IBM Computer, Laptops and Servers
Back Homepage Content Directory Resource Guide Blog
Laptop | Servers | Computers | Notebook | Computer | Business Integration | Server | Mainframes | Cheap Laptop | Laptop Batteries

5 Security Considerations When Coding

By: Bryce Whitty

Laptop Battery
1. Input Checking

GuitarTrader.com wants you to feel confident and comfortable that your purchase is transacted with the utmost security. We employ the Internet's strongest security technologies, including Secure Sockets Layer (SSL). The transactions are protected by the highest levels of encryption available to ensure security and privacy. The information is encrypted on your computer, sent through the Internet as jumbled code, and decoded on GuitarTrader.com's secure server. It cannot be read in transit.

Thinkpad
Always check user input to be sure that it is what you expected. Make sure it doesn't contain characters or other data which may be treated in a special way by your program or any programs called by your program.
This often involves checking for characters such as quotes, and checking for unusual input characters such as non-alphanumeric characters where a text string is expected. Often, these are a sign of an attack of some kind being attempted.

If you want your server to continue running after a system reboot, you should add a call to httpd or apachectl to your system startup files (typically rc.local or a file in an rc.N directory). This will start Apache as root. Before doing this ensure that your server is properly configured for security and access restrictions. The apachectl script is designed so that it can often be linked directly as an init script, but be sure to check the exact requirements of your system.

Microsoft
2.Range Checking

Do you guarantee credit card security bit SSL encrypted session protects your personal information as it travels between your computer and our server. We go one step further by requesting the buyer to enter a Credit Security Code, the 3 or 4 digit number located on the back of most cards. The Credit Security Code does not appear on credit statements or receipts, so it assures us that the card being used is truly in possession of the buyer. Additionally, credit card details (such as credit card number, Credit Security Code and expiry date) are not stored on our server once the transaction is complete.

Laptop Computers
Always check the ranges when copying data, allocating memory or performing any operation which could potentially overflow. Some programming languages provide range-checked container access (such as the std::vector::at() in C++, but many programmers insist on using the unchecked array index [] notation. In addition, the use of functions such as strcpy() should be avoided in preference to strncpy(), which allows you to specify the maximum number of characters to copy. Similar versions of functions such as snprintf() as opposed to sprintf() and fgets() instead of gets() provide equivalent length-of-buffer specification. The use of such functions throughout your code should prevent buffer overflows. Even if your character string originates within the program, and you think you can get away with strcpy() because you know the length of the string, that doesn't mean to say that you, or someone else, won't change things in the future and allow the string to be specified in a configuration file, on the command-line, or from direct user input. Getting into the habit of range-checking everything should prevent a large number of security vulnerabilities in your software.

With Laplink Gold 12, based, remote, or mobile employees or volunteers can remotely access complete workstation or server resources from their home or laptop computers. based email, files, databases and applications can be at their fingertips, no matter where the user is or where their data is located. They can also synchronize folders, launch applications, and even reboot a PC or server from any remote location. And Laplink Gold 12 is compatible with any existing firewall and router configurations, providing unparalleled security and simplicity.

Laptop Computer
3.Principle Of Least Privileges

Description Have a friend with a laptop Do they always complain about the heat Cool them down with HandStands' Cool Lift. Designed to help promote air flow and reduce heat, the Cool Lift is perfect for notebook computers with the latest hot processors from Intel, AMD, Motorola, or IBM. Proof Shields for Laptops help prevent scratches from normal laptop use. Proof Shield. It even completely disappears when applied!

Desktop Computer
This is especially important if your program runs as root for any part of its runtime. Where possible, a program should drop any privileges it doesn't need, and use the higher privileges for only those operations which require them. An example of this is the Postfix mailserver, which has a modular design allowing parts which require root privileges to be run distinctly from parts which do not. This form of privilege separation reduces the number of attack paths which lead to root privileges, and increases the security of the entire system because those few paths that remain can be analysed critically for security problems.

Notebooks
4.Don't Race

Lenovo
A race condition is a situation where a program performs an operation in several steps, and an attacker has the chance to catch it between steps and alter the system state. An example would be a program which checks file permissions, then opens the file. Between the permission check the stat() call and the file open the fopen() call an attacker could change the file being opened by renaming another file to the original files name. In order to prevent this, fopen() the file first, and then use fstat(), which takes a file descriptor instead of a filename. Since a file descriptor always points to the file that was opened with fopen(), even if the filename is subsequently changed, the fstat() call will be guaranteed to be checking the permissions of the same file. Many other race conditions exist, and there are often ways to prevent them by carefully choosing the order of execution of certain functions.

Hard Drive
5.Register Error Handlers

Travelstar
Many languages support the concept of a function which can be called when an error is detected, or the more flexible concept of exceptions. Make use of these to catch unexpected conditions and return to a safe point in the code, instead of blindly progressing in the hope that the user input won't crash the program, or worse!

Gateway
About The Author:

Laptop Parts
Bryce Whitty owns and runs computer repairwebsite called Technibble.com. A website that provides technical how-to's for repairing your computer. Technibble also has many guides for getting into the computer business or managing your existing one. We also cover other side topics such as Security and Software.

Software

[ Comment, Edit or Article Submission ]

Share this:

Add To Yahoo MyWeb Add To Google Bookmarks Add To Furl Fav This With Technorati Add To Newsvine Add To Bloglines Add To Ask Add To Windows Live Add To Slashdot Stumble This Digg This Add To Del.icio.us Add To Reddit

More about:

Sep October 2008 Nov
Sun Mon Tue Wed Thu Fri Sat
      1 2 3 4
5 6 7 8 9 10 11
12 13 14 15 16 17 18
19 20 21 22 23 24 25
26 27 28 29 30 31  
IBM Computer, Laptops and Servers Blog on Technorati Related Blog of IBM Computer, Laptops and Servers on Sphere

New Posts on Blog RSS Blog New Posts Feed Atom Blog New Posts Feed

References:
Content Directory
Resource Guide


PC World Business Hardwares Softwares and Services

Website Links
digital cameras | desktops | cognos | hosting | netfinity | internet | cheap computer | digital camera | printer | xseries | maxtor | doEvaTr742167481ckPgS
IBM Computer, Laptops and Servers Copyright © 2008 www.ibmfans.com. All rights reserved. Site Map
Homepage | Blog | Advertise | Privacy Policy | Disclaimer | Contact Us | Links