Buffer overflow and input validation - I just don't get it
Can someone explain to me how this is a real world problem?
I used to be a programmer a long time ago 25-30 years and even then I would not have dreamed of writing an input module that did not have properly checked input validation for length, illegal characters etc
Surely developers these days must have a huge library of mature, properly tested text input classes that can be adapted for all scenarios? I must be missing something but I don't know what. I want to properly understand this but I am struggling.
Many thanks
I used to be a programmer a long time ago 25-30 years and even then I would not have dreamed of writing an input module that did not have properly checked input validation for length, illegal characters etc
Surely developers these days must have a huge library of mature, properly tested text input classes that can be adapted for all scenarios? I must be missing something but I don't know what. I want to properly understand this but I am struggling.
Many thanks
Comments
-
TheFORCE Member Posts: 2,297 ■■■■■■■■□□What are you not getting? How they are being still exploited? Same thing with everything in life. Just because we have been doing something for a long time doesn't mean we have perfected the methods or that no errors will occur.
Take as an example faulty airbags and faulty ignition switches. Car companies have been using these components in millions or cars since they were introduced years ago, yet there recalls on a yearly and monthly basis.
Same thing with code, especially in the fast pace world of automation and rapid race to beat competitors to the market place. You can never do a complete test of everything. Once the software gets released you have users test it and then companies release patches. Otherwise a product would never make it to the market if you kept testing for everything. -
636-555-3226 Member Posts: 975 ■■■■■□□□□□Server guys at my work agree their servers should be patched monthly, yet they dont always have the resources to patch 100% of their servers monthly. some go for a year plus without patches. just not enough time to test and deploy them all everywhere