All categories

3 years ago

Consider the following general code for allowing access to a resource:

Computers and Technology

1 answer:

Margaret [11]3 years ago

6 0

Answer:

a) The code allows access even when IsAccessAllowed(...) method fails.

b) Either use If

(dwRet = ACCESS_ALLOWED)

or use

if (dwRet == NO_ERROR)

to avoid flaw

Explanation:

Lets first see what the code chunk does:

DWORD dwRet = IsAccessAllowed(...);

if (dwRet == ERROR_ACCESS_DENIED) {

// Security check failed.

// Inform user that access is denied.

} else {

// Security check OK.

}

In the given code, DWORD is basically a data type for double word type integers and this is defined in windows.h

So there is DWORD type variable dwRet that is assigned a method calls.

The method is IsAccessAllowed() which checks if the access is allowed to user.

if (dwRet == ERROR_ACCESS_DENIED) condition basically checks if the value of DWORD type variable dwRet is equal to ERROR_ACCESS_DENIED

If this condition evaluates to true then the security checks fails and user is informed via some message or action that the access is denied. But when the if condition evaluates to false then the else part executes which allows access.

So basically this chunk of code checks if the error ERROR_ACCESS_DENIED is returned.

Now the flaw in this program is what if the method IsAccessAllowed() by any reason. The reasons can be system failure or the memory failure. In memory failure case for example, the system returns out of memory error. So this means that the error is not ERROR_ACCESS_DENIED. Instead it is out of memory error. So in such a case the user is allowed access as the if condition evaluates to false and else part executes. So if any other error is produced due to some reason like mentioned above, then user has unrestricted access.

This shows that the doe should not check for the failure or rely on checking ERROR_ACCESS_DENIED to allow access but instead it should check for success. Code should only give access privilege if access is allowed successfully or no error is produced.

So to avoid this flaw the code is altered as:

DWORD dwRet = IsAccessAllowed(...);

If (dwRet = ACCESS_ALLOWED) {

//Security check OK.

} else {

//Security check failed.

//Inform user that access is denied.

}

This will only allow access if ACCESS_ALLOWED evaluates to true and success is checked instead of failure here

You can also alter the if condition as:

If (dwRet = No_Error)

If (dwRet = 0)

The above if conditions checks if the access is allowed or if no error is produced. Only then it will allowed access otherwise not. So the access check is a success is checked first and failure (for any reason). The user is allowed access only if there is no error otherwise user is not allowed access.

You might be interested in

The speed of sound depends on the material the sound is passing through. Below is the approximate speed of sound (in feet per se

german

Answer:

The Java Program for the given problem is as below. Directly copy the code and run it on your machine.

Explanation:

Refer the Screenshots attached for the output.

import java.io.BufferedReader;

import java.io.InputStreamReader;

public class TheSpeedOfSound {

public static void main(String[] s)

{

String medium;

double distance;

double time;

try{

BufferedReader choice = new BufferedReader(new InputStreamReader(System.in));

System.out.println("Enter one of the following: air, water, or steel: ");

medium = choice.readLine(); // reading input i.e. air, water or steel

//check for air water and steel

if (medium.equalsIgnoreCase("air") || medium.equalsIgnoreCase("water") || medium.equalsIgnoreCase("steel")){

System.out.println("Enter the distance the sound wave will travel: ");

distance = Double.parseDouble(choice.readLine()); // read distance value if it is air water or steel

switch (medium)

{

//if medium is air

case "air":

time = distance/1100;

System.out.print("It will take " + time + " seconds.");

break;

//if medium is water

case "water":

time = distance/4900;

System.out.print("It will take " + time + " seconds.");

break;

//if medium is steel

case "steel":

time = distance/16400;

System.out.print("It will take " + time + " seconds.");

break;

}

else{

System.out.print("Sorry, you must enter air, water, or steel.");

}

catch(Exception e){

e.printStackTrace();

}

8 0

3 years ago

What are 5 good movies like The Breakfast Club or 8 Mile?

