[Owasp-testing] [Owasp-codereview] Contributing to the Code review Guide - Please Read. 80)
jim at manico.net
Thu Jan 18 14:45:46 EST 2007
That was me, Eoin. There are betting ways that Native Methods any they
should not ever be used by web programmers. Corba is safer. I stand by
my originial statment that Native Methods should never be used in Web
Applications and if found in cod review it should be flagged and
immediately rolled away from.
Dinis Cruz wrote:
> Well, what you need is to tweak that statement a bit to make it correct:
> "The moment you see native methods (which leave the Java security manager
> and memory protection), you know you found an area that might contain
> potential Buffer Overflows, or other C++ type vulnerabilities."
> And I will add
> "In the .Net Framework this is even more problematic due to the high
> of unmanaged COM objects (Note to Dinis: Put here details about his
> Overflows on the .Net Framework' Research)"
> Dinis Cruz
> Chief OWASP Evangelist, Are you a member yet?
> On 1/18/07, Eoin <eoinkeary at gmail.com> wrote:
>> Someone has be putting "helpful" comments in some sections of the Code
>> review guide, such as:
>> "The moment you start writing native methods you leave the Java security
>> manager and memory protection faculties. Don't do it."
>> Firstly this is not helpful to anyone involved in code review.
>> Secondly if we are performing a code review on a native method code
>> this advice is too late and useless.
>> Thirdly, sometimes native methods need to be used for legacy reasons.
>> The guide is to show what to look for in code review, This helpful
>> is firstly aimed at the developer and hence no good for a code reviewer.
>> Eoin Keary OWASP - Ireland
>> Owasp-testing mailing list
>> Owasp-testing at lists.owasp.org
> Owasp-codereview mailing list
> Owasp-codereview at lists.owasp.org
GIAC GSEC Professional, Sun Certified Java Programmer
jim at manico.net
-------------- next part --------------
An HTML attachment was scrubbed...
More information about the Owasp-testing