21 Sep 2004 iddekingej   » (Observer)

kayaking

Not many people ever heard of canoe polo (for example here).
We allways have canoe polo training a monday's night, normaly after 7 O'Clock. In the summer we train outside in a small lake. In the winter we do train in a swimming pool. Until now we could train outside, but in a few weeks that is impossible because then it is getting dark at 6 O'clock. The canoe club does many other thinks like whitewater and flat water touring. Since few months I'am the web master of the club. Currently I'am redesigning the site. I think I make a CMS system for it (I can use an existing one but it is just more fun to make your own).(Btw it is not the new zealand site I gave before. It is a dutch site actually)

Secure programming part I

I'am not a software safety expert but there are some few things I can say about it.

First, it is inportant that there are about 4 different kind of safety bugs in software:
1) User/Admin errors
2) Bugs
3) Wrong protocols
4) A mixture of 2 and 3.

Second there a some things you can do avoiding security bugs:

1) Look at the kind of softare your are going to build:
Every type of software has his own rules how to build safe software

2) Look at every bit of the software where security bugs can appear.

For example when a buffer is used, ask your self are there any buffer overflows.
3) Wich data the program is used is untrusted? How can I make this data trusted when I need it.

4) How can I use mine toolset save? What kind of errors I can make.

5) Build your program in such way that it is easy to check where security bugs are(TODO: how).


That are a few things what came on mine mind when I though about how to make a secure software. Hmm need to search Internet if other had wrote about this... I think there is much more, but I have used mine brain to much today so i'am stopping....

g'night

Latest blog entries     Older blog entries

New Advogato Features

New HTML Parser: The long-awaited libxml2 based HTML parser code is live. It needs further work but already handles most markup better than the original parser.

Keep up with the latest Advogato features by reading the Advogato status blog.

If you're a C programmer with some spare time, take a look at the mod_virgule project page and help us with one of the tasks on the ToDo list!