Software Engineering Stack Exchange
Software Engineering Stack Exchange

Questions tagged [code-security]

Code Security is the process of protecting against theft and unauthorized distribution.

37 questions
121
votes
8 answers

Why does the US government disallow dynamic languages for secure projects?

I know some people that are currently working on a project for the US military (low security level, non-combat human resources type data). An initial state of the project code was submitted to the military for review, and they ran the program…
Patrick
  • 2,922
  • 2
  • 21
  • 24
33
votes
8 answers

How safe & trustworthy are hosting sites such as sourceforge, github or bitbucket for closed-source projects?

I am considering using sourceforge, bitbucket or github for managing source control for my business. I have open projects and I participate in open projects such as gcc. But I also have a business where I develop closed-source software for my…
emsr
  • 551
  • 1
  • 7
  • 15
24
votes
3 answers

How to protect software from being deleted by antivirus?

I work for a publishing company and we are making interactive software that accompanies our books. The problem is that many clients complain that the antivirus keeps deleting parts of the software, especially the .exe files. Which is the best way to…
GabrielSC
  • 369
  • 2
  • 3
19
votes
6 answers

How can I prevent a client from seeing my code written in an interpreted language?

I'm building a fairly complex interpreted program in Python. I've been working on most of this code for other purposes for a few months, and therefore don't want my client to be able to simply copy and try to sell it, as I think it's worth a fair…
James Eggers
19
votes
5 answers

How can we avoid showing the literal path in the exception's stack trace?

When our in-house developed application (C#, ASP.NET) is throwing an exception, it displays a stack trace that contains path information like C:\users\DEVELOPER_FULL_NAME\path\some-module.cs. So it shows the full name of the developer who compiled…
ChristianH
  • 331
  • 2
  • 4
10
votes
3 answers

Keeping secrets out of source control - are we just moving the problem?

I inherited some projects in which secrets were in source control in App.config and similar files. Fortunately it's not a public repository so the risk isn't as serious as it could have been. I'm looking into better ways to manage this, such as…
StackOverthrow
  • 646
  • 3
  • 13
8
votes
1 answer

Are there any free tools to measure web project's performance, security and other standards?

Are there any open-source tools to measure the standard of a web application project? I want to verify my project for: Possible security leaks (SQL Injection etc.) Performance Stability (in high concurrent environment) and other quality metrics.
RPK
  • 4,378
  • 11
  • 41
  • 65
6
votes
3 answers

Enforcing manual inclusion of a specific header file (banned.h)

Banned.h is a list of ANSI C functions that Microsoft is trying to persuade programmers to deprecate. I already know how to enforce automatic inclusion of banned.h (such as the answer to Ensuring that headers are explicitly included in CPP file).…
AHelps
  • 191
  • 1
  • 7
6
votes
1 answer

How can we protect the namespace of an object in Javascript?

Continuing from my previous question: Javascript simple code to understand prototype-based OOP basics Let's say we run into console this two separate objects(even if they are called child and parent there is no inheritance between them): var parent…
Eduard Florinescu
  • 973
  • 2
  • 12
  • 32
5
votes
5 answers

Is it safe to only use intval to sanitize user input for a database select?

Is it safe to only use intval to sanitize the user input for a database select, as in the following example? $id = intval($_GET['id']); $query = "SELECT * FROM table WHERE id='$id'";
Dahoon
  • 53
  • 1
  • 4
5
votes
1 answer

CSRF Protection with codeigniter

I have very little knowledge in application security. I have often seen to protect your application from csrf attacks developers use tokens and pass these tokens with request to validate. I want to know if i just validate the request is coming from…
Shayan Husaini
  • 222
  • 2
  • 7
4
votes
1 answer

If a code inspection tool finds a "heap inspection" vulnerability, is that relevant if the code is for a web app running on a private server?

Recently, at the organization I work for, we've been using a static code inspection tool. One of the more interesting findings is that private information, such as passwords, may be stored in the heap where it could potentially be intercepted by an…
Vivian River
  • 2,397
  • 5
  • 21
  • 32
4
votes
3 answers

securing database username and password in a web framework

In most web application which deals with a database, one has to enter the DB creds in a settings or config file, like DATABASES variable in settings.py in Django. What is the general practice to secure the creds such that only a selected few in the…
Sar009
  • 157
  • 3
4
votes
2 answers

What should I do when I find sensitive information in version control?

Today I found what looked to be my supervisor's password in some code in version control. The password is to a database. He is very experienced and has explained before how to avoid having passwords in the source code. How should I handle this…
Frames Catherine White
  • 894
  • 6
  • 18
3
votes
4 answers

Locking access to a Class Library (C#)

I have been tasked with designing a class library that I am loathe to actually build. It is basically a huge backdoor to our software security. The idea was that it would only be accessible from one terminal on a closed system. I plan to lock my…
InterstellarProbe
  • 149
  • 6
1
2 3