MeeGo 1.2 Harmattan Developer Documentation Develop for the Nokia N9

Secure coding

To avoid some of the most common security problems, keep the following in mind:

  • Ensure that illegal (malformed, unacceptable) inputs are discarded silently and that parsing signals an error code to the the parsing caller. Every call to a parser should again check for returned error values.
  • All error codes (for example, from standard library functions) should be checked and handled gracefully. It is acceptable for an application to stop and signal an error, but not acceptable to crash. An application should not signal the problem to the UI, because this may cause a Denial of Service by opening too many UI prompts.
  • If an application copies data to a buffer, it should always check data lengths. Use functions that copy explicit data lengths instead of relying on terminating nulls, or using wrappers such as libsafe.
  • An application should never use externally supplied data (including environmental variables) directly as a format string or input to system() or shell scripts. The data should be parsed and sanitized first.

Further information

For more information on secure coding, see the following links: