.: 5 Security Considerations When Coding
By:Bryce Whitty
Category:Home / Computers / Security / Web Site
1. Input Checking
Always check user input to be sure that it is what you expected. Make sure it doesn’t contain characters or other data which may be treated in a special way by your program or any programs called by your program.This often involves checking for characters such as quotes, and checking for unusual input characters such as non-alphanumeric characters where a text string is expected. Often, these are a sign of an attack of some kind being attempted.
2.Range Checking
Always check the ranges when copying data, allocating memory or performing any operation which could potentially overflow. Some programming languages provide range-checked container access (such as the std::vector::at() in C++, but many programmers insist on using the unchecked array index [] notation. In addition, the use of functions such as strcpy() should be avoided in preference to strncpy(), which allows you to specify the maximum number of characters to copy. Similar versions of functions such as snprintf() as opposed to sprintf() and fgets() instead of gets() provide equivalent length-of-buffer specification. The use of such functions throughout your code should prevent buffer overflows. Even if your character string originates within the program, and you think you can get away with strcpy() because you know the length of the string, that doesn’t mean to say that you, or someone else, won’t change things in the future and allow the string to be specified in a configuration file, on the command-line, or from direct user input. Getting into the habit of range-checking everything should prevent a large number of security vulnerabilities in your software.
3.Principle Of Least Privileges
This is especially important if your program runs as root for any part of its runtime. Where possible, a program should drop any privileges it doesn’t need, and use the higher privileges for only those operations which require them. An example of this is the Postfix mailserver, which has a modular design allowing parts which require root privileges to be run distinctly from parts which do not. This form of privilege separation reduces the number of attack paths which lead to root privileges, and increases the security of the entire system because those few paths that remain can be analysed critically for security problems.
4.Don’t Race
A race condition is a situation where a program performs an operation in several steps, and an attacker has the chance to catch it between steps and alter the system state. An example would be a program which checks file permissions, then opens the file. Between the permission check the stat() call and the file open the fopen() call an attacker could change the file being opened by renaming another file to the original files name. In order to prevent this, fopen() the file first, and then use fstat(), which takes a file descriptor instead of a filename. Since a file descriptor always points to the file that was opened with fopen(), even if the filename is subsequently changed, the fstat() call will be guaranteed to be checking the permissions of the same file. Many other race conditions exist, and there are often ways to prevent them by carefully choosing the order of execution of certain functions.
5.Register Error Handlers
Many languages support the concept of a function which can be called when an error is detected, or the more flexible concept of exceptions. Make use of these to catch unexpected conditions and return to a safe point in the code, instead of blindly progressing in the hope that the user input won’t crash the program, or worse!
Article keywords: security, coding, programming, php, hacking, c++, code, secure
Article Source: http://www.articles32.com
Bryce Whitty owns and runs www.technibble.com”>computer repairwebsite called www.technibble.com”>Technibble.com. A website that provides technical how-to’s for repairing your computer. Technibble also has many guides for getting into the www.technibble.com”>computer business or managing your existing one. We also cover other side topics such as Security and Software.
.: New Web Site Articles
1). How To Use Spyware Elimination Software
Spyware elimination software is designed to detect and
eliminate spyware. A large number of spyware elimination software products are available. Some of them are available as freeware and some as shareware. Shareware can be used for a specified period, usually 30 days.
2). Spyware and Adware: New Threats to Your Computer
So you think you have a anti virus an anti spyware, on your computer and you computer and business is safe this is the misconception most people have because there are some really deadly spyware and adware waiting to seriously affect your
3). How Spyware Blaster Can Protect Your Computer From Harm
By browsing a web page, you could infect your computer with spy ware, ad ware, dialers and hijackers.
4). Adware Removal Thats Free, Avoid The Pitfalls
Removal programs can sometimes seem hard to find. You click on a link that promise really free adware removal programs, but end up on a site with programs that eventually turn out to have a lot of strings attached. You might only be able to try out the really free adware removal program for a very short time, such as a few days, before you must purchase an expensive version of the program.
5). Spyware - Is Your Computer Safe?
Spyware is the virtual plague of the new Millenium. You no longer have to receive emails with viruses in them or even click on dangerous links on websites.
6). Stalker Case Study 4: Suicide Can Be Profitable
This is a real life case study that shows how dangerous is really is out there. What are you doing to get yourself and your family safe online?
7). Safely Surfing the Internet and staying free from Spyware.
In addition to installing anti-spyware software, be careful of the websites that are surfed on your computer.
.: Top Web Site Articles
1). Signs That Your Home Computer Is Infected by Spyware or Adware
There are a number of indicators you can watch for which will suggest that your computer has been infected by spyware or adware. Please note that some of the symptoms listed below are not unique to just a spyware or an adware infection.
1) PC Performance – Both Spyware and adware consume your PC’s resource like computer memory. A bad spyware infection could dramatically slow your computer’s performance including causing your system’s to become increasingly unstable.
2). Ten Steps to Reduce Your Risk of Identity Theft
You've probably heard about identity theft on television or read about it in the newspaper, and you may already be aware of the damage these crimes can cause victims and their families. What you may not know is how to protect yourself from these attacks. Below you'll find ten steps that can help you minimize your chances of becoming another identity theft statistic.
3). 9 Warning Signs You Might Be Infected With Spyware And/Or Adware
It was recently reported that there are over 350,000 websites worldwide that help proliferate spyware and adware. Here are 9 signs that you might have become a victim.
4). Protect Yourself with Spy Bug Detectors
If you are involved in surveillance on other people, chances are that there are other people involved in surveillance on you. In order to detect when others may be listening in on you, it is a good idea to keep one or two different types of spy bug detectors. Because there are plenty of different bugs out there, and because they make use of a variety of different technologies, it is important to have at least two different types of spy bug detectors in order to sweep for multiple types of listening devices.
5). A Basic Guide To Internet Security
The internet is a wonderful place; many of us use it on a regular basis for a multitude of functions. Email helps us to keep in touch with family, and friends all over the world and most people have at least one email account. The growing use of digital cameras and camera phones means that we can send pictures at the click of a mouse. MP3 players have become increasingly popular, and we can download songs to play on them with extreme ease.
6). Security Management - Software and hardware to keep your investment secure.
Security management is essential to any company. There are many different aspects of security management including Computer Network security, Entry Identification and Logging system and Fire Detection and Prevention.
Companies are increasingly using programmed magnetic or chipped Identity Cards for employees that allow access only to specific parts of the site.
7). Businesses Face Spyware Threats on a Day to Day basis.
Businesses are banning accress to certain websites in order to gain some control over spyware from downloading on their network.