473,388 Members | 1,340 Online
Bytes | Software Development & Data Engineering Community
Post Job

Home Posts Topics Members FAQ

home > topics > c / c++ > questions > do checked iterators/containers make code more secure?

Join Bytes to post your question to a community of 473,388 software developers and data experts.

Do checked iterators/containers make code more secure?

zr
Hi,

Does usage of checked iterators and checked containers make code more
secure?
If so, can that code considered to be reasonably secure?

Nov 20 '08 #1
3 2729
On 2008-11-20 09:08:58 -0500, zr <zv*****@gmail.comsaid:
>
Does usage of checked iterators and checked containers make code more
secure?
If so, can that code considered to be reasonably secure?
Define "secure" and "reasonably secure".

--
Pete
Roundhouse Consulting, Ltd. (www.versatilecoding.com) Author of "The
Standard C++ Library Extensions: a Tutorial and Reference
(www.petebecker.com/tr1book)

Nov 20 '08 #2
zr
On Nov 20, 4:11*pm, Pete Becker <p...@versatilecoding.comwrote:
On 2008-11-20 09:08:58 -0500, zr <zvir...@gmail.comsaid:
Does usage of checked iterators and checked containers make code more
secure?
If so, can that code considered to be reasonably secure?

Define "secure" and "reasonably secure".

--
* Pete
Roundhouse Consulting, Ltd. (www.versatilecoding.com) Author of "The
Standard C++ Library Extensions: a Tutorial and Reference
(www.petebecker.com/tr1book)
Obviously checked iterators make it easier to detect defects, but i am
asking about security. By "secure" i mean resistant to malicious usage
of the application and resistant to other hostile code. I will let the
security experts define the term more precisely.
By "reasonably secure" i mean the required security quality that
production software software should meet (yes, if it asks for your
credit card number, it should be more than just "reasonably secure").
On second thought, it might have been better if i started with a
question like "how can i learn to write secure C++ code?" - you are
welcome to answer it as well.
Nov 21 '08 #3
zr <zv*****@gmail.comkirjutas:
On Nov 20, 4:11*pm, Pete Becker <p...@versatilecoding.comwrote:
>On 2008-11-20 09:08:58 -0500, zr <zvir...@gmail.comsaid:
Does usage of checked iterators and checked containers make code
more secure?
If so, can that code considered to be reasonably secure?

Define "secure" and "reasonably secure".

--
* Pete
Roundhouse Consulting, Ltd. (www.versatilecoding.com) Author of "The
Standard C++ Library Extensions: a Tutorial and Reference
(www.petebecker.com/tr1book)

Obviously checked iterators make it easier to detect defects, but i am
asking about security. By "secure" i mean resistant to malicious usage
of the application and resistant to other hostile code. I will let the
security experts define the term more precisely.
By "reasonably secure" i mean the required security quality that
production software software should meet (yes, if it asks for your
credit card number, it should be more than just "reasonably secure").
On second thought, it might have been better if i started with a
question like "how can i learn to write secure C++ code?" - you are
welcome to answer it as well.
Probably not the best place, there seem to be many groups
comp.security*.

In Perl for example there is some built-in support meant for enhancing
security (taint mode). In C++, there is no such built-in support, so the
topic is not really language-specific. I'm no expert, but it generally
comes down to having no memory access errors, and not trusting input
from uncontrolled sources.

I think checked iterators a la MSVC++ may actually help here a bit,
detecting some of memory access errors. Another similar aid would be to
use garbage collector instead deletes, recently advocated here by James
Kanze, to avoid accidental access to a wrong object. Another useful aid
in the same fashion would be to splitter the code by assert()-s for
obvious and non-obvious things (and of course taking care to not compile
it away in the final release). However, these are not silver bullets, so
just compiling your whatever code with checked iterators support does
not magically make it "reasonably secure", whatever that might be.

Anyway, one has to start from the software requirements. If some server
software must have the best possible performance and allows the remote
user to execute arbitrary system() or dynamic library calls, then there
are no security benefits from checked iterators or asserts, only runtime
costs pulling down the performance. Naturally, such software should be
used only in a trusted network.

Paavo

Nov 21 '08 #4
New Post

This thread has been closed and replies have been disabled. Please start a new discussion.

