Low level tips for writing secure code.
编写安全代码的技巧。
CWE also provides more details needed for programmers to write more secure code.
CWE还为程序员提供了编写更安全的代码所需要的更详细的内容。
I'll be reiterating many of Writing Secure Code 's lessons throughout this book.
在本书中,我将重复一些编写程序代码的课程。
Completely secure code does not exit, this argument has been theoretically proved.
完全安全码是不存在的,这已经从理论上得到证明。
To write secure code, you must first understand the threats to which your work is exposed.
要编写安全的代码,必须首先了解您的应用面临的威胁。
This also serves to the user or developer as a lesson to write more secure code next time around.
这样也会帮助使用者和开发者下次能够据此问题写出更安全的代码。
Computer firms have learned that writing secure code is almost impossible and that openness is the best defence.
计算机公司已然意识,编写安全代码几乎不可能,只有公开才是最好的防御。
That approach simply won't produce secure code, because you can't create enough tests to represent all the odd things an attacker can do.
这种方法根本不会产生安全的代码,因为您无法创建足够多的测试来涵盖攻击者能做到的所有稀奇古怪的事情。
Rugged code is a way of breaking through and instilling a mindset that secure code should be a pride-of-ownership issue just as much as elegant, high performing, and high quality code is.
坚固的代码是一种突破,并注入这样一种心态:安全的代码同样应该成为引以为傲的源泉,就像优雅的、表现出色的高质量代码一样。
"If programmers are not motivated to, say, use secure libraries or to avoid known bad functions or techniques, where is the incentive to take the tougher path of writing secure code," Long said.
Long说:“如果程序员们不被激励以使用安全的库并避免不好的函数或技术,如何使他们走向更艰难的编写安全代码之路呢? ”。
At least some of the people developing and reviewing the code must know how to write secure programs.
至少某些开发和评审代码的人必须知道如何编写安全的程序。
Surely the framework might be more secure to use in this case, but think of all the includes and checks the framework would have to do before even getting to execute your code!
毫无疑问,在这里使用框架肯定能使你的代码更安全。但是想想这个重量级框架里面的众多的包涵文件和输入检查吧!
Finally the code in Listing 14 handles the secure deletion of the decrypted text file to remove any clear text information stored on disk.
最后,清单14中的代码负责安全删除解密文本文件,从而去除任何存储在磁盘上的纯文本信息。
Based on this trust relationship, applications can share code and data in a secure manner.
基于这一信任关系,应用程序可以安全地共享代码和数据。
You don't need to write any specific code for security, even in a secure environment, because this plug-in runs within the WSRR application and inherits security credentials from WSRR.
您不需要编写任何特定安全代码(即使在安全环境中),因为这个插件将在WSRR应用程序内部运行,从WSRR继承安全凭据。
At startup, the on demand configuration code inside the secure proxy reads the static route file and builds the in-memory routing data.
在启动后,安全代理内部的随需应变配置代码将读取静态路由文件并构建内存路由数据。
Good PHP code should be secure.
优良的PHP代码应该是安全的。
In Part 1 of this series, I discussed some basic PHP design rules and covered how to write secure, simple, platform-independent, speedy code.
在本系列文章的第1部分中,我讨论了一些基本的PHP设计规则,并介绍了如何编写安全、简单、与平台无关且快速的代码。
Ideally, use hash-based message authentication code (HMAC) because it's the most secure.
理想的情况下,使用基于哈布的消息验证码(HMAC),因为它最安全。
To better support secure mobile code provision, MIDP 2.0 will also formally include an over-the-air (OTA) provisioning specification.
为了更好地支持安全移动代码保障,MIDP 2.0还将正式包含无线下载(OTA)保障规范。
Our goal as architects and engineers is to produce robust, working code that provides the desired results in a scalable and secure fashion.
我们作为架构师和工程师的目标是产生可靠、可正常工作的代码,这样的代码以可扩展和安全的方式提供所需的结果。
Message Digests are secure, one-way hash functions that convert arbitrary length data into fixed-length check sum / hash code.
消息摘要是一个安全的、单向的哈希函数,把任意长度的数据转化成固定长度的校验和/哈希码。
This technique is a valid way to keep the system secure, but because there is no real sanitization of the data (only conditions on it), current static analysis tools do not properly analyze such code.
这种技术保持使系统安全的一种有效的方法,但是因为并没有真正地清除数据(仅仅以它作为条件),那么当前的静态分析工具就不能适当地分析这样的代码。
With a few lines of code, I've created a secure asset in the cloud that can only be downloaded with a special URL.
通过几行代码,我在云中创建了一个安全资产,该资产只能通过特殊的 URL下载。
Unless site developers are careful about how they code the secure portions of the process, cryptic security warnings can raise users' hackles.
除非站点开发人员对该过程的安全性编程十分仔细,否则,莫名其妙的安全警告会让用户很恼怒。
Setting up for a secure connection requires a couple more lines of code.
为安全连接进行设置要多几行代码。
DojoX Secure includes components that are necessary for safely loading potentially malicious code, content, and UI artifacts from external domains.
DojoX Secure包含从外部域安全加载潜在恶意的代码、内容和UI工件需要的组件。
Lines 2-8 in listing 1 show a sample of code to connect to the external secure data source using string url.
清单1的2 -8行示例代码展示了如何使用字符串url连接到外部安全数据源。
There may be times when you find yourself in the world of managed code, and you'd like to interact with Office in a secure, garbage-collected world.
可能有时您会发现自己身处托管代码的世界中,并且想与安全的、垃圾回收世界中的Office进行交互。
A link to sample code illustrating a Web service that combines document generation and secure digital signatures in an example workflow is provided below.
下面提供了样例代码的链接,该代码阐述了将文档生成和样例流程中安全的数字签名相结合的Web服务。
应用推荐