December 2006
Beginner to intermediate
560 pages
16h 2m
English
IF I HAD a nickel each time somebody asked for a feature that was a security hole ...
I’d have a lot of nickels.
We begin this chapter by looking at features that are actually security holes and then move on to other security-related matters.
“I WANT A file that all users can write to. My program will use it as a common database of goodies.”
This is a security hole. For a start, there’s an obvious denial-of-service attack by having a user open the file in exclusive mode and never letting go. There’s also a data-tampering attack, where the user opens the file and writes zeros all over it or merely alters the data in subtle ways. Your music index suddenly lost all its Britney Spears songs. (Then ...
Read now
Unlock full access