This documentation is archived and is not being maintained.

Security Recommendations (Visual J#)

Visual Studio 2005

Security should be an essential consideration in all phases of application development. The following sections provide some suggestions for increasing the security of your applications.

Visual J# Specific Security Recommendations

The following is in not a complete list of potential security problems, but it highlights some common issues of which Visual J# developers need to be aware:

  • Buffer overruns are a major security concern. Always use caution when copying data into a buffer and ensure that your code cannot write or read outside the buffer. Do not copy unchecked user input into a buffer, or allow unconfirmed size parameters to define the range of data being copied.

  • Do not make decisions based on file names. File names can be expressed in many different ways, and your test for a particular file may be bypassed.

  • Never hard-code passwords or other sensitive information into your application.

  • Always validate input that is used to generate SQL queries.

  • Do not display exception information. It provides attackers with valuable clues.

  • Make sure that your application works while running with the fewest possible privileges. Few applications require a user to be logged in as an administrator.

  • Do not store sensitive information in XML or other configuration files.

  • Use caution when using delegates passed from outside your application.

  • Run FxCop on your assemblies to ensure compliance with Microsoft .NET Framework Design Guidelines. FxCop can also find and warn against over 200 code defects.

General Security Recommendations

See Also