Date: Mon, 29 Sep 2003 17:08:53 +0100 From: "Mark Lumsden" <lumsden@myrealbox.com> To: <www@FreeBSD.org> Subject: typo (i think) Message-ID: <JGEBJECMCOCCBIDFAECFMEHDCCAA.lumsden@myrealbox.com>
next in thread | raw e-mail | index | archive | help
Hello, I'm not sure if this is the correct address to send this to or if indeed i've came across a typo, but on page: http://www.freebsd.org/security/security.html under the section 'Secure Programming Guidelines', in the second sentence, theres a part that makes sense but also doesn't quite: "Never trust any source of input, i.e. command line arguments, environment variables, configuration files, incoming TCP/UDP/ICMP packets, hostname lookups, function arguments, etc. If the length of or contents of the -->date<-- received is at all subject to outside control, then the program or function should watch for this when copying it around. Specific security issues to watch for in this are:" Do you think it means data? I'm learning programming at the moment and I suppose if the 'date' was coming from outside then it makes sense, but in the context of the paragraph I think it means more than just date data (if it means date data at all!). Sorry to bother you if I'm wrong and/or this is the wrong address. regards Mark
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?JGEBJECMCOCCBIDFAECFMEHDCCAA.lumsden>