Summary

Previous page
Table of content
Next page

  • Do be strict about what you will accept as a valid filename.

  • Do not blindly accept a filename thinking it represents a valid file especially on server platforms.

  • Consider storing temporary files in the users temporary directory, not in a shared location. This has an added benefit of making it easier to run your application in least privilege, because the user has full access to their private directory. However, in many cases, only elevated accounts such as administrator and root can access system temporary directories.


Previous page
Table of content
Next page
19 Deadly Sins of Software Security. Programming Flaws and How to Fix Them
Writing Secure Code
ISBN: 71626751
EAN: 2147483647
Year: 2003
Pages: 239
Authors: Michael Howard, David LeBlanc
BUY ON AMAZON
Identifying and Managing Project Risk: Essential Tools for Failure-Proofing Your Project
VBScript Programmers Reference
Network Security Architectures
C++ How to Program (5th Edition)
Practical Intrusion Analysis: Prevention and Detection for the Twenty-First Century: Prevention and Detection for the Twenty-First Century
Pocket Guide to the National Electrical Code(R), 2005 Edition (8th Edition)
flylib.com © 2008-2017.
If you may any questions please contact us: flylib@qtcs.net
Privacy policy