This is actually the attack vector for a lot of security vulnerabilities. Hackers will attack websites using various methods like SQL injection attacks, code injections, or cross-domain scripting attacks. For desktop applications or embedded software (the software that runs devices like your corporate desk phone or your BluRay player), these vectors are usually buffer overruns and underruns.
The biggest tool in the IT security toolbox for preventing these types of attacks is a philosophy known as sanitizing your input.
 |
| Perhaps if they'd learned about parameterized queries. . . . |
Basically, your program should never trust the user to enter valid data, and everything should be checked. If it's a field expecting a numeric value, ensure that they actually entered a number. If you're writing to a buffer, check the length of the input against the length of the memory buffer before writing it to memory. If you're executing SQL statements from a web page, make sure you use properly parameterized queries to isolate the user input from the execution engine.
This very concept of sanitizing inputs doesn't just apply to tech geeks, however. It also applies in our daily walk with Christ. Romans 12:2 says "Do not be conformed to this world, but be transformed by the renewal of your mind, that by testing you may discern what is the will of God, what is good and acceptable and perfect." (emphasis added). We are to test everything, so that we may discern the will of God. We shouldn't just accept things that are presented to us.
Why should we do this? Proverbs 4:23 says that we should guard our heart because it's the wellspring of life. The principle of GIGO applies to us as well. If we are constantly filling our mind and our heart with impurities, it poisons our spiritual wellspring. We begin to reflect and repeat all of that nastiness, hiding the light of Christ that is within us.
So, how do we go about sanitizing our inputs as Christians? Well, first we have to reject all those things that we know are immoral or unworthy. We might have to change what we watch, or what we read, or who we hang out with. We have to evaluate every decision we make through a lens of holiness and godliness. Colossians 3:5 is very blunt on what we should do. It tells us to "[p]ut to death therefore what is earthly in you:sexual immorality, impurity, passion, evil desire, and covetousness, which is idolatry." Howver, if there is one thing I've learned over the last year, it's that nature truly does abhor a vacuum. It is not enough to simply take out the bad, you have to replace it with something good (see Matthew 12:43-45). So, what do we replace it with? When we've put to death what is earthly in us, what do we bring to life in its place? Philippians 4:8 is a perfect road map for this: "Finally, brothers, whatever is true, whatever is honorable, whatever is just, whatever is pure, whatever is lovely, whatever is commendable, if there is any excellence, if there is anything worthy of praise, think about these things."
But none of us are perfect and we all carry around baggage. Even one of the great Kings of the old Testament struggled with sin. David wrote the 51st Psalm after he committed adultery with Bathsheba. In verse 10 he cries out "Create in me a clean heart, O God, and renew a right spirit within me."
So this is our model for sanitizing the inputs of our life. Through faith in Christ we are born again, and we are given the clean heart that David cried out for. We put to death our earthly desires and instead replace them with things that are worthy of praise.
The LORD bless you and keep you; the LORD make his face to shine upon you and be gracious to you; the LORD lift up his countenance upon you and give you peace.
Numbers 6:24-26 (ESV)
Good point, and we NEED that right now...
ReplyDelete