10 lines
876 B
Plaintext
10 lines
876 B
Plaintext
== Recommended Secure Coding Practices
|
|
|
|
Regarding the execution of unknown code, the best solution is to not run code provided by an untrusted source. If you really need to do it, run the code in a https://en.wikipedia.org/wiki/Sandbox_(computer_security)[sandboxed] environment. Use jails, firewalls and whatever means your operating system and programming language provide (example: https://wiki.sei.cmu.edu/confluence/display/java/SEC54-J.+Create+a+secure+sandbox+using+a+security+manager[Security Managers] in java, https://www.w3schools.com/tags/att_iframe_sandbox.asp[iframes] and https://en.wikipedia.org/wiki/Same-origin_policy[same-origin policy] for javascript in a web browser).
|
|
|
|
|
|
Do not try to create a blacklist of dangerous code. It is impossible to cover all attacks that way.
|
|
|
|
|
|
Avoid using dynamic code APIs whenever possible. Hard-coded code is always safer.
|