Failure to protect stored data from modification

From OWASP
Revision as of 17:44, 13 April 2006 by Jeff Williams (Talk | contribs)

(diff) ← Older revision | Latest revision (diff) | Newer revision → (diff)
Jump to: navigation, search



Overview

Data should be protected from direct modification.

Consequences

  • Integrity: The object could be tampered with.

Exposure period

  • Design through Implementation: At design time it is important to reduce the total amount of accessible data.
  • Implementation: Most implementation level issues come from a lack of understanding of the language modifiers.

Platform

  • Languages: Java, C++
  • Operating platforms: Any

Required resources

Any

Severity

Medium

Likelihood of exploit

Medium

Avoidance and mitigation

  • Design through Implementation: Use private members, and class accessor methods to their full benefit. This is the recommended mitigation. Make all public members private, and - if external access is necessary - use accessor functions to do input validation on all values.
  • Implementation: Data should be private, static, and final whenever possible This will assure that your code is protected by instantiating early, preventing access and preventing tampering.
  • Implementation: Use sealed classes. Using sealed classes protects object-oriented encapsulation paradigms and therefore protects code from being extended in unforeseen ways.
  • Implementation: Use class accessor methods to their full benefit. Use the accessor functions to do input validation on all values intended for private values.

Discussion

One of the main advantages of object-oriented code is the ability to limit access to fields and other resources by way of accessor functions. Utilize accessor functions to make sure your objects are well-formed.

Final provides security by only allowing non-mutable objects to be changed after being set. However, only objects which are not extended can be made final.

Examples

In C++:

public:

 int someNumberPeopleShouldntMessWith;

In Java:

private class parserProg {

   public stringField;

} Another set of Examples are:

In C/C++:

private:

 int someNumber;

public:

 void writeNum(int newNum) {
   someNumber = newNum;
 }

In Java:

public class eggCorns {

  private String acorns;
  public void misHear(String name){
     acorns=name;
  }

}

Related problems

Not available.

Categories