方法、类型和可被定义为不安全的代码块。
要编写安全的代码,必须首先了解您的应用面临的威胁。
To write secure code, you must first understand the threats to which your work is exposed.
这样也会帮助使用者和开发者下次能够据此问题写出更安全的代码。
This also serves to the user or developer as a lesson to write more secure code next time around.
CWE还为程序员提供了编写更安全的代码所需要的更详细的内容。
CWE also provides more details needed for programmers to write more secure code.
另一个是个人客户,他在站点安全性方面比较宽松,可能将不安全的代码上载到这个站点。
The other is an individual customer who is lax about site security and is known to upload insecure code to his site.
若要确定所使用的语言编译器是否生成可验证为类型安全的代码,请参见编译器的文档。
To determine whether the language compiler you use generates verifiably type-safe code, consult the compiler's documentation.
如果调用方会影响代码生成,这一问题会更加恶化,所以您必须保证只生成您认为安全的代码。
The problem worsens when the caller can influence code generation, so you must ensure that only code you consider safe is generated.
这种方法根本不会产生安全的代码,因为您无法创建足够多的测试来涵盖攻击者能做到的所有稀奇古怪的事情。
That approach simply won't produce secure code, because you can't create enough tests to represent all the odd things an attacker can do.
通过强类型数据结构来使用webservice,使用它支持的数据结构和易于使用的接口来维护快速并安全的代码。
Using web services via strongly typed data structures and maintaining rapid and safe codes with its supporting data structures and easy to use interface.
从表面上看,锁省略似乎可以允许我们不必忍受同步带来的负担,就可以编写线程安全的代码了,前提是在同步的确是多余的情况下。
On the surface it looks as though lock elision allows us to write thread safe code without any synchronization penalty for using in cases where it really wasn't needed.
但是,如果代码以任意偏移量访问内存,该偏移量超出了属于该对象的公开字段的内存范围,则它就不是类型安全的代码。
However, if the code accesses memory at arbitrary offsets outside the range of memory that belongs to that object's publicly exposed fields, it is not type-safe.
因为类型安全的代码不会导致内存错误,所以使用应用程序域可以确保在一个域中运行的代码不会影响进程中的其他应用程序。
Because type-safe code cannot cause memory faults, using application domains ensures that code running in one domain cannot affect other applications in the process.
坚固的代码是一种突破,并注入这样一种心态:安全的代码同样应该成为引以为傲的源泉,就像优雅的、表现出色的高质量代码一样。
Rugged code is a way of breaking through and instilling a mindset that secure code should be a pride-of-ownership issue just as much as elegant, high performing, and high quality code is.
由于公共语言运行时能够验证代码是否为类型安全的代码,所以它可以提供与进程边界一样大的隔离级别,而其性能开销则要低得多。
The ability to verify code as type-safe enables the common language runtime to provide as great a level of isolation as the process boundary, at a much lower performance cost.
另一种是找到确保软件开发人员编写的代码中有更少的缺陷的方法,这样黑客就有更少的安全漏洞可以利用。
Another is to find ways to ensure that software developers produce code with fewer flaws in it so that hackers have fewer security holes to exploit.
这种不小心的解释会导致恶意代码的执行和潜在的安全侵犯。
This inadvertent interpretation can lead to malicious code execution and possible security violations.
例如,CLASP为开发人员提供了一个安全代码指南的例子。
For instance, CLASP provides an example set of secure coding guidelines for developers.
静态类型可以提供更好的安全性,而且显然还可以提高代码的可读性。
Static typing possibly enables better security and definitely improves code readability in places.
按需脚本可能包含打算攻击XXS等安全漏洞的恶意代码。
On-demand scripts can include malicious code aimed at exploiting security vulnerabilities such as XSS.
DojoX Secure包含从外部域安全加载潜在恶意的代码、内容和UI工件需要的组件。
DojoX Secure includes components that are necessary for safely loading potentially malicious code, content, and UI artifacts from external domains.
Jt框架还使用声明安全性来避免编写易出错的安全代码。
The Jt framework also uses declarative security which avoids the need for error-prone security coding.
最后,清单14中的代码负责安全删除解密文本文件,从而去除任何存储在磁盘上的纯文本信息。
Finally the code in Listing 14 handles the secure deletion of the decrypted text file to remove any clear text information stored on disk.
这些工具帮助用户利用我们在内部使用多年的工具,编写自己的安全和高质量的托管代码或原生代码。
This helped customers write secure and quality code for managed and native platforms using the same tools that we had been using internally for years.
它的好处—就代码安全和简单性而言,甚至经常就性能而言—是巨大的。
Its benefits - in terms of code safety and simplicity, and often even in terms of performance - are enormous.
只有在您认为代码能够安全执行的情况下,才应该使用NOT FENCED存储过程。
A NOT FENCED stored procedure is recommended only if you consider the code safe to execute.
它演示了自动化技术、TAL和自动化定理证明,从而验证了操作系统中和运行时复杂的低级代码的安全性。
Demonstration of automated techniques, TAL and automated theorem proving, to verify the safety of the complex low-level code in the operating system and run-time.
此功能的目的是帮助开发人员,通过运行一个完整的测试集来检查在签入代码的时候所更改的代码是否安全。
The purpose of this feature is to assist the developer in running a complete set of tests which would show if the code change is safe to be checked-in.
换句话说,编译器生成的代码与您手工编写的不用泛型、检查程序的类型安全后进行强制类型转换所得到的代码基本相同。
In other words, the compiler generates pretty much the same code you would have written by hand without generics, casts and all, after checking the type-safety of your program.
换句话说,编译器生成的代码与您手工编写的不用泛型、检查程序的类型安全后进行强制类型转换所得到的代码基本相同。
In other words, the compiler generates pretty much the same code you would have written by hand without generics, casts and all, after checking the type-safety of your program.
应用推荐