I dont know whether this is a known method or not but I found this approach quite good enough especially for a person like me who has no way to know everything that goes in and out of an (or any) application. The "No Faith" approach assumes that whatever class you are coding will have some malicious code executing it. You can say that you need to check everytime whether the parameters passed to you and the methods called are called by say the correct users, with the correct privileges and they have passed the correct parameters. It is also important to see, if at all you are using an API or your own code, what are the assumptions that are made in the class that you are calling. Sometimes say when you are writing C code the class may be expecting a character array of a particular length and you may be supplying a longer array or it is not null terminated. Or when you write Java (EE app) than you are not explicitly checking whther the user calling the function has the correct rights or not. Or say you are allocating a resource or using a name which already is used by somebody else or is prone to use by any other program.
So the best idea is to not have any assumptions on how things might work. A good example that came to us when coding alumni. There we check for user privileges when someone delets his own message. First it is checked on the page itself so you dont have an option. If you can somehow access that page (God knows how you can do that !!) and again you somewhow execute that call on the JSP (again I wonder how). There will be another check from the session itself that is difficult to surpass (I cant think of any way that anybody can).
The basic idea is dont trust the layers above you, they may have gotten dirty themselves, just keep a check.
I call it "No Faith" approach to security , you may call it whatever you like.
No comments:
Post a Comment