1answer.
Ask question
Login Signup
Ask question
All categories
  • English
  • Mathematics
  • Social Studies
  • Business
  • History
  • Health
  • Geography
  • Biology
  • Physics
  • Chemistry
  • Computers and Technology
  • Arts
  • World Languages
  • Spanish
  • French
  • German
  • Advanced Placement (AP)
  • SAT
  • Medicine
  • Law
  • Engineering
Nataly_w [17]
3 years ago
13

Consider the following general code for allowing access to a resource:

Computers and Technology
1 answer:
Margaret [11]3 years ago
6 0

Answer:

a) The code allows access even when  IsAccessAllowed(...) method fails.

b) Either use If

(dwRet = ACCESS_ALLOWED)

or use

if (dwRet == NO_ERROR)

to avoid flaw

Explanation:

Lets first see what the code chunk does:

DWORD dwRet = IsAccessAllowed(...);

if (dwRet == ERROR_ACCESS_DENIED) {

// Security check failed.

// Inform user that access is denied.

} else {

// Security check OK.

}

In the given code, DWORD is basically a data type for double word type integers and this is defined in windows.h

So there is DWORD type variable dwRet that is assigned a method calls.

The method is IsAccessAllowed() which checks if the access is allowed to user.

if (dwRet == ERROR_ACCESS_DENIED) condition basically checks if the value of DWORD type variable dwRet is equal to ERROR_ACCESS_DENIED

If this condition evaluates to true then the security checks fails and user is informed via some message or action that the access is denied.  But when the if condition evaluates to false then the else part executes which allows access.

So basically this chunk of code checks if the error ERROR_ACCESS_DENIED is returned.

Now the flaw in this program is what if the method IsAccessAllowed() by any reason. The reasons can be system failure or the memory failure. In memory failure case for example, the system returns out of memory error. So this means that the error is not  ERROR_ACCESS_DENIED. Instead it is out of memory error. So in such a case the user is allowed access as the if condition evaluates to false and else part executes. So if any other error is produced due to some reason like mentioned above, then user has unrestricted access.

This shows that the doe should not check for the failure or rely on checking ERROR_ACCESS_DENIED to allow access but instead it should check for success. Code should only give access privilege if access is allowed successfully or no error is produced.

So to avoid this flaw the code is altered as:

DWORD dwRet = IsAccessAllowed(...);

If (dwRet = ACCESS_ALLOWED) {

//Security check OK.

} else {

//Security check failed.

//Inform user that access is denied.

}

This will only allow access if ACCESS_ALLOWED evaluates to true and success is checked instead of failure here

You can also alter the if condition as:

If (dwRet = No_Error)

or

If (dwRet = 0)

The above if conditions checks if the access is allowed or if no error is produced. Only then it will allowed access otherwise not. So the access check is a success is checked first and failure (for any reason). The user is allowed access only if there is no error otherwise user is not allowed access.

You might be interested in
In this lesson you wrote code to make the turtle draw squares. Briefly describe how the code for
ale4655 [162]

Explanation:

that programming language you must use?

3 0
3 years ago
When she manages a software development project, Candace uses a program called __________, because it supports a number of progr
alexandr402 [8]

Answer:

PLS programming language supporting.

Explanation:

7 0
3 years ago
Research 3 distributions that utilize the big data file systems approaches, and summarize the characteristics and provided funct
OlgaM077 [116]

Answer:

Explanation:

1: The three most popular data systems that make use of Big Data file systems approach are:

The HDFS (Hadoop Distributed File System), Apache Spark, and Quantcast File System(QFS).

HDFS is the most popular among these and it makes use of the MapReduce algorithm to perform the data management tasks. It can highly tolerate faults and can run on low-cost hardware. It was written in Java and it is an open-source software.

Apache Spark makes use of Resilient Distributed Data (RDD) protocol. It is much faster and lighter than the HDFS and it can be programmed using a variety of languages such as Java, Scala, Python, etc. Its main advantage over HDFS is that it is highly scalable.

While QFS was developed as an alternative to the HDFS and it is also highly fault-tolerant and with space efficient. It makes use of the Reed-Solomon Error Correction technique to perform the task of data management.

2: The NewSQL databases were developed as a solution to the scalability challenges of the monolithic SQL databases. They were designed to allow multiple nodes in the context of an SQL database without affecting the replication architecture. It worked really well during the starting years of the cloud technology. Some of the databases that make use of New SQL technology are Vitess, Citus, etc.

Vitess was developed as an automatic sharding solution to the MySQL. Every MySQL instance acts as a shard of the overall database and each of these instances uses standard MySQL master-slave replication to ensure higher availability.

While, Citus is a PostgreSQL equivalent of the Vitess. It ensures transparent sharding due to which it accounts for horizontal write scalability to PostgreSQL deployments.

