do. command. safety. ?
mark at livecode.com
Tue Apr 3 06:50:21 EDT 2018
On 2018-04-02 07:06, Richard Gaskin via use-livecode wrote:
> You were just thinking constructively. You look for outcomes that
> benefit people. That's a good perspective to have. Most devs do.
> Maliciously breaking things requires a different mindset.
Or just recast the problem as an entirely constructive one...
We're thinking of this problem in terms of 'how can someone maliciously
cause damage through code I've written' - however that problem is no
different from a much more benign one...
"How can a completely benign user accidentally cause our code to get
into an unintended state"
In the case of the 'do' command which initiated this discussion - then
imagine you are doing some sort of processing of user input on a form -
and (for whatever reason - there are many) you are using do:
do "put" && quote & field "Username" & quote & "into tRecord"
Here I'm imagining a card on a stack which is some sort of form. There's
a 'continue/commit' button which causes commitButtonPressed to be
called. The data you want to process is in fields on the card - in this
case the user is required to enter a username - that goes into field
The benign user (whether it be just because they have made a typo or are
just slightly perverse) enters newuser" - i.e. newuser with the quote
char at the end.
This input will result in the above code not working correctly, as the
do command will try and execute:
put "newuser"" into tRecord
Which will fail, meaning that tRecord will hold empty - which will
mean the rest of the code will be faulty.
Put another way, all cases where code could be maliciously subverted are
also cases where your code could break through simple user error.
I'm not sure if that makes the problem any simpler to think about - but
it at least removes the notion that maliciousness is the reason to be
careful, and replaces it with robustness (which seems slightly more
positive, at least).
Mark Waddingham ~ mark at livecode.com ~ http://www.livecode.com/
LiveCode: Everyone can create apps
More information about the Use-livecode