There are two important security risks that should be addressed in web$-$based systems that involve accessing a database to validate information provided by a user, like the one you developed in the assignments.

Explain what these two security risks are, and describe how you protect your web application from this type of attack.$$An important question to ask yourself now is why do we need database validation and all the other validation. The answer is that database validation is the last line of defence. If someone accidentally disables the server$-$side validation because they assume the client$-$side validation is all that is needed, we might find data entering our database from malicious sources that know how to disable the client$-$side validation. There is no circumventing the rules placed on the database without actually altering the database structure.

Another scenario where we want to ensure that the database validates the data is for applications that might have multiple different interfaces to the underlying data $($e$.$g$.,$ a web$-$based interface and a mobile interface$).$ If these are developed independently, the development teams may not have the same dedication to ensuring valid data as you have. By enforcing data validity in the database, we can be certain that our data is always of high quality.