http://www.codinghorror.com/blog/archives/001210.html This article provides a wealth of information on how to protect your web application from malicious little web people.  25 points are summarized, with links to a thorough explanation of each scenario from the Common Weakness Enumeration.