Overcoming Apparent Communication Errors

A communication error occurs whenever someone tries to send data to your server or receive information from your server and the data doesn’t arrive at all or it becomes damaged in some way. Generally, the server handles communication errors by resending the data behind the scenes or as the result of a user request to refresh the data. However, apparent communication errors are different from the naturally occurring type. In this scenario, a cracker tampers with the data in some way or tries to request a refresh of data that the cracker shouldn’t access at all.

Tampering is the most frequent problem. A cracker could send a script as input to one of the fields of a form. As part of the process of trying to interpret what appears as data, the server ends up running the script. Chapter 3 covered these issues in the “Preventing Data Entry Errors” section. Tampering as a means of creating an apparent communication error is a significant issue because the cracker can gain access to your system.

Most developers think that the data transfer error is the only communication problem they’ll ever have. However, developers need to broaden their definition of communication. Some sites actually end up causing security problems by communicating poorly with the user. For example, when a developer asks for information from the user, the request needs to have these characteristics:

• Clearly stated so the user understands what you mean.

• Grammatically correct so the user doesn’t stumble over the text.

• All words spelled correctly so the user understands specific terms.

• Short, so the developer doesn’t stretch the user’s attention span to the limit.

Communication in all its forms is a secure computing requirement. All types of data transfer must take place without error or you’re going to have more security problems than you expect. Look for user problems in addition to the usual data transfer problems.