Author Login | Popular Articles | RSS Feeds | Sitemap

Home | Internet-and-business-online


5 Security Considerations When Coding

By: Bryce Whitty

1. Input Checking

Always check user input to be sure that it is what you expected. Make sure it doesn't contain characters or other data which may be treated in a special way by your program or any programs called by your program.
This often involves checking for characters such as quotes, and checking for unusual input characters such as non-alphanumeric characters where a text string is expected. Often, these are a sign of an attack of some kind being attempted.

2.Range Checking

Always check the ranges when copying data, allocating memory or performing any operation which could potentially overflow. Some programming languages provide range-checked container access (such as the std::vector::at() in C++, but many programmers insist on using the unchecked array index [] notation. In addition, the use of functions such as strcpy() should be avoided in preference to strncpy(), which allows you to specify the maximum number of characters to copy. Similar versions of functions such as snprintf() as opposed to sprintf() and fgets() instead of gets() provide equivalent length-of-buffer specification. The use of such functions throughout your code should prevent buffer overflows. Even if your character string originates within the program, and you think you can get away with strcpy() because you know the length of the string, that doesn't mean to say that you, or someone else, won't change things in the future and allow the string to be specified in a configuration file, on the command-line, or from direct user input. Getting into the habit of range-checking everything should prevent a large number of security vulnerabilities in your software.

3.Principle Of Least Privileges

This is especially important if your program runs as root for any part of its runtime. Where possible, a program should drop any privileges it doesn't need, and use the higher privileges for only those operations which require them. An example of this is the Postfix mailserver, which has a modular design allowing parts which require root privileges to be run distinctly from parts which do not. This form of privilege separation reduces the number of attack paths which lead to root privileges, and increases the security of the entire system because those few paths that remain can be analysed critically for security problems.

4.Don't Race

A race condition is a situation where a program performs an operation in several steps, and an attacker has the chance to catch it between steps and alter the system state. An example would be a program which checks file permissions, then opens the file. Between the permission check the stat() call and the file open the fopen() call an attacker could change the file being opened by renaming another file to the original files name. In order to prevent this, fopen() the file first, and then use fstat(), which takes a file descriptor instead of a filename. Since a file descriptor always points to the file that was opened with fopen(), even if the filename is subsequently changed, the fstat() call will be guaranteed to be checking the permissions of the same file. Many other race conditions exist, and there are often ways to prevent them by carefully choosing the order of execution of certain functions.

5.Register Error Handlers

Many languages support the concept of a function which can be called when an error is detected, or the more flexible concept of exceptions. Make use of these to catch unexpected conditions and return to a safe point in the code, instead of blindly progressing in the hope that the user input won't crash the program, or worse!

Article Source: http://www.articlesnatch.com

About the Author:
Bryce Whitty owns and runs computer repairwebsite called Technibble.com. A website that provides technical how-to's for repairing your computer. Technibble also has many guides for getting into the computer business or managing your existing one. We also cover other side topics such as Security and Software.

