Secure programming

From Lazarus wiki
Revision as of 10:46, 19 February 2005 by Ik 5 (talk | contribs) (→‎General Info)
Jump to navigationJump to search

General Info

When developing a program, most likely that it will interact with the user in some way, even if that mean only reading files in the system and report the data.

Usually at schools and at university's when one start to write programs, that person learn how to receive input, while teachers usually say to that person “assume that the data you receive is valid�?. Thats when the problems begin.

From the second that a program receives an input, we can not trust any unknown input that we can not control it.

Reading from a file is an untrusted input, and so does reading users input, or accepting input from a network for example.

Why can I not trust an input ?

In order to understand why an input is dangerous, we first need to understand what is an input.

An input can be from a key stroke, and mouse movement or mouse button clicks, or from reading and accepting information from many other ways like a data stream.

It does not matter what is the type of input, because the user can give us wrong input, and the reasons can be intentionally or by mistake. You can not control this input, one of the reasons is that you can not guess what will be the input that the user will give.

The result could be an empty “data�? that the user gave us, an out of range number or the amount of chars we expected, or even an attempt to change the address of the variable that accept the input from the user. We just can not know what will the user is going to do to us.

Any “unsafe�? handle to the user input can cause for retrieving vital information that the user must not accept, and could not accept, or modification of data that the user could not do any other way, or even break the program itself.

What type of problems can we expect ?