1answer.
Ask question
Login Signup
Ask question
All categories
  • English
  • Mathematics
  • Social Studies
  • Business
  • History
  • Health
  • Geography
  • Biology
  • Physics
  • Chemistry
  • Computers and Technology
  • Arts
  • World Languages
  • Spanish
  • French
  • German
  • Advanced Placement (AP)
  • SAT
  • Medicine
  • Law
  • Engineering
Nataly_w [17]
3 years ago
13

Consider the following general code for allowing access to a resource:

Computers and Technology
1 answer:
Margaret [11]3 years ago
6 0

Answer:

a) The code allows access even when  IsAccessAllowed(...) method fails.

b) Either use If

(dwRet = ACCESS_ALLOWED)

or use

if (dwRet == NO_ERROR)

to avoid flaw

Explanation:

Lets first see what the code chunk does:

DWORD dwRet = IsAccessAllowed(...);

if (dwRet == ERROR_ACCESS_DENIED) {

// Security check failed.

// Inform user that access is denied.

} else {

// Security check OK.

}

In the given code, DWORD is basically a data type for double word type integers and this is defined in windows.h

So there is DWORD type variable dwRet that is assigned a method calls.

The method is IsAccessAllowed() which checks if the access is allowed to user.

if (dwRet == ERROR_ACCESS_DENIED) condition basically checks if the value of DWORD type variable dwRet is equal to ERROR_ACCESS_DENIED

If this condition evaluates to true then the security checks fails and user is informed via some message or action that the access is denied.  But when the if condition evaluates to false then the else part executes which allows access.

So basically this chunk of code checks if the error ERROR_ACCESS_DENIED is returned.

Now the flaw in this program is what if the method IsAccessAllowed() by any reason. The reasons can be system failure or the memory failure. In memory failure case for example, the system returns out of memory error. So this means that the error is not  ERROR_ACCESS_DENIED. Instead it is out of memory error. So in such a case the user is allowed access as the if condition evaluates to false and else part executes. So if any other error is produced due to some reason like mentioned above, then user has unrestricted access.

This shows that the doe should not check for the failure or rely on checking ERROR_ACCESS_DENIED to allow access but instead it should check for success. Code should only give access privilege if access is allowed successfully or no error is produced.

So to avoid this flaw the code is altered as:

DWORD dwRet = IsAccessAllowed(...);

If (dwRet = ACCESS_ALLOWED) {

//Security check OK.

} else {

//Security check failed.

//Inform user that access is denied.

}

This will only allow access if ACCESS_ALLOWED evaluates to true and success is checked instead of failure here

You can also alter the if condition as:

If (dwRet = No_Error)

or

If (dwRet = 0)

The above if conditions checks if the access is allowed or if no error is produced. Only then it will allowed access otherwise not. So the access check is a success is checked first and failure (for any reason). The user is allowed access only if there is no error otherwise user is not allowed access.

You might be interested in
Write an if/else statement that assigns 0 to x when y is equal to 10; otherwise it should assign
Liono4ka [1.6K]

Answer:

if(y==10)

{

     x=0;   // assigning 0 to x if y equals 10.

}

else

{

   x=1;   // assigning 1 to x otherwise.

}

Explanation:

In the if statement i have used equal operator == which returns true if value to it's right is equal to value to it's left otherwise false.By using this operator checking value of y and if it is 10 assigning 0 to x and if it is false assigning 1 to x.

7 0
2 years ago
What is the function of a header when writing HTML
marusya05 [52]
The Function of a header is that it makes your TEXT LOOK BIGGER

5 0
3 years ago
Discuss how the use of digital formats for audio-visual recording and editing has
Zolol [24]

Answer:

Digital formats allow for lossless data storage, fast editing (without the loss of original source material, ie having to manually clip pieces of film), and made collaboration easier.

4 0
2 years ago
"Why learning how to type is so important.
djverab [1.8K]
The productivity of a business depends on how things are done faster. To complete your work faster it is important to develop typing skills. Typing helps you to work comfortably on the computer, it aids in communicating with colleagues and customers, creating documents, and finding new information.
Hopefully this helped.
8 0
3 years ago
What is movie viewer, such as quicktime windows media player,an example of
Karo-lina-s [1.5K]
It is called the Databse
5 0
3 years ago
Other questions:
  • You receive an offer for a credit card that can be use to accrue points that
    11·1 answer
  • Write a function `has_more_zs` to determine which of two strings contains # more instances of the letter "z". It should take as
    9·1 answer
  • Which Google Analytics visualization compares report data to the website average?A. Pivot viewB. Comparison viewC. Performance v
    8·1 answer
  • A wide variety of apps are available to customize devices, which category of app does word processing software falls into?
    10·1 answer
  • If two egg cells are fertilized what will happen?
    10·1 answer
  • Define the following term. data, database, DBMS, database system, data- base catalog, program-data independence, user wen', DBA,
    12·1 answer
  • 3. Which of the following is called address operator?<br> a)*<br> b) &amp;<br> c).<br> d) %
    12·1 answer
  • .<br>1.<br>CPU<br>f. ALU<br>. CU<br>h. CRT<br>g. LED<br>​
    15·1 answer
  • En una Memoria SD de 128 Gb, ¿Cuántas fotos en alta resolución de 16 Mb puedo almacenar?
    12·1 answer
  • Authenticating information can be something a user knows, like a password; something a user has, like a smart card; or something
    5·1 answer
Add answer
Login
Not registered? Fast signup
Signup
Login Signup
Ask question!