[web] Publish DC
Petr Kovář
pmkovar at fedoraproject.org
Mon Jul 21 13:55:45 UTC 2014
commit 1d01acbe0accf90df9208f5838ec885c408c7a19
Author: Petr Kovar <pkovar at redhat.com>
Date: Mon Jul 21 15:55:04 2014 +0200
Publish DC
fedoradocs.db | Bin 1028096 -> 1030144 bytes
public_html/Sitemap | 24 +
public_html/as-IN/Site_Statistics.html | 4 +-
.../opds-Community_Services_Infrastructure.xml | 2 +-
public_html/as-IN/opds-Fedora.xml | 2 +-
.../opds-Fedora_Contributor_Documentation.xml | 2 +-
public_html/as-IN/opds-Fedora_Core.xml | 2 +-
public_html/as-IN/opds-Fedora_Documentation.xml | 2 +-
.../as-IN/opds-Fedora_Draft_Documentation.xml | 2 +-
public_html/as-IN/opds-Fedora_Security_Team.xml | 22 +-
public_html/as-IN/opds.xml | 16 +-
public_html/as-IN/toc.html | 13 +-
public_html/bg-BG/Site_Statistics.html | 4 +-
.../opds-Community_Services_Infrastructure.xml | 2 +-
public_html/bg-BG/opds-Fedora.xml | 2 +-
.../opds-Fedora_Contributor_Documentation.xml | 2 +-
public_html/bg-BG/opds-Fedora_Core.xml | 2 +-
public_html/bg-BG/opds-Fedora_Documentation.xml | 2 +-
.../bg-BG/opds-Fedora_Draft_Documentation.xml | 2 +-
public_html/bg-BG/opds-Fedora_Security_Team.xml | 22 +-
public_html/bg-BG/opds.xml | 16 +-
public_html/bg-BG/toc.html | 13 +-
public_html/bn-IN/Site_Statistics.html | 4 +-
.../opds-Community_Services_Infrastructure.xml | 2 +-
public_html/bn-IN/opds-Fedora.xml | 2 +-
.../opds-Fedora_Contributor_Documentation.xml | 2 +-
public_html/bn-IN/opds-Fedora_Core.xml | 2 +-
public_html/bn-IN/opds-Fedora_Documentation.xml | 2 +-
.../bn-IN/opds-Fedora_Draft_Documentation.xml | 2 +-
public_html/bn-IN/opds-Fedora_Security_Team.xml | 22 +-
public_html/bn-IN/opds.xml | 16 +-
public_html/bn-IN/toc.html | 13 +-
public_html/bs-BA/Site_Statistics.html | 4 +-
.../opds-Community_Services_Infrastructure.xml | 2 +-
public_html/bs-BA/opds-Fedora.xml | 2 +-
.../opds-Fedora_Contributor_Documentation.xml | 2 +-
public_html/bs-BA/opds-Fedora_Core.xml | 2 +-
public_html/bs-BA/opds-Fedora_Documentation.xml | 2 +-
.../bs-BA/opds-Fedora_Draft_Documentation.xml | 2 +-
public_html/bs-BA/opds-Fedora_Security_Team.xml | 22 +-
public_html/bs-BA/opds.xml | 16 +-
public_html/bs-BA/toc.html | 13 +-
public_html/ca-ES/Site_Statistics.html | 4 +-
.../opds-Community_Services_Infrastructure.xml | 2 +-
public_html/ca-ES/opds-Fedora.xml | 2 +-
.../opds-Fedora_Contributor_Documentation.xml | 2 +-
public_html/ca-ES/opds-Fedora_Core.xml | 2 +-
public_html/ca-ES/opds-Fedora_Documentation.xml | 2 +-
.../ca-ES/opds-Fedora_Draft_Documentation.xml | 2 +-
public_html/ca-ES/opds-Fedora_Security_Team.xml | 22 +-
public_html/ca-ES/opds.xml | 16 +-
