Beefy Boxes and Bandwidth Generously Provided by pair Networks
"be consistent"
 
PerlMonks  

Re: Is this code secure, can I test it on my machine?

by Krambambuli (Curate)
on May 24, 2010 at 07:20 UTC ( #841332=note: print w/replies, xml ) Need Help??


in reply to Is this code secure, can I test it on my machine?

I'm afraid I'll frighten you with this, although it's rather obvious:

some code is "really secure", translates to "that code does nothing else than what it is supposed to do, ever, in any circumstances".

Which is the same as telling "that code has no known or unknown bug, present or future".

errr... You got my point :)

On the other hand, if you just wish to check that the code doesn't pro-actively spy out it's environment and send out passwords or the like, running it for a while on a virtual machine or in a chrooted environment and setting a Net filter around it to see if there is any suspect network activity is not hard to do.

Also, on the test machine, you could set up a file checksum app (Tripwire, AIDE, integrit, yafic, ...) that might help in making sure that none of the files in the working environment haven't been altered during the tests.

Even so, you'll catch just a tiny fraction of the possible gotchas.

It's like in real life: the better you're looking, the more dangers you'll see.

(Who would ever drink from the "clean" water at which she'd had a look through a good microscope before that...? :) ).
  • Comment on Re: Is this code secure, can I test it on my machine?

Log In?
Username:
Password:

What's my password?
Create A New User
Node Status?
node history
Node Type: note [id://841332]
help
Chatterbox?
[Corion]: Meh, I found another Amazon "used" scam reseller... If a product sells for "almost new" at half the price, it's a scam, most likely...
[ambrus]: Corion: that's not true. Actually for Christmas and Thanksgiving, a lot of people buy electronics such as cameras as present, then many of them figure out they don't need it,
[ambrus]: and the electronics gets reselled almost new, but it has to be sold at half price because otherwise everyone chooses to buy the new product which has fewer risk of selling damaged products labelled as almost new.
[ambrus]: You can actually get a lot of useful cheap really almost new products that way, with only a little risk of scams.
[ambrus]: That's what some of the "Black Friday" sales are about.
[Corion]: ambrus: Well, usually, these people don't have in their description "mail me at dodgy_reseller # g m a i l | co m" , replace the "#" by "@" :)

How do I use this? | Other CB clients
Other Users?
Others lurking in the Monastery: (11)
As of 2017-11-21 14:59 GMT
Sections?
Information?
Find Nodes?
Leftovers?
    Voting Booth?
    In order to be able to say "I know Perl", you must have:













    Results (304 votes). Check out past polls.

    Notices?