All categories

2 years ago

Consider the following general code for allowing access to a resource:

Computers and Technology

1 answer:

Margaret [11]2 years ago

6 0

Answer:

a) The code allows access even when IsAccessAllowed(...) method fails.

b) Either use If

(dwRet = ACCESS_ALLOWED)

or use

if (dwRet == NO_ERROR)

to avoid flaw

Explanation:

Lets first see what the code chunk does:

DWORD dwRet = IsAccessAllowed(...);

if (dwRet == ERROR_ACCESS_DENIED) {

// Security check failed.

// Inform user that access is denied.

} else {

// Security check OK.

}

In the given code, DWORD is basically a data type for double word type integers and this is defined in windows.h

So there is DWORD type variable dwRet that is assigned a method calls.

The method is IsAccessAllowed() which checks if the access is allowed to user.

if (dwRet == ERROR_ACCESS_DENIED) condition basically checks if the value of DWORD type variable dwRet is equal to ERROR_ACCESS_DENIED

If this condition evaluates to true then the security checks fails and user is informed via some message or action that the access is denied. But when the if condition evaluates to false then the else part executes which allows access.

So basically this chunk of code checks if the error ERROR_ACCESS_DENIED is returned.

Now the flaw in this program is what if the method IsAccessAllowed() by any reason. The reasons can be system failure or the memory failure. In memory failure case for example, the system returns out of memory error. So this means that the error is not ERROR_ACCESS_DENIED. Instead it is out of memory error. So in such a case the user is allowed access as the if condition evaluates to false and else part executes. So if any other error is produced due to some reason like mentioned above, then user has unrestricted access.

This shows that the doe should not check for the failure or rely on checking ERROR_ACCESS_DENIED to allow access but instead it should check for success. Code should only give access privilege if access is allowed successfully or no error is produced.

So to avoid this flaw the code is altered as:

DWORD dwRet = IsAccessAllowed(...);

If (dwRet = ACCESS_ALLOWED) {

//Security check OK.

} else {

//Security check failed.

//Inform user that access is denied.

}

This will only allow access if ACCESS_ALLOWED evaluates to true and success is checked instead of failure here

You can also alter the if condition as:

If (dwRet = No_Error)

If (dwRet = 0)

The above if conditions checks if the access is allowed or if no error is produced. Only then it will allowed access otherwise not. So the access check is a success is checked first and failure (for any reason). The user is allowed access only if there is no error otherwise user is not allowed access.

You might be interested in

Ivan has five workbooks open. He has arranged these files in a specific grouping so he can view them at the same time. In order

Dafna1 [17]

Folder, Right? I'm sorry if this is not correct.

8 0

2 years ago

daniel wants to buy a computer to use for playing games after work. he loves racing games and wants to make sure his device has

kirza4 [7]

The factors which should be considered by Daniel are the RAM capacity and the Processor Core of the computer.

Computer games especially racing and football games are usually memory intensive and as such will require a good amount of RAM in other to ensure that the game runs smoothly as the RAM provides a temporary storage required for applications or programs to run smoothly.

Also, the processor core has to be put into consideration, Daniel will need a multi - core processor in other to aid the smooth running of his racing game.

Therefore, the factors that should be considered are the RAM and processor core.

Learn more :brainly.com/question/25010930

5 0

1 year ago

rite a method so that the main() code below can be replaced by simpler code that calls method calcMilesTraveled(). Original main

weeeeeb [17]

Complete Question

Write a method so that the main() code below can be replaced by the simpler code that calls method calcMiles() traveled.

Original main():

public class Calcmiles {

public static void main(string [] args) {

double milesperhour = 70.0;

double minutestraveled = 100.0;

double hourstraveled;

double milestraveled;

hourstraveled = minutestraveled / 60.0;

milestraveled = hourstraveled * milesperhour;

System.out.println("miles: " + milestraveled); } }

Answer:

import java.util.Scanner;

public class CalcMiles

{

public double CalculateMiles (double miles, double minutes)

{ //Method CalculateMiles defined above

//Declare required variables.

double hours = 0.0;

double mile = 0.0;

//Calculate the hours travelled and miles travelled.

hours = minutes / 60.0;

mile = hours * miles;

//The total miles travelled in return.

return mile;

}

public static void main(String [] args)

{

double milesPerHour = 70.0;

double minsTravelled = 100.0;

CalculateMiles timetraveles = new CalculateMiles();

System.out.println("Miles: " + timetravels.CalculateMiles(milesPerHour, minsTraveled));

}

//End of Program

//Program was written in Java

//Comments are used to explain some lines

Read more on Brainly.com - brainly.com/question/9409412#readmore

7 0

2 years ago

Assign courseStudent's name with Smith, age with 20, and ID with 9999. Use the printAll() member method and a separate println()

vekshin1

Answer:

Following are the program in the java language

public class Main // Main class

{

String courseStudentsname; // variable declaration

int age; // variable declaration

int ID; // variable declaration

Main() // default constructor

{

courseStudentsname="Smith";//assign the values mention in the question

age=20;//assign the values which is mention in the question

ID=9999;//assign the values which is mention in the question

}

void printAll() // method definition of printAll()

{

System.out.print("Name: " + courseStudentsname ); // display name

System.out.print(", Age: " + age); // display age

System.out.print(", ID: " + ID); // display id

}

public static void main(String[] args) // main fuunction()

{

Main ob=new Main(); // create the object of Main class

ob.printAll(); // calling the method printAll()

}

Output:

Name:"Smith, Age:20, ID:9999

Explanation:

Following are the description of program

Create a constructor of "Main" class and store the respective values of courseStudentsname,age and ID in that constructor .
create a method printAll() and print the respective values in the given format which is mention in the question by using System.out.print method.
In the main function create an object of "Main" class i.e "ob".
Finally, call the printAll() method by using the object of Main class.

4 0

2 years ago

RADIAC instruments that operate on the ionization principle are broken down into three main categories based on what?

mash [69]

Answer:

Electrical potential.

Explanation:

RADIAC Meter or instruments ( also known as radiation monitoring instruments) are measuring instruments that uses the principles of gaseous ionisation to conduct electricity flow internally to deflect the pointer for its Meter readings. These instruments can be analogue or digital.

They are used in industries to monitor the operation of certain equipments and processes. The level of electrical potential flow in the system determines the state or category of the instrument. Out of six, there are three main categories of electrical potential level.

6 0

2 years ago