This site is the archived OWASP Foundation Wiki and is no longer accepting Account Requests.
To view the new OWASP Foundation website, please visit https://owasp.org

Difference between revisions of "Fail securely"

From OWASP
Jump to: navigation, search
 
(3 intermediate revisions by 2 users not shown)
Line 1: Line 1:
[http://s1.shard.jp/frhorton/sfzdbdq5w.html african weaving patterns
 
] [http://s1.shard.jp/losaul/the-australian.html the australian flag information] [http://s1.shard.jp/galeach/new168.html asian football federation
 
] [http://s1.shard.jp/losaul/australia-jeri.html australian organ donor
 
] [http://s1.shard.jp/frhorton/rykfyeh82.html what is happening in sudan africa
 
] [http://s1.shard.jp/olharder/3-auto-geneva.html automotive trim screws
 
] [http://s1.shard.jp/galeach/new197.html asia movie
 
] [http://s1.shard.jp/galeach/ asian ignition remix
 
] [http://s1.shard.jp/losaul/australian-vets.html superannuation australian government
 
] [http://s1.shard.jp/galeach/new57.html asian super idols
 
] [http://s1.shard.jp/galeach/new103.html caucasian mountain dogs
 
] [http://s1.shard.jp/galeach/new65.html asian female los angeles
 
] [http://s1.shard.jp/frhorton/lywbi2iaz.html meryls role in out of africa
 
] [http://s1.shard.jp/olharder/autoroll-654.html domain] [http://s1.shard.jp/olharder/siemens-automotive.html automobile car dqcars.com financing purchase used
 
] [http://s1.shard.jp/losaul/ash-australia.html cheap tickets australia
 
] [http://s1.shard.jp/galeach/new159.html multiple endocrine neoplasias
 
] [http://s1.shard.jp/losaul/severe-droughts.html cheap australian web hosting
 
] [http://s1.shard.jp/bireba/pc-cillin-antivirus.html avg antivirus pro v7.0.203
 
] [http://s1.shard.jp/frhorton/rlw3nqlyf.html mail guardian newspaper south africa
 
] [http://s1.shard.jp/galeach/new49.html akedemi fantasia
 
] [http://s1.shard.jp/bireba/norton-antivirus.html linux antivirus review
 
] [http://s1.shard.jp/galeach/new58.html asian gift ideas
 
] [http://s1.shard.jp/losaul/lawn-bowls-clubs.html town maps australia
 
] [http://s1.shard.jp/olharder/automated-vehicle.html hal home automation software
 
] [http://s1.shard.jp/losaul/australia-stables.html vodafone australia mobiles
 
] [http://s1.shard.jp/olharder/autoroll-654.html link] [http://s1.shard.jp/olharder/the-autobiography.html auto hunters
 
] [http://s1.shard.jp/olharder/autoroll-654.html sitemap] [http://s1.shard.jp/losaul/map-of-whitsunday.html australian history facts
 
] [http://s1.shard.jp/olharder/map.html napa auto parts canton
 
] [http://s1.shard.jp/frhorton/tiwomyd3z.html africa forced removal south
 
] [http://s1.shard.jp/frhorton/1aql7wt5f.html computer wholesalers in south africa
 
] [http://s1.shard.jp/galeach/new82.html asian food grocer] [http://s1.shard.jp/bireba/crack-panda.html top rated antivirus software 2005
 
] [http://s1.shard.jp/galeach/new146.html story of anastasia romanov
 
] [http://s1.shard.jp/bireba/panda-titanium.html dod antivirus download
 
] [http://s1.shard.jp/losaul/dog-bike-trailer.html welsh cobs australia
 
] [http://s1.shard.jp/frhorton/bzsc3x6qn.html african america prom updos
 
] [http://s1.shard.jp/frhorton/i13wxjnjb.html witsands south africa
 
] [http://s1.shard.jp/olharder/autoroll-654.html links] [http://s1.shard.jp/bireba/norton-antivirus.html nod32 antivirus reviews
 
] [http://s1.shard.jp/bireba/antiviruscom.html antivirus servers
 
] [http://s1.shard.jp/frhorton/vjlche4gq.html africa against aids current fight in news
 