public_html/ca-ES/toc.html | 13 +-
public_html/cs-CZ/Site_Statistics.html | 4 +-
.../opds-Community_Services_Infrastructure.xml | 2 +-
public_html/cs-CZ/opds-Fedora.xml | 2 +-
.../opds-Fedora_Contributor_Documentation.xml | 2 +-
public_html/cs-CZ/opds-Fedora_Core.xml | 2 +-
public_html/cs-CZ/opds-Fedora_Documentation.xml | 2 +-
.../cs-CZ/opds-Fedora_Draft_Documentation.xml | 2 +-
public_html/cs-CZ/opds-Fedora_Security_Team.xml | 22 +-
public_html/cs-CZ/opds.xml | 16 +-
public_html/cs-CZ/toc.html | 13 +-
public_html/da-DK/Site_Statistics.html | 4 +-
.../opds-Community_Services_Infrastructure.xml | 2 +-
public_html/da-DK/opds-Fedora.xml | 2 +-
.../opds-Fedora_Contributor_Documentation.xml | 2 +-
public_html/da-DK/opds-Fedora_Core.xml | 2 +-
public_html/da-DK/opds-Fedora_Documentation.xml | 2 +-
.../da-DK/opds-Fedora_Draft_Documentation.xml | 2 +-
public_html/da-DK/opds-Fedora_Security_Team.xml | 22 +-
public_html/da-DK/opds.xml | 16 +-
public_html/da-DK/toc.html | 13 +-
public_html/de-DE/Site_Statistics.html | 4 +-
.../opds-Community_Services_Infrastructure.xml | 2 +-
public_html/de-DE/opds-Fedora.xml | 2 +-
.../opds-Fedora_Contributor_Documentation.xml | 2 +-
public_html/de-DE/opds-Fedora_Core.xml | 2 +-
public_html/de-DE/opds-Fedora_Documentation.xml | 2 +-
.../de-DE/opds-Fedora_Draft_Documentation.xml | 2 +-
public_html/de-DE/opds-Fedora_Security_Team.xml | 22 +-
public_html/de-DE/opds.xml | 16 +-
public_html/de-DE/toc.html | 13 +-
public_html/el-GR/Site_Statistics.html | 4 +-
.../opds-Community_Services_Infrastructure.xml | 2 +-
public_html/el-GR/opds-Fedora.xml | 2 +-
.../opds-Fedora_Contributor_Documentation.xml | 2 +-
public_html/el-GR/opds-Fedora_Core.xml | 2 +-
public_html/el-GR/opds-Fedora_Documentation.xml | 2 +-
.../el-GR/opds-Fedora_Draft_Documentation.xml | 2 +-
public_html/el-GR/opds-Fedora_Security_Team.xml | 22 +-
public_html/el-GR/opds.xml | 16 +-
public_html/el-GR/toc.html | 13 +-
...ora_Security_Team-1-Defensive_Coding-en-US.epub | Bin 323704 -> 340639 bytes
.../1/html-single/Defensive_Coding/index.html | 721 +++++++++++++-------
.../appe-Defensive_Coding-Revision_History.html | 24 +
.../1/html/Defensive_Coding/ch01s02s03s05.html | 4 +-
.../1/html/Defensive_Coding/ch01s02s03s06.html | 4 +-
.../1/html/Defensive_Coding/ch01s02s03s07.html | 4 +-
.../1/html/Defensive_Coding/ch01s03s05.html | 6 +-
.../1/html/Defensive_Coding/ch04s02.html | 4 +-
.../1/html/Defensive_Coding/ch04s03.html | 6 +-
.../1/html/Defensive_Coding/ch07s02.html | 13 +
.../1/html/Defensive_Coding/ch07s04.html | 27 +
.../1/html/Defensive_Coding/ch10s02.html | 14 +-
.../1/html/Defensive_Coding/ch10s03.html | 26 +-
