Question

Is Polymorphism in programming related in any way to secure programming? explain and provide example.

Is Polymorphism in programming related in any way to secure programming? explain and provide example.

Engineering   Computer-Science   
0 0
Add a commentTranscribed image text
Next >

Homework Answers

Answer #1

`Hey,

Note: Brother if you have any queries related the answer please do comment. I would be very happy to resolve all your queries.

Secure. the whole point of polymorphism is that you can pass around objects that look like Animals but are in fact Giraffes. There are potential security issues here.

Every time you implement a method which takes an instance of an unsealed type, you MUST write that method to be robust in the face of potentially hostile instances of that type. You cannot rely upon any invariants which you know to be true of YOUR implementations, because some hostile web page might subclass your implementation, override the virtual methods to do stuff that messes up your logic, and passes it in. Every time I seal a class, I can write methods that use that class with the confidence that I know what that class does.

For ex

class MultiplyFun {

  

    // Method with 2 parameter

    static int Multiply(int a, int b)

    {

        return a * b;

    }

  

    // Method with the same name but 3 parameter

    static int Multiply(int a, int b, int c)

    {

        return a * b * c;

    }

}

  

class Main {

    public static void main(String[] args)

    {

        System.out.println(MultiplyFun.Multiply(2, 4));

  

        System.out.println(MultiplyFun.Multiply(2, 7, 3));

    }

}

3

Let's say you create a security validation class, which is passed to your main form by an IoC. Because you use this structure for a few different systems, like a good little programmer you create a base class with most of the logic, and put system-specific code in the derived classes.

An attacker takes a look, and finds this Template Method pattern. He also sees that a key piece of the puzzle, a property "SecurityDBConnString", is abstract (because it's used by base class logic but can't be specified there as it's system-specific), and when you overrode it for the system he's interested in, you didn't seal it. The attacker fires up his cracked VS copy, derives his own class from yours, further overriding SecurityDBConnString to point to a system he controls, then modifies the IoC registrations to pass in his new class. Now he's in, and you're in trouble.

Kindly revert for any queries

Thanks.

0 0
Know the answer?
Your Answer:

Post as a guest

Your Name:

What's your source?

Earn Coins

Coins can be redeemed for fabulous gifts.

Log In

Sign Up

Not the answer you're looking for?
Ask your own homework help question
Similar Questions
Polymorphism allows us to keep collections of different types of related objects. Explain how this is...
Polymorphism allows us to keep collections of different types of related objects. Explain how this is so using a practical example. (C++ programming)
About python: Explain what is Polymorphism and provide a code snippet
About python: Explain what is Polymorphism and provide a code snippet
Explain how methods are useful in Programming in General. Provide Examples.
Explain how methods are useful in Programming in General. Provide Examples.
Provide an example scenario of a binomial random variable that is related to your area of...
Provide an example scenario of a binomial random variable that is related to your area of work or interest (first, you need to describe your work or area of interest!) and explain clearly how each requirement for the binomial distribution is satisfied. You can use the following questions as guides to provide your example. Describe briefly your work or area of interest. Describe a situation related to your work or area of interest with a binomial random variable. Clearly state...
Provide an example that follows either the binomial or Poisson distribution, and explain why that example...
Provide an example that follows either the binomial or Poisson distribution, and explain why that example follows that particular distribution. In your responses to other students, make up numbers for the example provided by that other student, and ask a related probability question. Then, show the work (or describe the technology steps), and solve that probability example.
Programming Languages Explain why Java is a compilation implementation and not hybrid. Are there any hybrid...
Programming Languages Explain why Java is a compilation implementation and not hybrid. Are there any hybrid systems left? Explain how you arrived at your answer
Describe the term "elderspeak, and provide an example. what is the more appropriate way to communicate...
Describe the term "elderspeak, and provide an example. what is the more appropriate way to communicate with the elderly
Provide an explanation using an example of the way in which the ecological fallacy is the...
Provide an explanation using an example of the way in which the ecological fallacy is the result of errors with units of analysis . We are talking about Ecological Fallacy (100 words) textbook Basic of research Methods
Define an interaction effect and provide at least one example. What is one way to deal...
Define an interaction effect and provide at least one example. What is one way to deal with it in a regression model?
Discuss what is meant by subjective probability. Provide a business-related example in which subjective probability would...
Discuss what is meant by subjective probability. Provide a business-related example in which subjective probability would likely be used. Also provide an example when to use subjective probability assessment.
ADVERTISEMENT
Need Online Homework Help?

Get Answers For Free
Most questions answered within 1 hours.

Ask a Question
ADVERTISEMENT