Content deleted Content added
Sam Hocevar (talk | contribs) m spelling |
m sp, -hrs |
||
Line 5:
Note that the techniques below are ''not'' sufficient to ensure security: see the articles [[computer insecurity]] and [[secure computing]] for more information.
<!-- Please expand this article. These random notes should be changed to a more coherent article. -->
Line 22 ⟶ 20:
you checked if a requested file is not "/etc/passwd", a cracker might pass another
name of this file, like "/etc/../etc/passwd".
Preconditions, postconditions and invariants validation are also part of defensive programming. This may involve checking arguments to a function or method for validity before execution of the body of the function. After the body of a function, doing a check of object state (in OO languages) or other held data and the return value before exits (break/return/throw/error code) is also wise.
Line 29 ⟶ 25:
Within functions, you may want to double check that you are not referencing something that is not valid (i.e., null) and that array lengths are valid before referencing elements with indexes on all temporary/local instantiations. A good heuristic is to not trust the libraries you did not write either. So any time you call them, check what you get back from them. It often helps to create a small library of "asserting" and "checking" functions to do this along with a logger so you can trace your path and reduce the need for extensive debugging cycles in the first place. With the advent of logging libraries and aspect oriented programming, many of the tedious aspects (yes, a pun) of defensive programming are mitigated.
Generally speaking then, it is
-------------------------------------
| |||