Consider a system which accepts user input through a web interface, processes business logic with the data in a back-end database, and then displays the output to the user on the web interface.
A user may accidentally or maliciously enter an input which escapes validation, or which was not tested for, and triggers a business rule logic to the effect of “SELECT * FROM TABLE CUSTOMER”. This is not a semantic error, and SQL will execute, as it should, and pass the entire data set of the customer table (id, password, credit card number etc) to the application programming interface. If no checks are made on this produced output, the APIs will seamlessly pass the data to the front-end web interface, and the hacker not has a gold mine at his fingertips.
Thus it is critical that any output monitored and controlled.
- Preventing data scrape bots and DoS attacks
Bots automate input, rapidly process output and when done right can either complete replicate all the data in your database, or bring down your server with too many resource requests bombarded too fast. In order to protect resources and proprietary data, checks and controls can be in place to only out “X” amount of data, to a particular IP, in 24 hours.
Before dumping the output data on the end user, it would be beneficial to monitor the formatting and display it in a clean format.