C# Security Risks
Question
I am developing a small C# application, that acts as a handler for a certain web-protocol (myprotocol://blafoobar). Thus whenever the user clicks on such a web link, the handler is invoked by Windows. It then parses the URI and performs certain actions.
This of could of course be a security risk. One possible attack vector would be, that an attacker provides a malicious link to the user: "myprotocol://someevilstuff". Then the parsing of the URI would cause my application to expose some unexpected behavior, due to buffer overflows etc. (<- I'm no expert on this).
So I have a bunch of questions:
- Is C# in general more robust against buffer overflows etc. (since eg array bounds are always checked)?
- Is the C# string class rather safe (splitting etc.)?
- Is there some general advice what I should look out for/avoid?
1 answers
solution1
4 ACCPTED 2020-03-04 07:34:27
Is C# in general more robust against buffer overflows
It is, AS IS GOOD WRITTEN C# code - basically you MUST check allocated memory all the time. That said, unless your app explicitly violates trust boundaries (unsafe code, calls into native libraries) you are QUITE safe. 100% is not likely, but a lot of people work on fixing every bug there.
Is the C# string class rather safe (splitting etc.)?
Yes.
Is there some general advice what I should look out for/avoid?
Not really on a technical level. On a logical level - make the possible attack vector as small as possible, ie do not JUST delete things etc. and validate the input makes sense.
The technical post webpages of this site follow the CC BY-SA 4.0 protocol. If you need to reprint, please indicate the site URL or the original address.Any question please contact:yoyou2525@163.com.