Redemption Steps

Previous page
Table of content
Next page

For straightforward information leakage, the best starting remedy is to determine who should have access to what, and to write it down as a policy your application designers and developers must follow. Who needs access to the error data? Is it end users or admins? If the user is local on the machine, what sort of error information should you give that user, and what should be given to the admin? What information should be logged? Where should it be logged? How is that log protected?

Of course, you should protect sensitive data using appropriate defensive mechanisms such as access control techniques like ACLs in Windows and Apple Mac OS X 10.4 Tiger, or *nix permissions.

Other defensive techniques are encryption (with appropriate key management, of course) and digital rights management (DRM). DRM is beyond the scope of this book, but in short, users can define exactly who can open , read, modify, and redistribute content, such as e-mail and documents. Organizations can create rights policy templates that enforce policies that you can apply to the content. Of course, you should always go in with the expectation that someone with enough drive will be able to circumvent DRM measures, but knowing that few people in practice will do this.

With timing attacks, the secret data you will generally be protecting will be cryptographic keys. Stick with implementations that are hardened against timing attacks, if you are worried about this threat. Also, this is yet another reason not to build your own cryptographic systems!

C# (and Other Languages) Redemption

This code example is a snippet from the sinful C# above, but the same concept could apply to any programming language. Note the error messages are disclosed only if the user is a Windows administrator. Also, it is assumed this code is using declarative permission requests so the event log code will always work, rather than throwing a SecurityException if the permission has not been granted. 

 try {  // SQL database access code snipped } catch (SqlException se) {  Status = sqlstring + " failed\r\n";  foreach (SqlError e in se.Errors)   Status += e.Message + "\r\n";  WindowsIdentity user = WindowsIdentity.GetCurrent();  WindowsPrincipal prin = new WindowsPrincipal(user);  if (prin.IsInRole(WindowsBuiltInRole.Administrator)) {  Response.Write("Error" + Status);  else {  Response.Write("An error occurred, please bug your admin");  // Write data to the Windows Application Event log  EventLog.WriteEntry("SQLApp", Status, EventLogEntryType.Error);  } }

Note that for some applications, privileged or highly trusted users may be application defined, in which case you would use the application or run-time environments access control mechanisms.

Network Locality Redemption

You may decide that for some applications youll display error information only if the user is local. You can do this by simply looking at the IP address that youre going to be sending data to. If its not 127.0.0.1 or the IPv6 equivalent (::1), dont send the data. Even if the remote address is the public IP of the current machine, sending it to that address will generally broadcast the data to the local network.


Previous page
Table of content
Next page
19 Deadly Sins of Software Security. Programming Flaws and How to Fix Them
Writing Secure Code
ISBN: 71626751
EAN: 2147483647
Year: 2003
Pages: 239
Authors: Michael Howard, David LeBlanc
BUY ON AMAZON
Beginners Guide to DarkBASIC Game Programming (Premier Press Game Development)
Image Processing with LabVIEW and IMAQ Vision
Managing Enterprise Systems with the Windows Script Host
Visual C# 2005 How to Program (2nd Edition)
Wireless Hacks: Tips & Tools for Building, Extending, and Securing Your Network
The Oracle Hackers Handbook: Hacking and Defending Oracle
flylib.com © 2008-2017.
If you may any questions please contact us: flylib@qtcs.net
Privacy policy