Taint checking

Taint checking

Taint checking is a feature in some computer programming languages, such as Perl and Ruby, designed to increase security by preventing malicious users from executing commands on a host computer. Taint checks highlight specific security risks primarily associated with web sites which are attacked using techniques such as SQL injection or buffer overflow attack approaches.

The concept behind taint checking is that any variable that can be modified by an outside user (say, a field on a web form) poses a potential security risk. If that variable is used in an expression that sets a second variable, that second variable is now also suspicious. The taint checking tool proceeds variable by variable until it has a complete list of all variables which are potentially influenced by outside input. If any of these variables is used to execute dangerous commands (such as direct commands to a SQL database or the host computer operating system), the taint checker warns the program it is using a potentially dangerous tainted variable. The computer programmer can then redesign the program to erect a safe wall around the dangerous input.

Example

The following Perl code is very dangerous, as it presents a large SQL injection vulnerability by not checking the value of $name.

#!/usr/bin/perl my $name = $cgi->param("name"); "# Get the name from the browser" ... $dbh->TaintIn = 1; $dbh->execute("SELECT * FROM users WHERE name = '$name';"); "# Execute a SQL query"

If taint checking is turned on, the code would exit with a warning, because a tainted variable is being used in a SQL query. Without taint checking, a user could enter foo'; DROP TABLE users --, thereby running a command that deletes the entire database table. Much safer would be to encode the tainted value of $name to a SQL string literal and use the result in the SQL query, guaranteeing that no dangerous command embedded in $name will be evaluated.

One thing to note is that perl's DBI requires you set the TaintIn attribute of your database handle as well as enabling taint mode to check your SQL strings.

External links

* [http://www.w3.org/Security/Faq/wwwsf4.html#CGI-Q15 Guidelines from the W3C about taint-checking CGI scripts]
* [http://perldoc.perl.org/perlsec.html perlsec] - Perl security documentation


Wikimedia Foundation. 2010.

Игры ⚽ Поможем написать реферат

Look at other dictionaries:

  • Taint — may refer to: *Spoilage or contamination *Cork taint, as in wine *Taint checking, a feature in some programming languages *US English slang for the perineum *Taint (band), a sludge metal band from the UK *Taint (legal), in reference to evidence… …   Wikipedia

  • PHP — This article is about the scripting language. For other uses, see PHP (disambiguation). PHP PHP: Hypertext Preprocessor Paradigm(s) imperative, object oriented, Procedural, reflective Appeared in …   Wikipedia

  • Secure input and output handling — Secure input (and output) handling are Secure programming techniques designed to prevent security bugs and the exploitation thereof. Input handling Input handling is how an application, server or system handles the input supplied from users,… …   Wikipedia

  • Matt's Script Archive — is a collection of CGI scripts written in Perl. Started in 1995 by Matt Wright (at the time a high school student in Fort Collins, Colorado), the archive contains about a dozen free scripts, designed to be easily added to a site and… …   Wikipedia

  • Trucking industry in the United States — The trucking industry (also referred to as the transportation or logistics industry) is the transport and distribution of commercial and industrial goods using commercial motor vehicles (CMV). In this case, CMVs are most often trucks; usually a… …   Wikipedia

  • United States Congress — For the current Congress, see 112th United States Congress. United States Congress 112th United States Congress …   Wikipedia

  • Fairy (Artemis Fowl) — Fairies, in the fictional series Artemis Fowl by Eoin Colfer, are beings, usually shorter than a human, who possess magic properties. The average height of a fairy is exactly 1 metre, one centimetre. All the fairies have retreated below the Earth …   Wikipedia

  • Cases of controversial relations with the Axis of World War II — includes states which were not officially members of Axis but had controversial relations with one or more Axis members.Europe Andorra During the Second World War, Andorra remained neutral but was an important smuggling route between Vichy France …   Wikipedia

  • United States journalism scandals — lists journalistic incidents in the United States which have been widely reported as journalistic scandals, or which were alleged to be scandalous by journalistic standards of the day.Notable reports of United States journalism scandalsCoverage… …   Wikipedia

  • bank — bank1 /bangk/, n. 1. a long pile or heap; mass: a bank of earth; a bank of clouds. 2. a slope or acclivity. 3. Physical Geog. the slope immediately bordering a stream course along which the water normally runs. 4. a broad elevation of the sea… …   Universalium

Share the article and excerpts

Direct link
Do a right-click on the link above
and select “Copy Link”