear correctly!)
It is very common to have to take certain HTML codes and mainly Javascript from what can be published on some page of the system, and this script compromise user experience, modify information or even create facilities to infect it.
Or you can clear data that will serve as a directory or file name not to access what you should not.
Another cleaning that can be useful is to eliminate snippets of SQL that can be injected into the query and do damage. In SQL single and double quotes delimit strings, so data with these characters without sanitation can disarrange the SQL commands. In general there is better technique to prevent this from happening.
It is possible to make some specific adjustments, only allowing certain well formed data to be accepted, an email for example, or just number, etc. It has a page with some of these possible filters in PHP. And the page with information on the subject.
3
Of W3 Schools:
Sanitize Data = Remove any illegal characters from the data.
Self-explanatory, serves to normalize data so you can work with them later.
-2
Sanitizing has the same purpose, eliminating or summarizing information and images that give excessive or very complex information. In the military environment, a sanitized file is usually a file that has the engraving of texts, cutting of images, whitening of text and equations, these, which, if not eliminated, would give sensitive information, which would affect the security of the person, organization and/or nation. It is quite common for sanitization to occur in files that have come out of secret, top secret, classified, and entered for "declassified", but without unlimited access to the public, often a declassified file is available, only, for government organizations and contractors.
The term civil is more in the middle of the area that affects the acronym business, personal and organizational, but with no relation to military/governmental organs.
-
2
Here we speak strictly about IT. Other contexts go beyond our scope.
Browser other questions tagged php security-guard terminology
You are not signed in. Login or sign up in order to post.
I’ve heard the term "sanitization" too.
– Wallace Maxters
The correct one would be to "sanitize" or "sanitize". To use "sanitize" is not even an anglicism, it is even spelling error.
– epx
Do you have any reference to your statement or is it just an opinion? @epx
– MagicHat
I’ve heard the term sanctify
– PauloHDSousa
There’s some data that seems "satanized" .... Excuse the joke ...
– Motta