do. command. safety. ?

Mark Waddingham mark at livecode.com
Tue Apr 3 06:50:21 EDT 2018


On 2018-04-02 07:06, Richard Gaskin via use-livecode wrote:
> You were just thinking constructively.  You look for outcomes that
> benefit people.  That's a good perspective to have.  Most devs do.
> 
> Maliciously breaking things requires a different mindset.

Or just recast the problem as an entirely constructive one...

We're thinking of this problem in terms of 'how can someone maliciously 
cause damage through code I've written' - however that problem is no 
different from a much more benign one...

   "How can a completely benign user accidentally cause our code to get 
into an unintended state"

In the case of the 'do' command which initiated this discussion - then 
imagine you are doing some sort of processing of user input on a form - 
and (for whatever reason - there are many) you are using do:

   on commitButtonPressed
     ...
     do "put" && quote & field "Username" & quote & "into tRecord[1]"
     ...
   end commitButtonPressed

Here I'm imagining a card on a stack which is some sort of form. There's 
a 'continue/commit' button which causes commitButtonPressed to be 
called. The data you want to process is in fields on the card - in this 
case the user is required to enter a username - that goes into field 
"Username".

The benign user (whether it be just because they have made a typo or are 
just slightly perverse) enters newuser" - i.e. newuser with the quote 
char at the end.

This input will result in the above code not working correctly, as the 
do command will try and execute:

   put "newuser"" into tRecord[1]

Which will fail, meaning that tRecord[1] will hold empty - which will 
mean the rest of the code will be faulty.

Put another way, all cases where code could be maliciously subverted are 
also cases where your code could break through simple user error.

I'm not sure if that makes the problem any simpler to think about - but 
it at least removes the notion that maliciousness is the reason to be 
careful, and replaces it with robustness (which seems slightly more 
positive, at least).

Warmest Regards,

Mark.

-- 
Mark Waddingham ~ mark at livecode.com ~ http://www.livecode.com/
LiveCode: Everyone can create apps




More information about the Use-livecode mailing list