.../1/html/Defensive_Coding/ch10s05.html | 24 +-
.../1/html/Defensive_Coding/ch11s02.html | 28 +-
.../1/html/Defensive_Coding/ch11s03.html | 41 ++
.../1/html/Defensive_Coding/ch11s05.html | 15 +
.../1/html/Defensive_Coding/ch12s02.html | 13 +
.../1/html/Defensive_Coding/ch12s04.html | 27 +
.../1/html/Defensive_Coding/ch12s06.html | 15 +
.../1/html/Defensive_Coding/ch13s02.html | 31 +
.../chap-Defensive_Coding-Authentication.html | 8 +-
.../Defensive_Coding/chap-Defensive_Coding-C.html | 43 +-
.../chap-Defensive_Coding-CXX.html | 16 +-
.../chap-Defensive_Coding-Go-Error_Handling.html | 55 ++
...chap-Defensive_Coding-Go-Garbage_Collector.html | 11 +
.../Defensive_Coding/chap-Defensive_Coding-Go.html | 17 +
.../chap-Defensive_Coding-Java.html | 6 +-
.../chap-Defensive_Coding-Python.html | 14 +-
.../chap-Defensive_Coding-TLS.html | 26 +-
.../chap-Defensive_Coding-Tasks-Cryptography.html | 8 +-
.../chap-Defensive_Coding-Tasks-File_System.html | 12 +-
...chap-Defensive_Coding-Tasks-Library_Design.html | 12 +-
.../chap-Defensive_Coding-Tasks-Packaging.html | 73 ++
.../chap-Defensive_Coding-Tasks-Serialization.html | 8 +-
...Defensive_Coding-Tasks-Temporary_Directory.html | 8 +-
...hap-Defensive_Coding-Tasks-Temporary_Files.html | 12 +-
.../chap-Defensive_Coding-Vala.html | 21 +
.../1/html/Defensive_Coding/index.html | 10 +-
.../1/html/Defensive_Coding/pt01.html | 4 +-
.../1/html/Defensive_Coding/pt02.html | 4 +-
.../1/html/Defensive_Coding/pt03.html | 4 +-
...Defensive_Coding-Authentication-Host_based.html | 6 +-
...ct-Defensive_Coding-Authentication-Netlink.html | 6 +-
...efensive_Coding-Authentication-UNIX_Domain.html | 6 +-
.../sect-Defensive_Coding-C-Allocators-Arrays.html | 8 +-
.../sect-Defensive_Coding-C-Allocators-Custom.html | 19 +
.../sect-Defensive_Coding-C-Allocators-alloca.html | 2 +-
.../sect-Defensive_Coding-C-Allocators.html | 10 +-
.../sect-Defensive_Coding-C-Avoid.html | 10 +-
.../sect-Defensive_Coding-C-Libc-strncat.html | 4 +-
.../sect-Defensive_Coding-C-Libc-strncpy.html | 4 +-
.../sect-Defensive_Coding-C-Libc-vsnprintf.html | 6 +-
.../sect-Defensive_Coding-C-Libc.html | 2 +-
.../sect-Defensive_Coding-C-Other.html | 4 +-
...Defensive_Coding-C-String-Functions-Length.html | 6 +-
.../sect-Defensive_Coding-CXX-Std-Iterators.html | 15 +
.../sect-Defensive_Coding-CXX-Std-String.html | 23 +
.../sect-Defensive_Coding-CXX-Std-Subscript.html | 15 +
.../sect-Defensive_Coding-CXX-Std.html | 50 ++-
.../sect-Defensive_Coding-Java-JNI.html | 2 +-
.../sect-Defensive_Coding-Java-LowLevel.html | 2 +-
.../sect-Defensive_Coding-Java-MiscUnsafe.html | 2 +-
...nsive_Coding-Java-SecurityManager-Activate.html | 2 +-
