Chapter 3: Avoiding Common Errors and Traps

Overview

• Keeping Data Entry Errors Controlled

• Preventing Buffer Overruns

• Understanding Access Control Issues

• Using the Appropriate Privileges

• Deterring Canonical Representation Issues

Many of the worst security problems are due to human error. When a user leaves a password pasted on a monitor for the world to see, that’s a significant security problem and it’s one that only the user can prevent. (Finding the password later and removing it is hardly a solution to the problem.)

Developers can make security mistakes too. Some of these errors, such as buffer overruns, receive a lot of press. Other errors receive hardly any notice at all. For example, when was the last time you saw a major article on range checking? Yet, this particular error has many serious security implications.

Traps also come in many forms. A developer may need every second allotted to a project to develop the original code. The problem is that there isn’t time to check for code that is less utilitarian, but necessary nonetheless. For example, a lack of error-trapping code can present a number of security problems. Many crackers enter systems based on the idea that the system is going to crash and become helpless (unable) to prevent the intrusion.

This chapter discusses many of the traps and errors that cause security problems outside the confines of good coding practice. The purpose of this chapter is to help you discover some of the security issues that you cannot address in your code. The goal is to produce code that not only follows all of the technical requirements for good coding practice, but also reduces the number of human error issues.