Don t Embed Corporate Names

Previous page
Table of content
Next page

Don't Embed Corporate Names

I know you've done this; I certainly have. You've written a small code stub to exercise some functionality prior to adding it to the production code. And as you tested it, you needed to make sure it worked with real servers, so you hardcoded an internal server name and connected to it by using a hard-coded account name and potentially a hard-coded password. If you allow this kind of code, you should at least wrap a predefined #ifdef around the code:

#ifdef INTERNAL_USE_ONLY # ifndef _DEBUG # error "Cannot build internal and non-debug code" # endif // _DEBUG // experimental code here #endif // INTERNAL_USE_ONLY

NOTE
This code goes a little futher. The compiler will fail to compile when the code is being compiled for non-debug (release build) and internal use.

You should also consider scanning all source code for certain words that relate to your company, including the following:

  • Common server names (DNS [Domain Name System] and NetBIOS names)

  • Internally well-known e-mail names (such as the CEO)

  • Domain accounts, such as EXAIR\account and account@explorationair.com.


Previous page
Table of content
Next page
Writing Secure Code
Writing Secure Code, Second Edition
ISBN: 0735617228
EAN: 2147483647
Year: 2001
Pages: 286
Authors: Michael Howard, David LeBlanc
BUY ON AMAZON
Qshell for iSeries
SQL Tips & Techniques (Miscellaneous)
Developing Tablet PC Applications (Charles River Media Programming)
Postfix: The Definitive Guide
Introducing Microsoft ASP.NET AJAX (Pro - Developer)
AutoCAD 2005 and AutoCAD LT 2005. No Experience Required
flylib.com © 2008-2017.
If you may any questions please contact us: flylib@qtcs.net
Privacy policy