Distrust users

Users are
Extreemly error-prone.
Inherantly stupid.
Often malicious.

You should never trust user input.
Verify everything you are given before acting on it.
Verify the data is entirely good, rather than determining some of it is bad.
If you overlook something, you'll deny something that was ok, not allow something harmful.