Tags: , , , , , , , ,
| Print | Ezine Ready | |

Recent Internet-and-Business-Online Articles

  • Google Adsense: Way To Make Money Online With Adsense! By: mack kallis - For the last couple of months, Google Adsense has dominated forums, discussions and newsletters all over the Internet. Already, there are tales of fabulous riches to be made and millions made by those who are just working from home. It seems that Google Adsense have already dominated the internet marketing business and is now considered the easiest way to making money online. The key to success with Adsense is the placing of ads on pages that are receiving high traffic for high demand keywords.
  • Google Adsense Disabled The Entire Account! By: mack kallis - The darkest nightmare a hardworking affiliate webmaster fears is receiving a dreaded Google Adsense Warning, or even worse, a notice that Google Adsense has been disabled for the entire account. The notice starts out like this:-it has come to our attention that invalid clicks have been generated on the ads on your web pages. We have therefore disabled your Google Adsense account. Please understand that this step was taken in an effort to protect the interest of the AdWords advertisers.
  • Use Customer Service Surveys To Build Your Website Traffic By: John Baril - In the middle of our financial crisis and recession, many affiliate marketers are preparing for potential declining earnings. Some of these internet entrepreneurs are wondering if their online enterprise will survive into the future. Listen, if you are one of those worried internet marketers, don't worry! The dreadful clouds of recession are silver-lined with bountiful opportunities! You have doubtless heard about how relationship building is the key to online success. Some Internet marketing experts talk about the process that leads to a closed sale as the "sales funnel";
  • List Building- Implementing List Building Strategies! By: SUKHCHAIN SINGH - List Building: Some Important Considerations For Implementing List Building Strategies One of the most important jobs for any Internet Entrepreneur is list building. Below are five steps for building stronger, more powerful lists that will work harder and more efficiently for your growing internet based business. With a stronger, better list, you will see an increase in profits and traffic flow to your site. The first thing to understand is that quality is more important than quantity when it comes to list building.
  • Uzoom powers your live chat By: JessicaThomson - Facing problems while chatting with your close friends and relatives? Don't get frustrated, it's a problem faced by nearly every person using the live chat systems available on the web. Disturbances such as congestion in the messaging system, connection failure, etc are just a few of the problems that are commonly faced by nearly half of the world. Today, communicating through the net is one of the most highly used systems while a few years back, things were not this easy. Passing a message was extremely difficult and tedious.
  • Number of internet marketing services that can easily help you with this endeavor! By: Rajpatnia - If you elect to do business while on the internet, it is absolutely vital that you learn internet marketing. There are a number of internet marketing services that can easily help you with this endeavor. Knowledge has often been said to equal power. If you are moving your company, or the services that you offer online, it is time to acquire the knowledge that you need in order to gain the momentum in your industry to become powerful. Remember, for more details visit to www.forum-marketing-videos.
  • Right Type of Internet Marketing By: amamam - One of the most difficult things in Internet marketing is trying to figure out the best way to tell people about what you have. If you make the wrong decision, it can have disastrous results. For more detail go to: www.internet-marketing-word.com. So here are a few things to think about when you are looking for an Internet marketing plan.
  • How do you use Google Adsense? By: Subhash Chand Bassi - Google Adsense is online advertising that you can place on your website to make money for you. It is free for you to use, easy to set up, and if you target your ads correctly, you can generate a nice income with very little work on your part. How do you use Google Adsense? By selecting keywords that are relevant to the content on your website you can choose to display ads on your site that visitors are likely to find interesting and click on.
  • How To Select a Cash Gifting Program By: Ken Hightower - What's the Best Cash Gifting System Online There are many cash gifting systems that bring you cash, day after day, but which is the best? Gifting cash online is an explosive way to do business on the Internet and many people who want to make serious cash daily are taking advantage of cash gifting programs. Here's how it works.
  • UK's Most Relevant Search Engine: Searchers.Co.UK By: John Search - How do you find an outlet of Burger King in Sunderland? Why, by using a UK-based search engine of course. Search engines have made our lives immensely easier by allowing us to find the information we require in just a few seconds. Search engines work by crawling the web and crunching all the data they gather according to an algorithm. They condense the most relevant pages for a search term and display them on top of the search results pages (SERPS).

Comments

Search Ebay

Still can't find what you are looking for? Search for it!


Add to Google
ArticleSnatch Authors:
Member Login Sign Up Submit Articles FAQ Submission Guidelines Top Authors
For Publishers:
Most Popular Articles Ezine Notifications Article RSS Feeds Terms of Service
For Everyone:
Blog About Us Link to Us Contact Us New Stuff Link Directory Privacy Policy Sitemap Resources
Our Sites:
Free Magazines Book Your Hotel Stay Free MySpace Tools Massive Video Collection Broadband Speed Test
Click here to submit your free, permanent ads to TheFreeAdForum.com!

Submit Your link to the Open Link Directory Project

Copyright 2005-2008 MJE Sales, LLC. All Rights Reserved.
Proud member of the ArticleCkr Search Network Search Network!
ArticleSnatch.com is free for both publishers and authors to use and is supported entirely from advertising revenue.
Use of our service is protected by our Privacy Policy and Terms of Service.