Revision as of 22:18, 15 November 2005 edit Suruena (talk \| contribs) Extended confirmed users, Pending changes reviewers 8,774 edits mNo edit summary ← Previous edit		Revision as of 13:06, 4 December 2005 edit undo Rebroad (talk \| contribs) Extended confirmed users 4,715 edits mNo edit summary Next edit →
Line 19: Crackers are likely to invent new kinds of incorrect data. For example, if you checked if a requested file is not "/etc/passwd", a cracker might pass another name of this file, like "/etc/..~~/etc~~/passwd". [[Precondition]]s, [[postcondition]]s and [[invariant]]s validation are also part of defensive programming. This may involve checking arguments to a function or method for validity before execution of the body of the function. After the body of a function, doing a check of object state (in [[OO]] languages) or other held data and the return value before exits (break/return/throw/error code) is also wise.

Defensive programming: Difference between revisions