David A. Wheeler's Blog

Thu, 23 Dec 2004

New “Secure Programmer” Article on Calling Components Safely

The latest article in my “Secure Programmer” series is now available! This series is a developerWorks series on secure development for Linux/Unix.

Article #7 is Secure programmer: Call Components Safely. The posted date is 16 December 2004, but it’s only been available since around 23 December 2004.

Here’s the abstract:

Application programs typically make calls to other components, such as the underlying operating system, database systems, reusable libraries, Internet services (like DNS), Web services, and so on. This article explains how to prevent attackers from exploiting those calls to other components by discussing the use of only secure components, passing only valid data, making sure the data will be correctly interpreted, checking return values and exceptions, and protecting data as it flows between applications and components.

path: /security | Current Weblog | permanent link to this entry