Wikipedia

Defensive programming: Difference between revisions

Browse history interactively
← Previous editNext edit →
Content deleted Content added
VisualWikitext
* William R. Cheswick and Steven M. Bellovin, <cite>Firewalls and Internet Security:
formatting
Line 9:
<i>Please expand this article. These random notes should be changed to a more coherent article.</i>
 
* One of the the most common problems is unchecked use of constant-size structures and functions
for dynamic-size data (the [[buffer overflow]] problem). This is especially common for [[string]] data in [[C]].
You should never use functions like <tt>gets</tt> and <tt>scanf</tt>.
* Never make your code more complex than necessary. Complexity breeds bugs, including security problems.
 
* Either leave your code available to everyone on the Net (see [[Free software]])
Never make your code more complex than necessary. Complexity breeds bugs, including security problems.
 
Either leave your code available to everyone on the Net (see [[Free software]])
or hire someone who will do [[security audit]] for you.
* If possible, reuse code instead of writing from scratch.
 
* Encrypt all important data that flows the Net.
If possible, reuse code instead of writing from scratch.
* All data is important until proved otherwise.
 
* All code is unsecure until proven otherwise.
Encrypt all important data that flows the Net.
* Never make your program [[setuid]] unless you're <b>really</b> sure it's secure.
 
*If you check data for correctness, check if it's correct, not if it is incorrect.
All data is important until proved otherwise.
 
All code is unsecure until proven otherwise.
 
Never make your program [[setuid]] unless you're <b>really</b> sure it's secure.
 
If you check data for correctness, check if it's correct, not if it is incorrect.
Crackers are likely to invent new kinds of incorrect data. For example, if
you checked if a requested file is not "/etc/passwd", a cracker might pass another
name of this file, like "/etc/../etc/passwd".
 
 
 
Line 37 ⟶ 30:
 
Books:
* William R. Cheswick and Steven M. Bellovin, <cite>Firewalls and Internet Security: Repelling the Wily Hacker</cite> ISBN 0201633574 http://www.wilyhacker.com/
Repelling the Wily Hacker</cite> ISBN 0201633574 http://www.wilyhacker.com/
 
External references:
Retrieved from "https://en.wikipedia.org/wiki/Defensive_programming"