Similar topics

2
Iterators as associative containers' key
by: Ney André de Mello Zunino | last post by:
Hello. A non-modifying algorithm I implemented uses two associative containers from STL: set and map. The elements on those containers are supposed to refer to actual elements which lie on...
C / C++
2
iterators::reference - what requirements on it are exposed?
by: Alexander Stippler | last post by:
Hi, I've got a question concerning iterators. I'm writing some container class and iterators upon it. I have to have typedef typex pointer; typedef typey reference; to be standard conforming....
C / C++
4
Iterators and containers STL
by: Merlin | last post by:
Hi, I am a C++ developer and would like to implement container classes for various types of objects. I use MS Visual C++ to compile my code. Nevertheless I like to write code that is independent...
C / C++
2
Iterators over nested STL container
by: Patrick Kowalzick | last post by:
Dear NG, I have two containers (standard library) which are nested, e.g.: std::vector< std::vector <int> > A; std::list< std::vector<int> > B; These structures where put in another class...
C / C++
3
Iterators on Vector
by: codefixer | last post by:
Hello, I am trying to understand if ITERATORS are tied to CONTAINERS. I know the difference between 5 different or 6(Trivial, on SGI). But what I fail to understand is how can I declare all 5...
C / C++
8
Possible problem with iterators in STL
by: babak | last post by:
Hi everyone I have a problem with Iterators and containers in STL that hopefully someone can help me with. This is what I try to do: I have an associative (map) container and I have a...
C / C++
4
map, iterators and swap
by: kalita | last post by:
Hi All, typedef std::list<int> Cont; void f(Cont &c1, Cont &c2) { Cont::iterator it = c1.begin(); c1.swap(c2); it == c2.begin(); // is this ill formed? }
C / C++
19
Non-pointer iterators....
by: fungus | last post by:
I mentioned earlier to day that I was moving some code from VC++6 to VC++2005 and having trouble with the new iterators. There's all sorts of problems cropping up in the code thanks to this...
C / C++
18
Problem with iterators
by: desktop | last post by:
1) I have this code: std::list<intmylist; mylist.push_back(1); mylist.push_back(2); mylist.push_back(3); mylist.push_back(4);
C / C++
0
Easy Steps to Fix "Canon Printer Won't Connect to WiFi Network"
by: taylorcarr | last post by:
A Canon printer is a smart device known for being advanced, efficient, and reliable. It is designed for home, office, and hybrid workspace use and can also be used for a variety of purposes. However,...
General
0
How to turn on java script in a villaon keypad mobile phone
by: Charles Arthur | last post by:
How do i turn on java script on a villaon, callus and itel keypad mobile phone
Java
0
Batch import of multiple excel files into the database
by: ryjfgjl | last post by:
If we have dozens or hundreds of excel to import into the database, if we use the excel import function provided by database editors such as navicat, it will be extremely tedious and time-consuming...
Data Management
0
Merging data from multiple Excel files
by: ryjfgjl | last post by:
In our work, we often receive Excel tables with data in the same format. If we want to analyze these data, it can be difficult to analyze them because the data is spread across multiple Excel files...
Data Management
1
Looking to do Android software development, any suggestions? Is flutter better?
by: nemocccc | last post by:
hello, everyone, I want to develop a software for my android phone for daily needs, any suggestions?
General
1
Is that possible of reading the .csv file in column wise and the column have different lengths ?
by: Sonnysonu | last post by:
This is the data of csv file 1 2 3 1 2 3 1 2 3 1 2 3 2 3 2 3 3 the lengths should be different i have to store the data by column-wise with in the specific length. suppose the i have to...
C / C++
0
How to build RAID in BIOS?
by: Hystou | last post by:
There are some requirements for setting up RAID: 1. The motherboard and BIOS support RAID configuration. 2. The motherboard has 2 or more available SATA protocol SSD/HDD slots (including MSATA, M.2...
Computer Hardware
0
Oralloy
Problem With Comparison Operator <=> in G++
by: Oralloy | last post by:
Hello folks, I am unable to find appropriate documentation on the type promotion of bit-fields when using the generalised comparison operator "<=>". The problem is that using the GNU compilers,...
C / C++
0
The easy way to turn off automatic updates for Windows 10/11
by: Hystou | last post by:
Overview: Windows 11 and 10 have less user interface control over operating system update behaviour than previous versions of Windows. In Windows 11 and 10, there is no way to turn off the Windows...
Windows Server

By using Bytes.com and it's services, you agree to our Privacy Policy and Terms of Use.

To disable or enable advertisements and analytics tracking please visit the manage ads & tracking page.

BYTES.COM © 2024
About Bytes
Terms Of Use
Privacy Policy
Sitemap
Advertise on Bytes:
Post a Job
Sponsored Posts
Platinum & Gold Sponsors
Hire Now!