 |
|
SQL Server Tips by Burleson |
Avoiding buffer overflows
There are no definitive solutions to this
problem but it is very important to consider security issues when
coding. You should also test and review the code with security
concerns in mind.
Here are some ideas:
-
Define limits (bounds) for the size of
buffers and never let the size come directly or indirectly from
the input.
-
Verify that the limits are not violated
before accessing the buffer.
-
Use string and memory functions that
require an explicit size limit (for example strncpy instead of
strcpy).
-
Use functions that limit the input data
size (for example fgets instead of scanf).
-
Use strlen carefully because the
terminating NULL might be missing.
-
Be careful with functions that do not
NULL terminate the destination string.
-
Use tools to scan for vulnerabilities.
E.g.
RATS-source code review tool that
understands C, C++, Python, Perl, and PHP.
Splint-tool for statically checking C
programs for security vulnerabilities.
ITS4-Static Vulnerability Scanner for C and C++ Code
The above book excerpt is from:
Super SQL
Server Systems
Turbocharge Database Performance with C++ External Procedures
ISBN:
0-9761573-2-2
Joseph Gama, P. J. Naughter
http://www.rampant-books.com/book_2005_2_sql_server_external_procedures.htm |