typo (i think)
Mark Lumsden
lumsden at myrealbox.com
Mon Sep 29 09:10:41 PDT 2003
Hello,
I'm not sure if this is the correct address to send this to or if indeed
i've came across a typo, but on page:
http://www.freebsd.org/security/security.html
under the section 'Secure Programming Guidelines', in the second sentence,
theres a part that makes sense but also doesn't quite:
"Never trust any source of input, i.e. command line arguments, environment
variables, configuration files, incoming TCP/UDP/ICMP packets, hostname
lookups, function arguments, etc. If the length of or contents of
the -->date<-- received is at all subject to outside control, then the
program or function should watch for this when copying it around. Specific
security issues to watch for in this are:"
Do you think it means data?
I'm learning programming at the moment and I suppose if the 'date' was
coming from outside then it makes sense, but in the context of the paragraph
I think it means more than just date data (if it means date data at all!).
Sorry to bother you if I'm wrong and/or this is the wrong address.
regards
Mark
More information about the freebsd-www
mailing list