Secure Programmer: Keep an Eye on Inputs

An anonymous reader writes "This article discusses various ways data gets into your program, emphasizing how to deal appropriately with them; you might not even know about them all! It first discusses how to design your program to limit the ways data can get into your program, and how your design influences what is an input. It then discusses various input channels and what to do about them, including environment variables, files, file descriptors, the command line, the graphical user interface (GUI), network data, and miscellaneous inputs."

Re:The more things change....

[Cragen]

Yes, CS100 taught us much about the proper way of doing things, [rant] unless, of course, you went to my school, where the CS200 and CS300 projects used none of the code from the required books, none of the ideas of encapsulation or code re-use, & little of the algorithms actually introduced by the books. You see, all the projects were written by TA's (a group of grad students whose level of TEACHING ability ran from excellent to atrocious), and very little of the code in the project or the student submission was actually viewed by the professor. The phrase "mailing it in" would have been too good for the bums "teaching" our CS courses. We pretty much had to teach ourselves the essence of CS, hoping to someday get to the level of prof. that actually "taught" a course. [/end rant]. Nobody said this was easy stuff. Happy New Year to all.

*cragen