] [http://s1.shard.jp/frhorton/ map of african mountains
 
] [http://s1.shard.jp/galeach/new20.html caucasians in hawaii
 
] [http://s1.shard.jp/frhorton/ndbzagarh.html african masks com
 
] [http://s1.shard.jp/bireba/avast-free-antivirus.html antivirus.com housecall
 
] [http://s1.shard.jp/bireba/antivirus-free-download.html avg antivirus new
 
 
http://www.textorolono.com
 
 
{{Template:Principle}}
 
{{Template:Principle}}
  
{{Template:Stub}}
 
 
<br>
 
 
[[Category:OWASP ASDR Project]]
 
[[Category:OWASP ASDR Project]]
  
Line 70: Line 22:
 
  try {  
 
  try {  
 
   codeWhichMayFail();  
 
   codeWhichMayFail();  
   isAdmin = isUserInRole( “Administrator” );  
+
   isAdmin = isUserInRole( “Administrator” );  
 
  }
 
  }
 
  catch (Exception ex)
 
  catch (Exception ex)
Line 77: Line 29:
 
  }  
 
  }  
  
If codeWhichMayFail() fails, the user is an admin by default. This is obviously a security risk.
+
If codeWhichMayFail() fails, the user is an admin by default. This is obviously a security risk. The fix is simple, in this case. It involves a simple reversing of the logic. In the example instance, this is very easy to do.
  
 +
isAdmin = false;
 +
try {
 +
  codeWhichMayFail();
 +
  isAdmin = isUserInrole( "Administrator" );
 +
}
 +
catch (Exception ex)
 +
{
 +
  log.write(ex.toString());
 +
}
 +
 +
This example is also an example of the [[Least privilege]] principle, which states you should never grant more access than required. If codeWhichmayFail() requires admin access, we should be verifying that admin access before we run that code.
  
 
==Related [[Vulnerabilities]]==
 
==Related [[Vulnerabilities]]==
Line 89: Line 52:
 
* [[Error handling]]
 
* [[Error handling]]
  
 +
==Related [[Principles]]==
 +
 +
* [[Least privilege]]
  
 
==References==
 
==References==
  
* http://www.link1.com
+
* https://buildsecurityin.us-cert.gov/articles/knowledge/principles/failing-securely
  
  
 
[[Category:Principle]]
 
[[Category:Principle]]

Latest revision as of 15:39, 17 May 2014

This is a principle or a set of principles. To view all principles, please see the Principle Category page.


Description

Handling errors securely is a key aspect of secure coding. There are two types of errors that deserve special attention. The first is exceptions that occur in the processing of a security control itself. It's important that these exceptions do not enable behavior that the countermeasure would normally not allow. As a developer, you should consider that there are generally three possible outcomes from a security mechanism:

  • allow the operation
  • disallow the operation
  • exception

In general, you should design your security mechanism so that a failure will follow the same execution path as disallowing the operation. For example, security methods like isAuthorized(), isAuthenticated(), and validate() should all return false if there is an exception during processing. If security controls can throw exceptions, they must be very clear about exactly what that condition means.

The other type of security-relevant exception is in code that is not part of a security control. These exceptions are security-relevant if they affect whether the application properly invokes the control. An exception might cause a security method not to be invoked when it should, or it might affect the initialization of variables used in the security control.

Examples

isAdmin

isAdmin = true; 
try { 
  codeWhichMayFail(); 
  isAdmin = isUserInRole( “Administrator” ); 
}
catch (Exception ex)
{
  log.write(ex.toString()); 
}

If codeWhichMayFail() fails, the user is an admin by default. This is obviously a security risk. The fix is simple, in this case. It involves a simple reversing of the logic. In the example instance, this is very easy to do. 

isAdmin = false;
try {
  codeWhichMayFail();
  isAdmin = isUserInrole( "Administrator" );
}
catch (Exception ex)
{
  log.write(ex.toString());
}

This example is also an example of the Least privilege principle, which states you should never grant more access than required. If codeWhichmayFail() requires admin access, we should be verifying that admin access before we run that code.

Related Vulnerabilities


Related Controls

Related Principles

References

Retrieved from "https://wiki.owasp.org/index.php?title=Fail_securely&oldid=175202"