Affected Languages

Previous page
Table of content
Next page

Unlike many other sins, the sin of trusting name resolution is completely independent of the programming language you use. The problem is that the infrastructure we rely on has design flaws, and if you dont understand the depth of the problem, your application could also have problems.

Instead of looking at the problem in terms of affected languages, look at it in terms of affected types of applications. The basic question to ask is whether your application really needs to know what system is connecting to you, or which system youre connecting to.

If your application uses any type of authentication, especially the weaker forms of authentication, or passes encrypted data across a network, then you will very likely need to have a reliable way to identify the server, and, in some cases, the client.

If your application only accepts anonymous connections, and returns data in the clear, then the only time you need to know who your clients are is in your logging subsystem. Even in that case, it may not be practical to take extra measures to authenticate the client.


Previous page
Table of content
Next page
19 Deadly Sins of Software Security. Programming Flaws and How to Fix Them
Writing Secure Code
ISBN: 71626751
EAN: 2147483647
Year: 2003
Pages: 239
Authors: Michael Howard, David LeBlanc
BUY ON AMAZON
Qshell for iSeries
A Practitioners Guide to Software Test Design
101 Microsoft Visual Basic .NET Applications
The New Solution Selling: The Revolutionary Sales Process That Is Changing the Way People Sell [NEW SOLUTION SELLING 2/E]
Twisted Network Programming Essentials
Quartz Job Scheduling Framework: Building Open Source Enterprise Applications
flylib.com © 2008-2017.
If you may any questions please contact us: flylib@qtcs.net
Privacy policy