Revision as of 13:59, 28 January 2019 edit 192.41.131.254 (talk) No edit summary ← Previous edit		Revision as of 15:11, 29 May 2019 edit undo The Anome (talk \| contribs) Edit filter managers, Administrators 260,126 edits caused by a race condition between the checking of the state of a part of a system (such as a security credential) and the use of the results of that check. Tag: Visual edit Next edit →
Line 1: In [[software development]], '''time of check to time of use''' ('''TOCTOU''', '''TOCTTOU''' or '''TOC/TOU)''' is a class of [[software bug]]s caused by ~~changes~~a in[[race ~~a system~~condition]] between the ''checking'' of the state of a ~~condition~~part of a system (such as a security credential) and the ''use'' of the results of that check. ~~This is one example of a [[race condition]].~~ A simple example is as follows: Consider a Web application that allows a user to edit pages, and also allows administrators to lock pages to prevent editing. A user requests to edit a page, getting a form which can be used to alter its content. Before the user submits the form, an administrator locks the page, which should prevent editing. However, since editing has already begun, when the user submits the form, those edits (which have already been made) are accepted. When the user began editing, the appropriate authorization was ''checked'', and the user was indeed allowed to edit. However, the authorization was ''used'' later, at a time when edits should no longer have been allowed.

Time-of-check to time-of-use: Difference between revisions