So far, we've only talked about the how, the machinery of a network application: network connections, encapsulating data and all that. Now it's time to talk about the what, the purpose of this application.
In other words, let's talk about the application layer. From this perspective, the network is just some sort of magic device that lets the participants exchange protcol messages transparently. How these protocol messages are called depends largely on your conceptual view.
For instance, many protocols describe client/server interaction in terms of commands and responses. Many middleware layers such as Sun RPC try to hide the underlying network magic even more, and encourage programmers to think of network operations pretty much like they were local procedure calls. CORBA, the Common Object Request Broker Architecture, doesn't want you to know anything about an object's location, it could be on a remote server, or within the address space of the calling process. CORBA objects look and behave exactly as if they were ordinary objects in your local process.
Convenient as that may be, it is also deceptive from a security point of view. Data received from remote should not be trusted blindly, at least when the peer could gain additional privilege through you. So don't let the familiar look and feel deceive you.
The number of mistakes you can make at the application layer is as varied as the number of things you can do with data. The options of shooting your own foot are virtually limitless.
So unlike previous chapters, there isn't much I can tell you here about a canonical ``good coding practice.'' There are however quite a number of very common mistakes that you can avoid when you know them, and keep a careful eye on these things as you code.
A number of these will probably sound like very stupid bugs that only really stupid people would make, because they are so obvious (the bugs, not the people). But that's just because you know it's a bug. When you're caught up in coding these things do tend to slip through the cracks, so some of the bugs described below even happend to experienced coders once in a while. So beware!