Revision as of 19:27, 15 August 2004 edit RedWolf (talk \| contribs) Autopatrolled, Administrators 96,283 edits wording ← Previous edit		Revision as of 23:20, 27 August 2004 edit undo Mrwojo (talk \| contribs) Autopatrolled, Extended confirmed users, Pending changes reviewers, Rollbackers 15,713 edits m wikification; still needs quite a bit of work Next edit →
Line 1: '''Defensive programming''' is a form of [[defensive design]] intended to ensure the continuing function of a piece of [[software]] in spite of unforeseeable usage of said software. The idea can be viewed as reducing or eliminating the prospect of [[Murphy's Law]] having effect. Defensive programming techniques come into their own when a piece of software could be misused mischievously or inadvertantly to catastrophic effect. Here are some hints on ~~'''~~defensive programming techniques~~'''~~ to avoid creating security problems. Many of these techniques also improve general quality of code, because almost any major bug can be potentially used by a [[cracker (computing)\|cracker]] for a [[Denial of Service]] or other attack. Line 14: * Either leave the code available to everyone on the Net (see [[Free software]] or [[open source definition]]) or hire someone who will perform a software [[security audit]]. * If possible, reuse code instead of writing from scratch. * Encrypt all important data ~~which~~transmitted ~~flow~~over ~~the Net~~networks. * All data is important until ~~proved~~proven otherwise. * All code is ~~unsecure~~insecure until proven otherwise. * Never make programs [[setuid]] unless you're ~~<b>~~''really~~</b>~~'' sure it's secure. * If data is checked for correctness, verify if it's correct, not if it is incorrect. Crackers are likely to invent new kinds of incorrect data. For example, if you checked if a requested file is not "/etc/passwd", a cracker might pass another Line 24: ---- Preconditions, Postconditions and Invariants validation are also part of Defensive Programming. This may involve checking arguments to a function or method for validity before execution of the body of the function. After the body of a function, doing a check of object state (in OO languages) or other held data and the return value before exits (break/return/throw/error code) is also wise. Preconditions, postconditions and invariants validation are also part of defensive programming. This may involve checking arguments to a function or method for validity before execution of the body of the function. After the body of a function, doing a check of object state (in OO languages) or other held data and the return value before exits (break/return/throw/error code) is also wise. Within functions, you may want to double check that you are not referencing something that is not valid (i.e.:, null) and that array lengths are valid before referencing elements with indexes on all temporary/local instantiations. A good heuristic is to not trust the libraries you did not write either. So any time you call them, check what you get back from them. It often helps to create a small library of "asserting" and "checking" functions to do this along with a logger so you can trace your path and reduce the need for extensive debugging cycles in the first place. With the advent of logging libraries and aspect oriented programming, many of the tedious aspects (yes, a pun) of defensive programming are mitigated. Generally speaking then, it is preferrable to throw intelligible exception messages that enforce part of your [[application programming interface\|API]] contract and guide the client [[programmer]] instead of returning values that a client programmer is likely to be unprepared for and hence minimize their complaints and increase robustness and security of your software. ▼ ▲Generally speaking then, it is preferrable to throw intelligible exception messages that enforce part of your API contract and guide the client programmer instead of returning values that a client programmer is likely to be unprepared for and hence minimize their complaints and increase robustness and security of your software. ------------------------------------- Books: * William R. Cheswick and Steven M. Bellovin, ~~<cite>~~''Firewalls and Internet Security: Repelling the Wily Hacker~~</cite>~~'' ISBN 0201633574 http://www.wilyhacker.com/ External references:

Defensive programming: Difference between revisions