...ive_Coding-Java-SecurityManager-Privileged.html | 2 +-
...e_Coding-Java-SecurityManager-Unprivileged.html | 2 +-
...sect-Defensive_Coding-Java-SecurityManager.html | 2 +-
.../sect-Defensive_Coding-TLS-Client-GNUTLS.html | 32 +-
.../sect-Defensive_Coding-TLS-Client-NSS.html | 26 +-
.../sect-Defensive_Coding-TLS-Client-OpenJDK.html | 32 +-
.../sect-Defensive_Coding-TLS-Client-Python.html | 16 +-
.../sect-Defensive_Coding-TLS-Client.html | 32 +-
...e_Coding-Tasks-Descriptors-Child_Processes.html | 8 +-
...t-Defensive_Coding-Tasks-Descriptors-Limit.html | 6 +-
.../sect-Defensive_Coding-Tasks-Descriptors.html | 16 +-
...efensive_Coding-Tasks-File_System-Features.html | 6 +-
...Defensive_Coding-Tasks-File_System-Foreign.html | 8 +-
...ensive_Coding-Tasks-File_System-Free_Space.html | 6 +-
...-Defensive_Coding-Tasks-File_System-Limits.html | 6 +-
...sive_Coding-Tasks-Library_Design-Callbacks.html | 6 +-
...oding-Tasks-Packaging-Certificates-Service.html | 15 +
...t-Defensive_Coding-Tasks-Processes-Daemons.html | 6 +-
...nsive_Coding-Tasks-Processes-Fork-Parallel.html | 6 +-
.../sect-Defensive_Coding-Tasks-Processes.html | 26 +-
...e_Coding-Tasks-Serialization-Fragmentation.html | 33 +
...ct-Defensive_Coding-Tasks-Serialization-Qt.html | 18 +-
...ve_Coding-Tasks-Serialization-XML-Entities.html | 6 +-
...nsive_Coding-Tasks-Serialization-XML-Expat.html | 14 +-
...asks-Serialization-XML-OpenJDK_Parse-Other.html | 8 +-
...-Tasks-Serialization-XML-OpenJDK_Parse-SAX.html | 16 +-
...ding-Tasks-Serialization-XML-OpenJDK_Parse.html | 24 +-
..._Coding-Tasks-Serialization-XML-Validation.html | 6 +-
...ve_Coding-Tasks-Serialization-XML-XInclude.html | 6 +-
...t-Defensive_Coding-Tasks-Serialization-XML.html | 8 +-
...dora_Security_Team-1-Defensive_Coding-en-US.pdf | Bin 584627 -> 649928 bytes
public_html/en-US/Site_Statistics.html | 4 +-
.../opds-Community_Services_Infrastructure.xml | 2 +-
public_html/en-US/opds-Fedora.xml | 2 +-
.../opds-Fedora_Contributor_Documentation.xml | 2 +-
public_html/en-US/opds-Fedora_Core.xml | 2 +-
public_html/en-US/opds-Fedora_Documentation.xml | 2 +-
.../en-US/opds-Fedora_Draft_Documentation.xml | 2 +-
public_html/en-US/opds-Fedora_Security_Team.xml | 22 +-
public_html/en-US/opds.xml | 16 +-
public_html/en-US/toc.html | 13 +-
public_html/es-ES/Site_Statistics.html | 4 +-
.../opds-Community_Services_Infrastructure.xml | 2 +-
public_html/es-ES/opds-Fedora.xml | 2 +-
.../opds-Fedora_Contributor_Documentation.xml | 2 +-
public_html/es-ES/opds-Fedora_Core.xml | 2 +-
public_html/es-ES/opds-Fedora_Documentation.xml | 2 +-
.../es-ES/opds-Fedora_Draft_Documentation.xml | 2 +-
