I am developing an application, and have URLs in the format www.example.com/some_url/some_parameter/some_keyword. I know by design that there is a maximum length that these URLs will have (and still be valid). Should I validate the URL length with every request in order to protect against buffer overflow/injection attacks? I believe this is an obvious yes but I’m not a security expert so perhaps I am missing something.
I am developing an application, and have URLs in the format www.example.com/some_url/some_parameter/some_keyword . I
Share
If you are not expecting that input, reject it.
You should always validate your inputs, and certainly discard anything outside of the expected range. If you already know that your URL’s honestly won’t be beyond a certain length then rejecting it before it gets to the application seems wise.