NoSQL database technology was developed to provide a mechanism for the storage and retrieval of data that is modeled in a way other than the tabular relations used in the traditional databases (RDBMS). The most popular database that makes use of the NoSQL technology is MongoDB. It functions as a cross-platform document-oriented database. It is known for its ability to provide high availability of replica sets. A replica set is nothing but a bundle of two or more copies of the data

3 0
3 years ago
Program:
Mkey [24]

Answer:

See explaination

Explanation:

#method to print menu & handle user choice

def print_menu(input_str):

#printing menu

print('MENU')

print('c - Number of non-whitespace characters')

print('w - Number of words')

print('f - Fix capitalization')

print('r - Replace punctuation')

print('s - Shorten spaces')

print('q - Quit\n')

#getting choice

choice=input('Choose an option: ').lower()

#identifying choice

if choice=='c':

#displaying number of non white space chars in input_str

print('Number of non-whitespace characters:',get_num_of_non_WS_characters(input_str))

elif choice=='w':

#displaying number of words in input_str

print('Number of words:',get_num_of_words(input_str))

elif choice=='f':

#fixing capitalization and getting updated string and count of values capitalized

input_str,count=fix_capilization(input_str)

#displaying results

print('Number of letters capitalized:',count)

print('Edited text:',input_str)

elif choice=='r':

#replacing punctuation, displaying updated text

input_str=replace_punctuation(input_str)

print('Edited text:', input_str)

elif choice=='s':

#shortening spaces and displaying updated text

input_str = shorten_space(input_str)

print('Edited text:', input_str)

#returning choice and input_str

return choice,input_str

#returns the number of non white space chars in input_str

def get_num_of_non_WS_characters(input_str):

count=0

#looping through each character in input_str

for i in input_str:

if not i.isspace():

#i is not a space

count+=1

return count

#returns the number of words in input_str

def get_num_of_words(input_str):

#splitting words into list of tokens by space

words=input_str.split(' ')

count=0

#counting all non empty strings in words list

for i in words:

if len(i)>0:

count+=1

return count

#method to fix capitalization and return updated string and count of letters updated

def fix_capilization(input_str):

count=0

beginning=True #starting letter should be capitalized

result=''

for i in input_str:

if beginning and i.isalpha():

#start of a sentence and i is alphabetic

if i.islower():

#converting i to upper case, incrementing count

i=i.upper()

count+=1

result+=i

#not start of a sentence

beginning=False

elif i in '?.!':

#i is either ? or . or !, next letter should be capitalized

beginning=True

result+=i

else:

#any other character

result+=i

return result,count

#method to replace exclamation and semicolons with period and comma respectively

def replace_punctuation(input_str,exclamationCount =0,semicolonCount=0):

result=''

for i in input_str:

if i=='!':

i='.'

exclamationCount+=1

elif i==';':

i=','

semicolonCount+=1

result+=i

print('Punctuation replaced')

#displaying replaced values counts

print('exclamationCount:',exclamationCount)

print('semicolonCount:',semicolonCount)

return result

#removes all double or more spaces in input_str

def shorten_space(input_str):

input_str=input_str.strip()

result=''

prev=None

for i in input_str:

if prev==None:

result+=i

elif i==' ':

if prev != ' ':

result+=i

else:

result+=i

prev=i

return result

if __name__ == '__main__':

#getting input, printing it

input_str=input('Enter a sample text:\n')

print('\nYou entered:',input_str)

choice=' '

#looping until choice becomes q

while choice!='q':

choice,input_str=print_menu(input_str)

7 0
3 years ago
Kristen wants to view the records of her database in ascending order. What should she do?
Elanso [62]

the answer is Sort the table

6 0
3 years ago
Read 2 more answers
Other questions:
  • Make sure to read all of these specifications carefully. Write a function, named array_shifter, that accepts an array of doubles
    12·1 answer
  • What does the do not disturb button do on the iphone?
    12·1 answer
  • Write an application named [LastName]_MultiplicationTable and create a method that prompts the user for an integer value, for ex
    11·1 answer
  • ​ In addition to analyzing logic and program code, a project team usually holds a session with users, called a _____, to review
    5·1 answer
  • Along with an ip address, a subnet mask, and a name server, the other thing required for a computer to operate on a network is a
    15·1 answer
  • Users of an access point share the transmission capacity of the access point. The throughput a user gets is called the ________.
    11·1 answer
  • Write a Java program that prompts the user for an int n. You can assume that 1 ≤ n ≤ 9. Your program should use embedded for loo
    5·1 answer
  • The I/O modules take care of data movement between main memory and a particular device interface.A. TrueB. False
    9·1 answer
  • Good Morning! Please Help!
    15·1 answer
  • The computer stores currently used programs and data in ________.
    9·2 answers
Add answer
Login
Not registered? Fast signup
Signup
Login Signup
Ask question!