public_html/es-ES/opds-Fedora_Security_Team.xml | 22 +-
public_html/es-ES/opds.xml | 16 +-
public_html/es-ES/toc.html | 13 +-
public_html/fa-IR/Site_Statistics.html | 4 +-
.../opds-Community_Services_Infrastructure.xml | 2 +-
public_html/fa-IR/opds-Fedora.xml | 2 +-
.../opds-Fedora_Contributor_Documentation.xml | 2 +-
public_html/fa-IR/opds-Fedora_Core.xml | 2 +-
public_html/fa-IR/opds-Fedora_Documentation.xml | 2 +-
.../fa-IR/opds-Fedora_Draft_Documentation.xml | 2 +-
public_html/fa-IR/opds-Fedora_Security_Team.xml | 22 +-
public_html/fa-IR/opds.xml | 16 +-
public_html/fa-IR/toc.html | 13 +-
public_html/fi-FI/Site_Statistics.html | 4 +-
.../opds-Community_Services_Infrastructure.xml | 2 +-
public_html/fi-FI/opds-Fedora.xml | 2 +-
.../opds-Fedora_Contributor_Documentation.xml | 2 +-
public_html/fi-FI/opds-Fedora_Core.xml | 2 +-
public_html/fi-FI/opds-Fedora_Documentation.xml | 2 +-
.../fi-FI/opds-Fedora_Draft_Documentation.xml | 2 +-
public_html/fi-FI/opds-Fedora_Security_Team.xml | 22 +-
public_html/fi-FI/opds.xml | 16 +-
public_html/fi-FI/toc.html | 13 +-
public_html/fr-FR/Site_Statistics.html | 4 +-
.../opds-Community_Services_Infrastructure.xml | 2 +-
public_html/fr-FR/opds-Fedora.xml | 2 +-
.../opds-Fedora_Contributor_Documentation.xml | 2 +-
public_html/fr-FR/opds-Fedora_Core.xml | 2 +-
public_html/fr-FR/opds-Fedora_Documentation.xml | 2 +-
.../fr-FR/opds-Fedora_Draft_Documentation.xml | 2 +-
public_html/fr-FR/opds-Fedora_Security_Team.xml | 22 +-
public_html/fr-FR/opds.xml | 16 +-
public_html/fr-FR/toc.html | 13 +-
public_html/gu-IN/Site_Statistics.html | 4 +-
.../opds-Community_Services_Infrastructure.xml | 2 +-
public_html/gu-IN/opds-Fedora.xml | 2 +-
.../opds-Fedora_Contributor_Documentation.xml | 2 +-
public_html/gu-IN/opds-Fedora_Core.xml | 2 +-
public_html/gu-IN/opds-Fedora_Documentation.xml | 2 +-
.../gu-IN/opds-Fedora_Draft_Documentation.xml | 2 +-
public_html/gu-IN/opds-Fedora_Security_Team.xml | 22 +-
public_html/gu-IN/opds.xml | 16 +-
public_html/gu-IN/toc.html | 13 +-
public_html/he-IL/Site_Statistics.html | 4 +-
.../opds-Community_Services_Infrastructure.xml | 2 +-
public_html/he-IL/opds-Fedora.xml | 2 +-
.../opds-Fedora_Contributor_Documentation.xml | 2 +-
public_html/he-IL/opds-Fedora_Core.xml | 2 +-
public_html/he-IL/opds-Fedora_Documentation.xml | 2 +-
.../he-IL/opds-Fedora_Draft_Documentation.xml | 2 +-
public_html/he-IL/opds-Fedora_Security_Team.xml | 22 +-
public_html/he-IL/opds.xml | 16 +-
public_html/he-IL/toc.html | 13 +-
public_html/hi-IN/Site_Statistics.html | 4 +-
.../opds-Community_Services_Infrastructure.xml | 2 +-
public_html/hi-IN/opds-Fedora.xml | 2 +-
