| Secure Programming for Linux and Unix HOWTO | ||
|---|---|---|
| <<< Previous | Send Information Back Judiciously | Next >>> |
It may be possible for a user to clog or make unresponsive a secure program's output channel back to that user. For example, a web browser could be intentionally halted or have its TCP/IP channel response slowed. The secure program should handle such cases, in particular it should release locks quickly (preferably before replying) so that this will not create an opportunity for a Denial-of-Service attack. Always place time-outs on outgoing network-oriented write requests.
| <<< Previous | Home | Next >>> |
| Don't Include Comments | Up | Control Data Formatting (``Format Strings'') |