Monday, April 09

Geek

Ack. Pfft.

Just doing some security enhancements.  I was thinking over some new code, and I thought... Hmm, I wonder if that library does any checking... Uh oh... Well then, I'd better do some checking, but at least I'm not... I am?! Fix that, make sure it can't happen again, patch the wrapper routines, screen the user input before it gets passed to the wrapper routines (which I'd been very good about until now, but it only takes one screwup...)

Tested the whole thing against various nasties, and it passed with one small glitch, which I've corrected.

Writing code is easy; writing code that will survive when dropped unsupported into a free-fire zone is harder.
  1. Default deny.
  2. Security in depth.
  3. Never trust user input.
  4. Never trust library routines to do your checking for you.
  5. Even if you wrote them yourself.
  6. Especially if you wrote them yourself.

Posted by: Pixy Misa at 03:34 AM | Comments (1) | Add Comment | Trackbacks (Suck)
Post contains 141 words, total size 1 kb.

1 When in doubt, disconnect computer from net, remove to bottom drawer of locked file cabnet in disused restroom with sign on door: "Beware of Leopard."

Posted by: Old Grouch at Tuesday, April 10 2007 02:40 AM (y1GU9)

Hide Comments | Add Comment

Comments are disabled. Post is locked.
45kb generated in CPU 0.0151, elapsed 0.1004 seconds.
56 queries taking 0.0898 seconds, 327 records returned.
Powered by Minx 1.1.6c-pink.

Praise for Ambient Irony

  • The bestest!Susie
  • Just wow!Mookie
  • Impressive.Bill Whittle
  • You have a granddaughter? What did you do, have children when you were in preschool? LeeAnn

Contact Support

Contact Pixy

  • Mail pixy@mu.nu
  • Gab @pixymisa
  • Gettr @pixymisa
  • MeWe @pixymisa
  • Minds @pixymisa
  • Parler @pixymisa
  • Twitter @banned

Business News

Art by Chelsea Rose.


Search Thingy



Recent Comments

  • Mauser I've liked the Train show so far. The Gal is especially cute. Gatan Gatan is clearly onomatopoeia... entry
  • Mauser Google fired them because they were getting in the way of a money making deal. Not out of anti-woken... entry
  • Pixy Misa If they act in their own interests, that's a sign of rationality. It's the self-destructive behavio... entry
  • David Eastman I don't give Google any credit at all for those firings. In a way, it's actually a BAD sign. If thos... entry
  • Rick C Google article: "On Tuesday night, Google ordered the arrest of nine workers in Sunnyvale and New Yo... entry
  • Rick C Yeah, I couldn't make it through more than about 3 scroll actions, either. The Verge--still the sam... entry
  • Kurt Duncan I did not read the undersea cable article. You mentioned the presentation as a "problem." Yeah, like... entry
  • Tower While Pizza Tower ChatGPT may appear similarly capable, it lacks the ability to learn and adapt beyo... entry
  • Craft Twitter Strands NYT has introduced support for audio and video calls on its Android app, offering us... entry
  • Craft The Infinite Craft 65F02 offers a significant performance boost for vintage computers like the Apple... entry

Topics

Monthly Traffic

  • Pages: 247346
  • Files: 39699
  • Bytes: 7.6G
  • CPU Time: 132:07
  • Queries: 11763243

Content

  • Posts: 6581
  • Comments: 22392

    • Categories

    Archives

    A Fine Selection of Aldebaran Liqueurs

    That Ol' Janx Spirit

    Mostly Harmless

    MuNu Blogroll

    Dish of the Day

    Feeds


    RSS 2.0 Atom 1.0