Was this page helpful?
Your feedback about this content is important. Let us know what you think.
Additional feedback?
1500 characters remaining
Export (0) Print
Expand All

Security Recommendations (Visual J#)

Visual Studio 2005

Security should be an essential consideration in all phases of application development. The following sections provide some suggestions for increasing the security of your applications.

Visual J# Specific Security Recommendations

The following is in not a complete list of potential security problems, but it highlights some common issues of which Visual J# developers need to be aware:

  • Buffer overruns are a major security concern. Always use caution when copying data into a buffer and ensure that your code cannot write or read outside the buffer. Do not copy unchecked user input into a buffer, or allow unconfirmed size parameters to define the range of data being copied.

  • Do not make decisions based on file names. File names can be expressed in many different ways, and your test for a particular file may be bypassed.

  • Never hard-code passwords or other sensitive information into your application.

  • Always validate input that is used to generate SQL queries.

  • Do not display exception information. It provides attackers with valuable clues.

  • Make sure that your application works while running with the fewest possible privileges. Few applications require a user to be logged in as an administrator.

  • Do not store sensitive information in XML or other configuration files.

  • Use caution when using delegates passed from outside your application.

  • Run FxCop on your assemblies to ensure compliance with Microsoft .NET Framework Design Guidelines. FxCop can also find and warn against over 200 code defects.

General Security Recommendations

See Also

Community Additions

ADD
Show:
© 2015 Microsoft