All categories

3 years ago

Consider the following general code for allowing access to a resource:

Computers and Technology

1 answer:

Margaret [11]3 years ago

6 0

Answer:

a) The code allows access even when IsAccessAllowed(...) method fails.

b) Either use If

(dwRet = ACCESS_ALLOWED)

or use

if (dwRet == NO_ERROR)

to avoid flaw

Explanation:

Lets first see what the code chunk does:

DWORD dwRet = IsAccessAllowed(...);

if (dwRet == ERROR_ACCESS_DENIED) {

// Security check failed.

// Inform user that access is denied.

} else {

// Security check OK.

}

In the given code, DWORD is basically a data type for double word type integers and this is defined in windows.h

So there is DWORD type variable dwRet that is assigned a method calls.

The method is IsAccessAllowed() which checks if the access is allowed to user.

if (dwRet == ERROR_ACCESS_DENIED) condition basically checks if the value of DWORD type variable dwRet is equal to ERROR_ACCESS_DENIED

If this condition evaluates to true then the security checks fails and user is informed via some message or action that the access is denied. But when the if condition evaluates to false then the else part executes which allows access.

So basically this chunk of code checks if the error ERROR_ACCESS_DENIED is returned.

Now the flaw in this program is what if the method IsAccessAllowed() by any reason. The reasons can be system failure or the memory failure. In memory failure case for example, the system returns out of memory error. So this means that the error is not ERROR_ACCESS_DENIED. Instead it is out of memory error. So in such a case the user is allowed access as the if condition evaluates to false and else part executes. So if any other error is produced due to some reason like mentioned above, then user has unrestricted access.

This shows that the doe should not check for the failure or rely on checking ERROR_ACCESS_DENIED to allow access but instead it should check for success. Code should only give access privilege if access is allowed successfully or no error is produced.

So to avoid this flaw the code is altered as:

DWORD dwRet = IsAccessAllowed(...);

If (dwRet = ACCESS_ALLOWED) {

//Security check OK.

} else {

//Security check failed.

//Inform user that access is denied.

}

This will only allow access if ACCESS_ALLOWED evaluates to true and success is checked instead of failure here

You can also alter the if condition as:

If (dwRet = No_Error)

If (dwRet = 0)

The above if conditions checks if the access is allowed or if no error is produced. Only then it will allowed access otherwise not. So the access check is a success is checked first and failure (for any reason). The user is allowed access only if there is no error otherwise user is not allowed access.

You might be interested in

In this lesson you wrote code to make the turtle draw squares. Briefly describe how the code for

ale4655 [162]

Explanation:

that programming language you must use?

3 0

3 years ago

When she manages a software development project, Candace uses a program called __________, because it supports a number of progr

alexandr402 [8]

Answer:

PLS programming language supporting.

Explanation:

7 0

3 years ago

Research 3 distributions that utilize the big data file systems approaches, and summarize the characteristics and provided funct

OlgaM077 [116]

Answer:

Explanation:

1: The three most popular data systems that make use of Big Data file systems approach are:

The HDFS (Hadoop Distributed File System), Apache Spark, and Quantcast File System(QFS).

HDFS is the most popular among these and it makes use of the MapReduce algorithm to perform the data management tasks. It can highly tolerate faults and can run on low-cost hardware. It was written in Java and it is an open-source software.

Apache Spark makes use of Resilient Distributed Data (RDD) protocol. It is much faster and lighter than the HDFS and it can be programmed using a variety of languages such as Java, Scala, Python, etc. Its main advantage over HDFS is that it is highly scalable.

While QFS was developed as an alternative to the HDFS and it is also highly fault-tolerant and with space efficient. It makes use of the Reed-Solomon Error Correction technique to perform the task of data management.

2: The NewSQL databases were developed as a solution to the scalability challenges of the monolithic SQL databases. They were designed to allow multiple nodes in the context of an SQL database without affecting the replication architecture. It worked really well during the starting years of the cloud technology. Some of the databases that make use of New SQL technology are Vitess, Citus, etc.

