Secure by design |
![]() | This article includes a |
This article is part of a series on |
Related security categories |
---|
Threats |
Defenses |
Secure by design, in
Generally, designs that work well do not
Also, it is important that everything works with the fewest
Many things, especially input, should be distrusted by a secure design. A
Two examples of insecure design are allowing
#include <stdio.h>
int main()
{
char a_chBuffer[100];
printf("What is your name?\n");
gets(a_chBuffer);
printf("Hello, ");
printf(a_chBuffer);
printf("!\n");
return 0;
}
Because the buffer
until it reads a newline character or buffer
with the assumption that almost any given name from a user is no longer than 99 characters doesn't prevent the user from actually typing more than 99 characters. This can lead to arbitrary
The second flaw is that the program tries to print its input by passing it directly to the
function. This function prints out its first argument, replacing conversion specifications (such as "%s", "%d", et cetera) sequentially with other arguments from its
A related mistake in Web programming is for an online
http://www.example.net/cgi-bin/article.sh?name=dogfood.html
If the script has no input checking, instead trusting that the filename is always valid, a
http://www.example.net/cgi-bin/article.sh?name=../../../../../etc/passwd
Depending on the script, this may expose the