About: Taint checking

An Entity of Type: work, from Named Graph: http://dbpedia.org, within Data Space: dbpedia.org

Taint checking is a feature in some computer programming languages, such as Perl, Ruby or Ballerina designed to increase security by preventing malicious users from executing commands on a host computer. Taint checks highlight specific security risks primarily associated with web sites which are attacked using techniques such as SQL injection or buffer overflow attack approaches.

Property Value
dbo:abstract
  • Taint checking is a feature in some computer programming languages, such as Perl, Ruby or Ballerina designed to increase security by preventing malicious users from executing commands on a host computer. Taint checks highlight specific security risks primarily associated with web sites which are attacked using techniques such as SQL injection or buffer overflow attack approaches. (en)
  • 污点检验是某些程序语言所拥有的特性,例如Perl和Ruby,可用于增加安全性和避免恶意用户在主机上执行命令。污点会检验突出的安全风险,一般来说这些风险与那些使用SQL注入或缓冲区溢出攻击的网站相关。 污点检验的原理是任何变量(例如在网页表单区域的一个变量集)能够被外部用户修改,从而造成了潜在的安全危险。如果该变量被一个表达式赋值给第二个变量,那么第二变量也是可疑的。污点检验工具在变量间传递运行,直到外部输入潜在地影响到所有的变量。如果这些变量中任何一个变量被用于执行危险命令(例如对SQL数据库或主机操作系统的直接命令),污点检检验工具将警告该程序正在使用有潜在危险的污点变量。程序员可以通过重新设计程序来避免因危险的输入而导致的安全问题。 污点检验能够被视为一个无界面全面验证的保守近似或者是更一般化的概念。因为系统中的信息流不能通过检验一个简单的执行追踪而被验证,污点分析的结果将必然地反映关于该系统信息流特征的近似信息。 (zh)
dbo:wikiPageExternalLink
dbo:wikiPageID
  • 3906986 (xsd:integer)
dbo:wikiPageLength
  • 5789 (xsd:nonNegativeInteger)
dbo:wikiPageRevisionID
  • 1086540277 (xsd:integer)
dbo:wikiPageWikiLink
dbp:wikiPageUsesTemplate
dcterms:subject
gold:hypernym
rdf:type
rdfs:comment
  • Taint checking is a feature in some computer programming languages, such as Perl, Ruby or Ballerina designed to increase security by preventing malicious users from executing commands on a host computer. Taint checks highlight specific security risks primarily associated with web sites which are attacked using techniques such as SQL injection or buffer overflow attack approaches. (en)
  • 污点检验是某些程序语言所拥有的特性,例如Perl和Ruby,可用于增加安全性和避免恶意用户在主机上执行命令。污点会检验突出的安全风险,一般来说这些风险与那些使用SQL注入或缓冲区溢出攻击的网站相关。 污点检验的原理是任何变量(例如在网页表单区域的一个变量集)能够被外部用户修改,从而造成了潜在的安全危险。如果该变量被一个表达式赋值给第二个变量,那么第二变量也是可疑的。污点检验工具在变量间传递运行,直到外部输入潜在地影响到所有的变量。如果这些变量中任何一个变量被用于执行危险命令(例如对SQL数据库或主机操作系统的直接命令),污点检检验工具将警告该程序正在使用有潜在危险的污点变量。程序员可以通过重新设计程序来避免因危险的输入而导致的安全问题。 污点检验能够被视为一个无界面全面验证的保守近似或者是更一般化的概念。因为系统中的信息流不能通过检验一个简单的执行追踪而被验证,污点分析的结果将必然地反映关于该系统信息流特征的近似信息。 (zh)
rdfs:label
  • Taint checking (en)
  • 污点检验 (zh)
owl:sameAs
prov:wasDerivedFrom
foaf:isPrimaryTopicOf
is dbo:wikiPageDisambiguates of
is dbo:wikiPageRedirects of
is dbo:wikiPageWikiLink of
is foaf:primaryTopic of
Powered by OpenLink Virtuoso    This material is Open Knowledge     W3C Semantic Web Technology     This material is Open Knowledge    Valid XHTML + RDFa
This content was extracted from Wikipedia and is licensed under the Creative Commons Attribution-ShareAlike 3.0 Unported License