• Post Reply Bookmark Topic Watch Topic
  • New Topic
programming forums Java Mobile Certification Databases Caching Books Engineering Micro Controllers OS Languages Paradigms IDEs Build Tools Frameworks Application Servers Open Source This Site Careers Other Pie Elite all forums
this forum made possible by our volunteer staff, including ...
Marshals:
  • Campbell Ritchie
  • Ron McLeod
  • Rob Spoor
  • Tim Cooke
  • Junilu Lacar
Sheriffs:
  • Henry Wong
  • Liutauras Vilda
  • Jeanne Boyarsky
Saloon Keepers:
  • Jesse Silverman
  • Tim Holloway
  • Stephan van Hulst
  • Tim Moores
  • Carey Brown
Bartenders:
  • Al Hobbs
  • Mikalai Zaikin
  • Piet Souris

Help with defensive programming technique

 
Greenhorn
Posts: 1
  • Mark post as helpful
  • send pies
    Number of slices to send:
    Optional 'thank-you' note:
  • Quote
  • Report post to moderator
I have a the following four classes for a project .

FTPApplication- Models FTP commands in a modular, extendible way. This abstract class provides
several methods used by both the client and server.
ServerSession- Models an FTP session with a client. Implements methods declared by FTPApplication
from the perspective of an FTP server.
FTPServer- A pseudo FTP server. Accepts client connection and initiates a session.
FTPClient- A pseudo-FTP client. Connects to server and enters a control loop which enables it to
query the server.

I want to make appropriate changes to harden the software system against attack and misuse. How can I do that and what changes do I need to make?











 
Saloon Keeper
Posts: 8576
71
Eclipse IDE Firefox Browser MySQL Database VI Editor Java Windows
  • Mark post as helpful
  • send pies
    Number of slices to send:
    Optional 'thank-you' note:
  • Quote
  • Report post to moderator
1) When posting code the code must be inside "Code" tags. Highlight the code in the editor and click on the "Code" button just above the editor window. I've fixed it for you this time.

2) That's an awful lot of code to expect people to go through in their spare time. Can you focus in on an area that you're having a particular problem with?
 
Marshal
Posts: 16591
277
Mac Android IntelliJ IDE Eclipse IDE Spring Debian Java Ubuntu Linux
  • Mark post as helpful
  • send pies
    Number of slices to send:
    Optional 'thank-you' note:
  • Quote
  • Report post to moderator
It might help if you explain what kind of vulnerabilities you are trying to mitigate and/or attacks you are trying to defend against.

Also think of how your program might get probed for vulnerabilities. What can you do to minimize the amount of information your program can potentially give to someone probing the app to profile it's attack surface?

Lastly, and this is something that many programmers don't realize, bad code is never secure. Secure code code is always good, clean code. What have you done to ensure that you don't have bad code? Where are your tests?
 
Junilu Lacar
Marshal
Posts: 16591
277
Mac Android IntelliJ IDE Eclipse IDE Spring Debian Java Ubuntu Linux
  • Mark post as helpful
  • send pies
    Number of slices to send:
    Optional 'thank-you' note:
  • Quote
  • Report post to moderator
... and Welcome to the Ranch!
 
Ranch Hand
Posts: 1067
2
IntelliJ IDE Spring Java
  • Mark post as helpful
  • send pies
    Number of slices to send:
    Optional 'thank-you' note:
  • Quote
  • Report post to moderator
I agree, write some junits.
 
Consider Paul's rocket mass heater.
reply
    Bookmark Topic Watch Topic
  • New Topic