One of the fundamental tennets of writing secure applications is to control your inputs - many of the classic exploits against web servers and networked applications rely the way unexpected inputs are mishanded.

The IBM developerWorks site has an interesting article about how to protect your applications.

While it is somewhat Linux centric, the article is still highly relevant to Windows developers, as well as those on other platforms.

One danger area it doesn’t seem to mention is that of inserting input data directly into strings - especially relevant for SQL generation.

Comments

blog comments powered by Disqus
Next Post
Chris Sells  15 Jan 2004
Prior Post
Streams in .NET  26 Dec 2003
Related Posts
Using Constructors  27 Feb 2023
An Inconvenient API  18 Feb 2023
Method Archetypes  11 Sep 2022
A bash puzzle, solved  02 Jul 2022
A bash puzzle  25 Jun 2022
Improve your troubleshooting by aggregating errors  11 Jun 2022
Improve your troubleshooting by wrapping errors  28 May 2022
Keep your promises  14 May 2022
When are you done?  18 Apr 2022
Fixing GitHub Authentication  28 Nov 2021
Archives
January 2004
2004