New rule. “If you are a developer you cannot trust your designers”. If you happen to do both, Don’t trust yourself. Hold your thought on this one. Right now, I will deal with the title. “Why Interfaces lie”. Recently, I was browsing through some websites, most of them of significant importance. To name a few domains, governmental, state run companies, online services, real-time booking services and smaller user-base networks. I noticed one thing they had in common. ‘Weak Interfaces’. I noticed their online interfaces had loopholes that might still be unknown to the developer of the backend application.
Take an example. Google’s default search engine results number is probably set as 10 and documented the same in its early development stages.
It is pretty sure from the interface Google doesn’t want a single result to be listed. Though this does not create any concern to integrity of the database, it clearly brings to light how weak the constraints set by the designer are.
SQL injection through input forms and Header injections to manipulate cookie information and authenticate websites are prevented to some levels now. However a large number of basic validations are not done just because the backend programmers believe the data received through interfaces are safe. The information relayed across these containers have least amount of respect for the limits set by designer. This works almost everywhere and the validation is often implicitly neglected. The interfaces today are very highly manipulative and unless a refined form of validation is applied to the process logic level some back-doors can create unexpected results.
I was able to a process an online recharge of 5 rupees when a certain telecom company’s basest recharge option was 55 rs. This is no fraudulent action. However it denotes the decreasing credibility of the bounds set by the designer and increasing amount of validation that needs to enforced at the business end. A much more substantial implication would be on the resources. The company let me process the recharge denomination through the online banking portal of a third-party organization and reverting it back when it finally detected the anomaly at an inner core level. Thus creating an alarming denial-of-service (DoS) scenario taking advantage of this hole. This signifies the importance of a refined way of treating interfaces.