As many of you know, Im still tinkering with programming, and while I work on learning some proficiency, some concepts that I commonly think about in data security crop up while I tackle these things, and I dislike it when there are no clear answers for me. An example: While the convenience of being able to employ system PATH environmentals when writing code is really nice for programers (because it allows for sooo much more flexibility). It sure has its downside too. I know of so many examples of exploits that have been discovered that abuses this premise and allows counterfeit or modified dll usage, that in turn results in user account privilege escalations and nefarious unauthorized behind the scene computer activity. While in some cases fully qualified paths are just as easy to employ by programers sometimes they are not. But even then most of the time coders are just used to using PATH environmentals and so they will continue to do so even when the finalized code could have been just as reliably executed using full paths as well. So what should security conscious coder do? There is no easy answers coming to my mind... Thoughts anyone?
Posted on: Sun, 30 Mar 2014 14:51:53 +0000
Trending Topics
Recently Viewed Topics
© 2015