Always validate user input to make sure it is what you expect. Make sure it does not mark or other alphanumeric data, which is often controlled in a special way by your program or your program program.This be entered for characters such as quotation marks and verify unusual characters can be manipulated as not call sign, in which there is provided a string. Are signs of an attack of some sort are often tempted.
2. Check Range
Always when copying data, memory allocation, or the execution of a transaction could verify overflow areas. Some programming languages provide controlled access area container (like std :: vector :: at () in C ++, but many programmers insist on the use of non-controlled index series [] notation. In Furthermore, the use of functions such as strcpy () should be avoided instead of strncpy () that allows you to copy. Similar versions of functions like snprintf () instead of sprintf () and fgets () instead of gets () the maximum number of characters equivalent length of the buffer specification. use these functions in your code to avoid buffer overflows. Even if your chain has its origin in the program, and you think you can get with strcpy () away, because you know the length of the chain, which does not mean that you or someone else, do not change things in the future and leave the system in a file Panel to display the command line or direct user input. get in the habit control range should be all in the software. a large number of security issues
3. The principle of least privilege
This is especially important if your program is run as root for part of its mandate. Where possible, a program that does not fall on the privileges and the use of higher than for the actions they need privileges. An example is the Postfix mail server, the A modular structure., The components root privileges need a series of items are not allowed fewer attacks paths that lead to root access and increases the safety of the whole system, because the few ways that can be analyzed critically for security This form of privilege separation.
4.Dont Race
A race condition is a situation in which a program of operation in a series of steps, and an attacker has the chance to catch it between the steps and the system is modified. An example would be a program, file permissions, and then opened. The file will be checked Check the stat () call from approval to open the file, could call fopen (), an attacker modifies the file by renaming another open with the name of the original file. To avoid this, use the fopen () the file first, then fStat () which takes a file descriptor instead of a file name. Since a file descriptor still points to the file (open) with fopen, even if the file has been modified later, the fstat () call is guaranteed to check the permissions of a file. Many other race conditions exist and there are often ways that prevent by carefully choosing the order of execution of certain functions. 5.Register Error Handler
Many languages support the concept of a function that can be called when an error is detected, or a flexible concept exceptions. Benefits to be detected by this unexpected and a safe place in the code rather than proceeding blindly in the hope that the input from the user program, or worse will not crash!
0 Response to "5 Security Considerations for coding "
Post a Comment