1answer.
Ask question
Login Signup
Ask question
All categories
  • English
  • Mathematics
  • Social Studies
  • Business
  • History
  • Health
  • Geography
  • Biology
  • Physics
  • Chemistry
  • Computers and Technology
  • Arts
  • World Languages
  • Spanish
  • French
  • German
  • Advanced Placement (AP)
  • SAT
  • Medicine
  • Law
  • Engineering
Nataly_w [17]
3 years ago
13

Consider the following general code for allowing access to a resource:

Computers and Technology
1 answer:
Margaret [11]3 years ago
6 0

Answer:

a) The code allows access even when  IsAccessAllowed(...) method fails.

b) Either use If

(dwRet = ACCESS_ALLOWED)

or use

if (dwRet == NO_ERROR)

to avoid flaw

Explanation:

Lets first see what the code chunk does:

DWORD dwRet = IsAccessAllowed(...);

if (dwRet == ERROR_ACCESS_DENIED) {

// Security check failed.

// Inform user that access is denied.

} else {

// Security check OK.

}

In the given code, DWORD is basically a data type for double word type integers and this is defined in windows.h

So there is DWORD type variable dwRet that is assigned a method calls.

The method is IsAccessAllowed() which checks if the access is allowed to user.

if (dwRet == ERROR_ACCESS_DENIED) condition basically checks if the value of DWORD type variable dwRet is equal to ERROR_ACCESS_DENIED

If this condition evaluates to true then the security checks fails and user is informed via some message or action that the access is denied.  But when the if condition evaluates to false then the else part executes which allows access.

So basically this chunk of code checks if the error ERROR_ACCESS_DENIED is returned.

Now the flaw in this program is what if the method IsAccessAllowed() by any reason. The reasons can be system failure or the memory failure. In memory failure case for example, the system returns out of memory error. So this means that the error is not  ERROR_ACCESS_DENIED. Instead it is out of memory error. So in such a case the user is allowed access as the if condition evaluates to false and else part executes. So if any other error is produced due to some reason like mentioned above, then user has unrestricted access.

This shows that the doe should not check for the failure or rely on checking ERROR_ACCESS_DENIED to allow access but instead it should check for success. Code should only give access privilege if access is allowed successfully or no error is produced.

So to avoid this flaw the code is altered as:

DWORD dwRet = IsAccessAllowed(...);

If (dwRet = ACCESS_ALLOWED) {

//Security check OK.

} else {

//Security check failed.

//Inform user that access is denied.

}

This will only allow access if ACCESS_ALLOWED evaluates to true and success is checked instead of failure here

You can also alter the if condition as:

If (dwRet = No_Error)

or

If (dwRet = 0)

The above if conditions checks if the access is allowed or if no error is produced. Only then it will allowed access otherwise not. So the access check is a success is checked first and failure (for any reason). The user is allowed access only if there is no error otherwise user is not allowed access.

You might be interested in
Use the Internet to gather information on four filesystems compatible with Linux. For each filesystem, list the situations for w
marta [7]
If fhun gftrfjjtcbjjbsufcghtfghyrssfbkoire crazy ahh young man
7 0
3 years ago
Ok can someone tell me why I can’t do this? I’m trying to put a video as my background but it won’t show up when I go to add vid
hram777 [196]

Answer: money

Explanation:

3 0
2 years ago
Assume you are part of the systems development team at a medium-sized organization. You have just completed the database design
nexus9112 [7]

Answer:

Please see the attached file for the complete answer.

Explanation:

Download pdf
5 0
3 years ago
Easy Bib and Cite This For Me are examples of online
motikmotik
The answer is:  [A]:  "bibliographic generators" .
____________________________________________________
5 0
3 years ago
How do you activate a sim card in an HP probook 6470b and what drivers are needed​
UNO [17]

[YOU NEED A SIM CARD TRAY, IF A DRIVER IS NEEDED IT WILL TELL YOU AND JUST LET YOU INSTALL IT]

-Ensure the device is powered off.

-From the left edge of the device, remove the card tray. ...

-With the gold contacts facing down and the notch located in the lower-right, insert the SIM card into the tray as shown. ...

-Insert the card tray.

8 0
3 years ago
Other questions:
  • Explain Cascading Style Sheets and what they do. Describe their primary function, two effects that this function has on programm
    11·1 answer
  • . The first step in devising security services and mechanisms is to develop a security policy True False
    11·1 answer
  • What function would you use to find the mean in a Microsoft excel document ?
    6·2 answers
  • PLEASE HELP!!!!!!!!!!! The Excel tool that extends the height of a selected cell so that all the text fits into the cell and is
    10·2 answers
  • Entering the search criteria "B?" would yield which of the following results?
    6·1 answer
  • 22. A<br> allows one computer to input data into another computer.
    6·1 answer
  • Microsoft word is an example of utility software? <br><br>A.true <br>B.false​
    7·2 answers
  • Which of the following describe audio-editing software? Choose all that apply.
    5·2 answers
  • How to change the microsoft word pages to black background
    8·1 answer
  • Select the WRONG statement about Slide Transitions.
    5·2 answers
Add answer
Login
Not registered? Fast signup
Signup
Login Signup
Ask question!