.../opds-Fedora_Contributor_Documentation.xml | 2 +-
public_html/hi-IN/opds-Fedora_Core.xml | 2 +-
public_html/hi-IN/opds-Fedora_Documentation.xml | 2 +-
.../hi-IN/opds-Fedora_Draft_Documentation.xml | 2 +-
public_html/hi-IN/opds-Fedora_Security_Team.xml | 22 +-
public_html/hi-IN/opds.xml | 16 +-
public_html/hi-IN/toc.html | 13 +-
public_html/hu-HU/Site_Statistics.html | 4 +-
.../opds-Community_Services_Infrastructure.xml | 2 +-
public_html/hu-HU/opds-Fedora.xml | 2 +-
.../opds-Fedora_Contributor_Documentation.xml | 2 +-
public_html/hu-HU/opds-Fedora_Core.xml | 2 +-
public_html/hu-HU/opds-Fedora_Documentation.xml | 2 +-
.../hu-HU/opds-Fedora_Draft_Documentation.xml | 2 +-
public_html/hu-HU/opds-Fedora_Security_Team.xml | 22 +-
public_html/hu-HU/opds.xml | 16 +-
public_html/hu-HU/toc.html | 13 +-
public_html/ia/Site_Statistics.html | 4 +-
.../ia/opds-Community_Services_Infrastructure.xml | 2 +-
public_html/ia/opds-Fedora.xml | 2 +-
.../ia/opds-Fedora_Contributor_Documentation.xml | 2 +-
public_html/ia/opds-Fedora_Core.xml | 2 +-
public_html/ia/opds-Fedora_Documentation.xml | 2 +-
public_html/ia/opds-Fedora_Draft_Documentation.xml | 2 +-
public_html/ia/opds-Fedora_Security_Team.xml | 22 +-
public_html/ia/opds.xml | 16 +-
public_html/ia/toc.html | 13 +-
public_html/id-ID/Site_Statistics.html | 4 +-
.../opds-Community_Services_Infrastructure.xml | 2 +-
public_html/id-ID/opds-Fedora.xml | 2 +-
.../opds-Fedora_Contributor_Documentation.xml | 2 +-
public_html/id-ID/opds-Fedora_Core.xml | 2 +-
public_html/id-ID/opds-Fedora_Documentation.xml | 2 +-
.../id-ID/opds-Fedora_Draft_Documentation.xml | 2 +-
public_html/id-ID/opds-Fedora_Security_Team.xml | 22 +-
public_html/id-ID/opds.xml | 16 +-
public_html/id-ID/toc.html | 13 +-
public_html/it-IT/Site_Statistics.html | 4 +-
.../opds-Community_Services_Infrastructure.xml | 2 +-
public_html/it-IT/opds-Fedora.xml | 2 +-
.../opds-Fedora_Contributor_Documentation.xml | 2 +-
public_html/it-IT/opds-Fedora_Core.xml | 2 +-
public_html/it-IT/opds-Fedora_Documentation.xml | 2 +-
.../it-IT/opds-Fedora_Draft_Documentation.xml | 2 +-
public_html/it-IT/opds-Fedora_Security_Team.xml | 22 +-
public_html/it-IT/opds.xml | 16 +-
public_html/it-IT/toc.html | 13 +-
public_html/ja-JP/Site_Statistics.html | 4 +-
.../opds-Community_Services_Infrastructure.xml | 2 +-
public_html/ja-JP/opds-Fedora.xml | 2 +-
.../opds-Fedora_Contributor_Documentation.xml | 2 +-
public_html/ja-JP/opds-Fedora_Core.xml | 2 +-
public_html/ja-JP/opds-Fedora_Documentation.xml | 2 +-
.../ja-JP/opds-Fedora_Draft_Documentation.xml | 2 +-
public_html/ja-JP/opds-Fedora_Security_Team.xml | 22 +-
public_html/ja-JP/opds.xml | 16 +-
