Security and the Developer
What do we mean when we refer to “secure code?” In essence, the ultimate purpose of security is to allow “good” code to execute while denying access to “bad” code. Unfortunately, there are no algorithms that let us differentiate “good” code from “bad.” Suppose, for example, that a request is made to append data to a file. Is this an attempt to inject a virus, or is it merely new output being added to some log file?
No security system can judge the intent behind such an action; even humans sometimes have difficulty discerning the true purpose of a piece of code. Instead, the security system concentrates on evidence about the user or code that it knows is factual or can be validated: usernames validated by passwords, ...
Get .NET Framework Security now with the O’Reilly learning platform.
O’Reilly members experience books, live events, courses curated by job role, and more from O’Reilly and nearly 200 top publishers.