Vitess was developed as an automatic sharding solution to the MySQL. Every MySQL instance acts as a shard of the overall database and each of these instances uses standard MySQL master-slave replication to ensure higher availability.

While, Citus is a PostgreSQL equivalent of the Vitess. It ensures transparent sharding due to which it accounts for horizontal write scalability to PostgreSQL deployments.

NoSQL database technology was developed to provide a mechanism for the storage and retrieval of data that is modeled in a way other than the tabular relations used in the traditional databases (RDBMS). The most popular database that makes use of the NoSQL technology is MongoDB. It functions as a cross-platform document-oriented database. It is known for its ability to provide high availability of replica sets. A replica set is nothing but a bundle of two or more copies of the data

3 0

3 years ago

Program:

Mkey [24]

Answer:

See explaination

Explanation:

#method to print menu & handle user choice

def print_menu(input_str):

#printing menu

print('MENU')

print('c - Number of non-whitespace characters')

print('w - Number of words')

print('f - Fix capitalization')

print('r - Replace punctuation')

print('s - Shorten spaces')

print('q - Quit\n')

#getting choice

choice=input('Choose an option: ').lower()

#identifying choice

if choice=='c':

#displaying number of non white space chars in input_str

print('Number of non-whitespace characters:',get_num_of_non_WS_characters(input_str))

elif choice=='w':

#displaying number of words in input_str

print('Number of words:',get_num_of_words(input_str))

elif choice=='f':

#fixing capitalization and getting updated string and count of values capitalized

input_str,count=fix_capilization(input_str)

#displaying results

print('Number of letters capitalized:',count)

print('Edited text:',input_str)

elif choice=='r':

#replacing punctuation, displaying updated text

input_str=replace_punctuation(input_str)

print('Edited text:', input_str)

elif choice=='s':

#shortening spaces and displaying updated text

input_str = shorten_space(input_str)

print('Edited text:', input_str)

#returning choice and input_str

return choice,input_str

#returns the number of non white space chars in input_str

def get_num_of_non_WS_characters(input_str):

count=0

#looping through each character in input_str

for i in input_str:

if not i.isspace():

#i is not a space

count+=1

return count

#returns the number of words in input_str

def get_num_of_words(input_str):

#splitting words into list of tokens by space

words=input_str.split(' ')

count=0

#counting all non empty strings in words list

for i in words:

if len(i)>0:

count+=1

return count

#method to fix capitalization and return updated string and count of letters updated

def fix_capilization(input_str):

count=0

beginning=True #starting letter should be capitalized

result=''

for i in input_str:

if beginning and i.isalpha():

#start of a sentence and i is alphabetic

if i.islower():

#converting i to upper case, incrementing count

i=i.upper()

count+=1

result+=i

#not start of a sentence

beginning=False

elif i in '?.!':

#i is either ? or . or !, next letter should be capitalized

beginning=True

result+=i

else:

#any other character

result+=i

return result,count

#method to replace exclamation and semicolons with period and comma respectively

def replace_punctuation(input_str,exclamationCount =0,semicolonCount=0):

result=''

for i in input_str:

if i=='!':

i='.'

exclamationCount+=1

elif i==';':

i=','

semicolonCount+=1

result+=i

print('Punctuation replaced')

#displaying replaced values counts

print('exclamationCount:',exclamationCount)

print('semicolonCount:',semicolonCount)

return result

#removes all double or more spaces in input_str

def shorten_space(input_str):

input_str=input_str.strip()

result=''

prev=None

for i in input_str:

if prev==None:

result+=i

elif i==' ':

if prev != ' ':

result+=i

else:

result+=i

prev=i

return result

if __name__ == '__main__':

#getting input, printing it

input_str=input('Enter a sample text:\n')

print('\nYou entered:',input_str)

choice=' '

#looping until choice becomes q

while choice!='q':

choice,input_str=print_menu(input_str)

7 0

3 years ago

Kristen wants to view the records of her database in ascending order. What should she do?

Elanso [62]

the answer is Sort the table

6 0

3 years ago

Read 2 more answers