public_html/ja-JP/toc.html | 13 +-
public_html/kn-IN/Site_Statistics.html | 4 +-
.../opds-Community_Services_Infrastructure.xml | 2 +-
public_html/kn-IN/opds-Fedora.xml | 2 +-
.../opds-Fedora_Contributor_Documentation.xml | 2 +-
public_html/kn-IN/opds-Fedora_Core.xml | 2 +-
public_html/kn-IN/opds-Fedora_Documentation.xml | 2 +-
.../kn-IN/opds-Fedora_Draft_Documentation.xml | 2 +-
public_html/kn-IN/opds-Fedora_Security_Team.xml | 22 +-
public_html/kn-IN/opds.xml | 16 +-
public_html/kn-IN/toc.html | 13 +-
public_html/ko-KR/Site_Statistics.html | 4 +-
.../opds-Community_Services_Infrastructure.xml | 2 +-
public_html/ko-KR/opds-Fedora.xml | 2 +-
.../opds-Fedora_Contributor_Documentation.xml | 2 +-
public_html/ko-KR/opds-Fedora_Core.xml | 2 +-
public_html/ko-KR/opds-Fedora_Documentation.xml | 2 +-
.../ko-KR/opds-Fedora_Draft_Documentation.xml | 2 +-
public_html/ko-KR/opds-Fedora_Security_Team.xml | 22 +-
public_html/ko-KR/opds.xml | 16 +-
public_html/ko-KR/toc.html | 13 +-
public_html/lt-LT/Site_Statistics.html | 4 +-
.../opds-Community_Services_Infrastructure.xml | 2 +-
public_html/lt-LT/opds-Fedora.xml | 2 +-
.../opds-Fedora_Contributor_Documentation.xml | 2 +-
public_html/lt-LT/opds-Fedora_Core.xml | 2 +-
public_html/lt-LT/opds-Fedora_Documentation.xml | 2 +-
.../lt-LT/opds-Fedora_Draft_Documentation.xml | 2 +-
public_html/lt-LT/opds-Fedora_Security_Team.xml | 22 +-
public_html/lt-LT/opds.xml | 16 +-
public_html/lt-LT/toc.html | 13 +-
public_html/ml-IN/Site_Statistics.html | 4 +-
.../opds-Community_Services_Infrastructure.xml | 2 +-
public_html/ml-IN/opds-Fedora.xml | 2 +-
.../opds-Fedora_Contributor_Documentation.xml | 2 +-
public_html/ml-IN/opds-Fedora_Core.xml | 2 +-
public_html/ml-IN/opds-Fedora_Documentation.xml | 2 +-
.../ml-IN/opds-Fedora_Draft_Documentation.xml | 2 +-
public_html/ml-IN/opds-Fedora_Security_Team.xml | 22 +-
public_html/ml-IN/opds.xml | 16 +-
public_html/ml-IN/toc.html | 13 +-
public_html/mr-IN/Site_Statistics.html | 4 +-
.../opds-Community_Services_Infrastructure.xml | 2 +-
public_html/mr-IN/opds-Fedora.xml | 2 +-
.../opds-Fedora_Contributor_Documentation.xml | 2 +-
public_html/mr-IN/opds-Fedora_Core.xml | 2 +-
public_html/mr-IN/opds-Fedora_Documentation.xml | 2 +-
.../mr-IN/opds-Fedora_Draft_Documentation.xml | 2 +-
public_html/mr-IN/opds-Fedora_Security_Team.xml | 22 +-
public_html/mr-IN/opds.xml | 16 +-
public_html/mr-IN/toc.html | 13 +-
public_html/nb-NO/Site_Statistics.html | 4 +-
.../opds-Community_Services_Infrastructure.xml | 2 +-
public_html/nb-NO/opds-Fedora.xml | 2 +-
.../opds-Fedora_Contributor_Documentation.xml | 2 +-
public_html/nb-NO/opds-Fedora_Core.xml | 2 +-
