docs
.sk
comprehensive documentation repository
Slovensky
English
tLDP
Home
Man pages
tLDP
Documents
Utilities
About
Secure Programming for Linux and Unix HOWTO
Index
Introduction
Background
History of Unix, Linux, and Open Source / Free Software
Security Principles
Why do Programmers Write Insecure Code?
Is Open Source Good for Security?
Types of Secure Programs
Paranoia is a Virtue
Why Did I Write This Document?
Sources of Design and Implementation Guidelines
Other Sources of Security Information
Document Conventions
Summary of Linux and Unix Security Features
Processes
Files
System V IPC
Sockets and Network Connections
Signals
Quotas and Limits
Dynamically Linked Libraries
Audit
PAM
Specialized Security Extensions for Unix-like Systems
Security Requirements
Common Criteria Introduction
Security Environment and Objectives
Security Functionality Requirements
Security Assurance Measure Requirements
Validate All Input
Command line
Environment Variables
File Descriptors
File Names
File Contents
Web-Based Application Inputs (Especially CGI Scripts)
Other Inputs
Human Language (Locale) Selection
Character Encoding
Prevent Cross-site Malicious Content on Input
Filter HTML/URIs That May Be Re-presented
Forbid HTTP GET To Perform Non-Queries
Counter SPAM
Limit Valid Input Time and Load Level
Avoid Buffer Overflow
Dangers in C/C++
Library Solutions in C/C++
Compilation Solutions in C/C++
Other Languages
Structure Program Internals and Approach
Follow Good Software Engineering Principles for Secure Programs
Secure the Interface
Separate Data and Control
Minimize Privileges
Minimize the Functionality of a Component
Avoid Creating Setuid/Setgid Scripts
Configure Safely and Use Safe Defaults
Load Initialization Values Safely
Fail Safe
Avoid Race Conditions
Trust Only Trustworthy Channels
Set up a Trusted Path
Use Internal Consistency-Checking Code
Self-limit Resources
Prevent Cross-Site (XSS) Malicious Content
Foil Semantic Attacks
Be Careful with Data Types
Carefully Call Out to Other Resources
Call Only Safe Library Routines
Limit Call-outs to Valid Values
Handle Metacharacters
Call Only Interfaces Intended for Programmers
Check All System Call Returns
Avoid Using vfork(2)
Counter Web Bugs When Retrieving Embedded Content
Hide Sensitive Information
Send Information Back Judiciously
Minimize Feedback
Don't Include Comments
Handle Full/Unresponsive Output
Control Data Formatting (Format Strings/Formatation)
Control Character Encoding in Output
Prevent Include/Configuration File Access
Language-Specific Issues
C/C++
Perl
Python
Shell Scripting Languages (sh and csh Derivatives)
Ada
Java
Tcl
PHP
Special Topics
Passwords
Authenticating on the Web
Random Numbers
Specially Protect Secrets (Passwords and Keys) in User Memory
Cryptographic Algorithms and Protocols
Using PAM
Tools
Windows CE
Write Audit Records
Physical Emissions
Miscellaneous
Conclusion
Bibliography
History
Acknowledgements
About the Documentation License
GNU Free Documentation License
Endorsements
About the Author
Legal notice
Secure Programming for Linux and Unix HOWTO
Prev
Next
Chapter 9. Send Information Back Judiciously
Do not answer a fool according to his folly, or you will be like him yourself.
Proverbs 26:4 (NIV)
Table of Contents
9.1.
Minimize Feedback
9.2.
Don't Include Comments
9.3.
Handle Full/Unresponsive Output
9.4.
Control Data Formatting (Format Strings/Formatation)
9.5.
Control Character Encoding in Output
9.6.
Prevent Include/Configuration File Access
Prev
Home
Next
Hide Sensitive Information
Minimize Feedback
Copyright © 2010-2024
Platon Technologies, s.r.o.
Home
|
Man pages
|
tLDP
|
Documents
|
Utilities
|
About
Design by
styleshout