Help
Options
Didn't know it?
click below
click below
Knew it?
click below
click below
Don't Know
Remaining cards (0)
Know
retry
shuffle
restart
0:00
Embed Code - If you would like this activity on your web page, copy the script below and paste it into your web page.
Normal Size Small Size show me how
Normal Size Small Size show me how
CYB2200 - LAB1
slides
| Question | Answer |
|---|---|
| many software, programs, applications need to | interact with people |
| what are some formats of input | keyboard, mouse click, track pad, touchscreen, reading from files, receiving data from network ... |
| consider if your program takes user input... consider adversary thinking | what could someone deliberately do to compromise your program |
| consider if your program takes user input ... consider that people make mistakes | what could someone unintentionally do to compromise your program |
| what are some defensive programming | input validation, type checking |
| what can be the source of vulnerability | any program input (user input from keyboard, a file, a network connection) |
| what should all input be treated as | potentially dangerous |
| input validation | the process of checking whether user input conforms to what the program is expecting |
| what is the coders/code responsibility | check your input, use appropriate tools and functions to get input, recover appropriately |
| to check your input what should you check | type, range, length, format |
| input type | input data should be of the right data type |
| input range | within a range of possible values (the values make sense) |
| input length | too long or too short |
| input format | specific format? date, phone number, SSN |
| what is a way to use appropriate tools and functions to get input | use safer functions to get input . ex never use gets() use fgets() or getchar() instead |
| never use what input function | gets |
| gets() | char* gets(char* str); |
| gets() function | reads characters from stdin and stores them in str until a newline character or end of file is found |
| why is gets() dangerous for input | it is impossible to tell without knowing the data in advance how many characters gets() will read, and because gets() will continue to store characters past the end of the buffer it is extremely dangerous to use |
| what are two alternative safer functions to gets() | fgets() or getchar() |
| fgets() function | char* fgets(char*str, int num, FILE*stream); |
| str in fgets() | pointer to an array of chars where the string read is copied |
| num in fgets() | maximum number of characters to be copied into str (including the terminating null-character) |
| stream in fgets() | pointer to a FILE object that identifies an input stream (stdin can be used as argument to read from the standard input) |
| what does fgets() return if the read fails | the function returns NULL |
| getchar() | int getchar(void); |
| getchar() function | returns the next character from standard input (stdin) |
| what happens using getchar() if the standard input was at the end of file | the function returns EOF and sets the eof indicator (feof) of stdin |
| what happens using getchar() if some other reading error happens | the function returns EOF but set its error indicator (ferror) instead |
| what are the pros of using getchar() | have better control of what you are reading in |
| what do you need to check when using getchar() | the boundary of the buffer |
| what are ways to recover appropriately | have proper message to indicate problem, drop bad one&ask for a new one until getting a valid input (preferred way), parse it& make changes on input (drop certain characters/symbols),truncate it if input is too long, terminate prog (not a good choice) |
Created by:
user-1830624
Popular Computers sets