Server Side Filter in Cyber Security Field
Filters are the validation check performed on the user’s input to ensure that the input the user has entered follows the expected input.
For example, below is the picture depicting filter check on user input.
Attention reader! Don’t stop learning now. Get hold of all the important CS Theory concepts for SDE interviews with the CS Theory Course at a student-friendly price and become industry ready.
As you can see in the above picture, the input is expected to be in letters ie- letters >=(‘a’ or ‘A’ )and letters<=(z or ‘Z’), any other key input won’t be accepted by the webpage.Here, the name @abhi1jith won’t is accepted by the webpage as there’s a filter check associated with the input field which is- the letter of the name must contain alphabet only, and here, the input contains integer as well as an alphanumeric character which is not allowed according to the filter programmed behind it.
Types of web application filters
There are basically two types of Web Application Filters:
- Client-side filters: Here the validation of input takes place on the client-side itself as the browser of the client contains the needed filter . if the data input by the user satisfies the filter criteria, then the data of the user is accepted by the browser else it is rejected by displaying the essential error message. the client-side filters are easier to tamper or bypass by intruders or hackers as the client browser is easily accessible to them thus it fails to provides better security to data and don’t safeguarding it against tampering. since the filters are present in the client browser, the response time is gradually less as compared to server-side filters as the input data and validity check has to be sent to and fro from the browser of the user of the computer. the code in which client-side filters are written in HTML, Java, etc.
- Server-side filters: These are the filter checks present in the server. The server checks whether the input is following the accepted standard or not. unlike the client-side filters, the data or information entered by the user is forwarded directly to the server and is not checked by the browser. if the input of the user satisfies the filter present in the server, then the data is accepted else it is rejected by displaying the essential error message. the server-side filters are difficult to tamper or bypass by intruders or hackers as the server is not easily accessible to them thus it provides better security to data by safeguarding it against tampering. since the filters are present in the server, the response time is gradually higher as compared to client-side filters as the input data and validity check has to be sent to and fro from the server to the user of the computer. thus, it adds to extra overhead in the server. the code in which the server-side filters are written in PHP,c++.
let’s understand the server-side filter with an example.
- Suppose we input something in the wrong format, suppose we don’t enter ‘@’ in while typing our email.
- The input we entered will be forwarded to the server.
- The server-side filter present in the server will check if the input we gave is following the correct standards of input or not.
- The server-side filter will detect the absence of ‘@’ in the email input, which is a deviation from the correct standard.
- On finding errors, the server-side filters won’t accept our input.
- It will forward the error with the proper message back to our web browser.
- The error message ‘@ is missing in email’ will be displayed to the user.
Features of server-side filters:
- Server-side attacks are difficult to perform since the code is not easily reachable in our hands and also, we don’t know how the inputs are validated using the server-side filters. thus the hacker or the intruder finds it difficult to perform full-scale attacks on the server-side by exploiting the server-side filters.
- Server-side filters cant be bypassed easily since the hackers cant get direct access to the server. due to this, the server-side filter makes sure to detect suspicious requests and block them instantly thereby blocking the hackers from hacking them.
- The data entered by the user isn’t checked by the browser or client-side and is directly forwarded to the server for validation, thus the browser doesn’t get any extra overhead as the filters are present on the server-side and not on the client-side. so it is the responsibility of the server to check for the user’s data and validate it if it follows the normal standard procedure.
Advantages of server-side filters:
As compared to client-side filters, the server-side filters have much more advantages. the advantages of the server-side filters are listed below-
- The speed at which data are executed as the servers are considered to be powerful machines.
- Also, filtered data refers to a lesser amount of useful data among the bulk of data, thereby directly affecting the transfer speed between the client and the server.
- The filtered data has lesser volume therefore it contributes to lesser traffic
- It ensures proper security of data as it’s not easily be captured by hackers.
- Server-side filters work best when the available resources are not known, thereby reducing the load of client browsers to filter the data.