Gnoma [55]

Answer:

The Notebook, Beauty and the Beast, Step Brother, The Breakfast Club and The Little Mermaid

Explanation:

8 0

3 years ago

Read 2 more answers

Identify the hardware components in your own computer. If you don't have a computer, use a friend's, or one at work or in an NVC

sergij07 [2.7K]

Solution :

A friend of mine have an old version of computer PC having the following components :

Input devices

Model name of the keyboard -- PUNTA , model number -- P-KB515

Model name of the mouse -- PUNTA, model number -- P-KB515

Output devices

Speaker : COMPAQ

Monitor : ACER, Model Number --- EB192Q

Storage : 500 MB capacity hard disk

RAM : 2 GB

Processor : Intel Pentium dual E1260 at the rate 1.80 GHz

It is provided with audio jacks

5 0

3 years ago

What is the advertising photographer’s main objective in creating an image?

iren2701 [21]

B. To sell it as a product

8 0

3 years ago

Please debug the below code in Java please.

lisabon 2012 [21]

Answer:

Check the explanation

Explanation:

//Bugs are highlighted in bold text

class Invoice

Declarations

private num invoiceNumber

private string customer

private num balanceDue

private num tax

public void setInvoiceNUMBER(num number)

Declarations

num LOW_NUM = 1000

num HIGH_NUM = 9999

if number > HIGH_NUM then

invoiceNumber = 0

else

if number < LOW_NUM then

invoiceNumber = 0

else

invoiceNumber = num

endif

return

public void setCustomer(string cust)

customer = cust

return

public void setBalanceDue(num balance)

//Bug balanceDue is Invoice class varible

//but it is assigned to balance .it gives error

balance = balanceDue

setTax()

return

private void setTax()

Declarations

//Bug TAX_RATE is declared as string

//but assigned a double value

string TAX_RATE = 0.07

tax = tax * TAX_RATE

return

public void displayInvoice()

output "Invoice #", invoiceNumber

output "Customer: ", customer

output "Due: ", balanceDue

output "Tax: ", taxDue

//Bug

//Invoice class has no variable called balance .it should be balanceDue

output "Total ", balance + taxDue

return

endClass

start

Declarations

Invoice inv1

Invoice inv2

Invoice inv3

//Warning

//it gives warning object taken but not initilaized

Invoice inv4

inv1.setInvoiceNumber(1244)

inv1.setCustomer("Brown")

inv1.setBalanceDue(1000.00)

inv1.displayInvoice()

inv2.setInvoiceNumber(77777)

inv2.setCustomer("Jenkins")

inv2.setBalanceDue(2000.00)

inv2.displayInvoice()

inv3.setInvoiceNumber(888)

inv3.setCustomer("Russell")

inv3.setBalanceDue(3000.00)

//Bug

//setTax method of Invioce doesnot take any arguments

inv3.setTax(210.00)

inv3.displayInvoice()

stop

//Here is the complete program in c++

//Run the program using Microsoft visual studio 2010 vc++

#include<iostream>

#include<iomanip>

#include<string>

using namespace std;

class Invoice

{

//class varibales

private:

int invoiceNumber;

string customer;

double balanceDue;

double tax;

//class methods

public:

void setCustomer(string cus);

void displayInvoice();

void setBalanceDue(double balance);

void setInvoiceNUMBER(int number);

void setTax();

};

void Invoice::displayInvoice()

{

cout<< setw(10)<<"Invoice #"<<setw(5)<<invoiceNumber<<endl;

cout<<setw(10)<<"Customer: "<<setw(5)<<customer<<endl;

cout<<setw(10)<<"Due: "<<setw(5)<<balanceDue<<endl;

cout<<setw(10)<<"Tax: "<<setw(5)<<tax<<endl;

//Bug

//Invoice class has no variable called balance .it should be balanceDue

cout<< "Total "<< balanceDue + tax<<endl;

}

void Invoice::setCustomer(string cust)

{

customer = cust;

}

void Invoice::setInvoiceNUMBER(int number)

{

const int LOW_NUM = 1000;

const int HIGH_NUM = 9999;

if( number > HIGH_NUM )

invoiceNumber = 0;

else

if (number < LOW_NUM )

invoiceNumber = 0;

else

invoiceNumber = number;

}

void Invoice::setBalanceDue(double balance)

{

balanceDue = balance;

}

void Invoice::setTax()

{

double TAX_RATE = 0.07;

tax = balanceDue * TAX_RATE;

}

int main()

{

Invoice inv1;

Invoice inv2;

Invoice inv3;

inv1.setInvoiceNUMBER(1244);

inv1.setCustomer("Brown");

inv1.setBalanceDue(1000.00);

inv1.setTax();

inv1.displayInvoice();

inv2.setInvoiceNUMBER(77777);

inv2.setCustomer("Jenkins");

inv2.setBalanceDue(2000.00);

inv2.setTax();

inv2.displayInvoice();

inv3.setInvoiceNUMBER(888);

inv3.setCustomer("Russell");

inv3.setBalanceDue(3000.00);

inv3.setTax();

inv3.displayInvoice();

system("pause");

return 0;

}

Kindly check the output image below.

5 0

3 years ago