Beefy Boxes and Bandwidth Generously Provided by pair Networks
P is for Practical

Re: Is this code secure, can I test it on my machine?

by Krambambuli (Deacon)
on May 24, 2010 at 07:20 UTC ( #841332=note: print w/ replies, xml ) Need Help??

in reply to Is this code secure, can I test it on my machine?

I'm afraid I'll frighten you with this, although it's rather obvious:

some code is "really secure", translates to "that code does nothing else than what it is supposed to do, ever, in any circumstances".

Which is the same as telling "that code has no known or unknown bug, present or future".

errr... You got my point :)

On the other hand, if you just wish to check that the code doesn't pro-actively spy out it's environment and send out passwords or the like, running it for a while on a virtual machine or in a chrooted environment and setting a Net filter around it to see if there is any suspect network activity is not hard to do.

Also, on the test machine, you could set up a file checksum app (Tripwire, AIDE, integrit, yafic, ...) that might help in making sure that none of the files in the working environment haven't been altered during the tests.

Even so, you'll catch just a tiny fraction of the possible gotchas.

It's like in real life: the better you're looking, the more dangers you'll see.

(Who would ever drink from the "clean" water at which she'd had a look through a good microscope before that...? :) ).
  • Comment on Re: Is this code secure, can I test it on my machine?

Log In?

What's my password?
Create A New User
Node Status?
node history
Node Type: note [id://841332]
and the web crawler heard nothing...

How do I use this? | Other CB clients
Other Users?
Others chanting in the Monastery: (3)
As of 2016-07-26 04:56 GMT
Find Nodes?
    Voting Booth?
    What is your favorite alternate name for a (specific) keyboard key?

    Results (231 votes). Check out past polls.