public_html/nb-NO/opds-Fedora_Documentation.xml | 2 +-
.../nb-NO/opds-Fedora_Draft_Documentation.xml | 2 +-
public_html/nb-NO/opds-Fedora_Security_Team.xml | 22 +-
public_html/nb-NO/opds.xml | 16 +-
public_html/nb-NO/toc.html | 13 +-
public_html/nl-NL/Site_Statistics.html | 4 +-
.../opds-Community_Services_Infrastructure.xml | 2 +-
public_html/nl-NL/opds-Fedora.xml | 2 +-
.../opds-Fedora_Contributor_Documentation.xml | 2 +-
public_html/nl-NL/opds-Fedora_Core.xml | 2 +-
public_html/nl-NL/opds-Fedora_Documentation.xml | 2 +-
.../nl-NL/opds-Fedora_Draft_Documentation.xml | 2 +-
public_html/nl-NL/opds-Fedora_Security_Team.xml | 22 +-
public_html/nl-NL/opds.xml | 16 +-
public_html/nl-NL/toc.html | 13 +-
public_html/opds.xml | 92 ++--
public_html/or-IN/Site_Statistics.html | 4 +-
.../opds-Community_Services_Infrastructure.xml | 2 +-
public_html/or-IN/opds-Fedora.xml | 2 +-
.../opds-Fedora_Contributor_Documentation.xml | 2 +-
public_html/or-IN/opds-Fedora_Core.xml | 2 +-
public_html/or-IN/opds-Fedora_Documentation.xml | 2 +-
.../or-IN/opds-Fedora_Draft_Documentation.xml | 2 +-
public_html/or-IN/opds-Fedora_Security_Team.xml | 22 +-
public_html/or-IN/opds.xml | 16 +-
public_html/or-IN/toc.html | 13 +-
public_html/pa-IN/Site_Statistics.html | 4 +-
.../opds-Community_Services_Infrastructure.xml | 2 +-
public_html/pa-IN/opds-Fedora.xml | 2 +-
.../opds-Fedora_Contributor_Documentation.xml | 2 +-
public_html/pa-IN/opds-Fedora_Core.xml | 2 +-
public_html/pa-IN/opds-Fedora_Documentation.xml | 2 +-
.../pa-IN/opds-Fedora_Draft_Documentation.xml | 2 +-
public_html/pa-IN/opds-Fedora_Security_Team.xml | 22 +-
public_html/pa-IN/opds.xml | 16 +-
public_html/pa-IN/toc.html | 13 +-
public_html/pl-PL/Site_Statistics.html | 4 +-
.../opds-Community_Services_Infrastructure.xml | 2 +-
public_html/pl-PL/opds-Fedora.xml | 2 +-
.../opds-Fedora_Contributor_Documentation.xml | 2 +-
public_html/pl-PL/opds-Fedora_Core.xml | 2 +-
public_html/pl-PL/opds-Fedora_Documentation.xml | 2 +-
.../pl-PL/opds-Fedora_Draft_Documentation.xml | 2 +-
public_html/pl-PL/opds-Fedora_Security_Team.xml | 22 +-
public_html/pl-PL/opds.xml | 16 +-
public_html/pl-PL/toc.html | 13 +-
public_html/pt-BR/Site_Statistics.html | 4 +-
.../opds-Community_Services_Infrastructure.xml | 2 +-
public_html/pt-BR/opds-Fedora.xml | 2 +-
.../opds-Fedora_Contributor_Documentation.xml | 2 +-
public_html/pt-BR/opds-Fedora_Core.xml | 2 +-
public_html/pt-BR/opds-Fedora_Documentation.xml | 2 +-
.../pt-BR/opds-Fedora_Draft_Documentation.xml | 2 +-
public_html/pt-BR/opds-Fedora_Security_Team.xml | 22 +-
public_html/pt-BR/opds.xml | 16 +-
public_html/pt-BR/toc.html | 13 +-
public_html/pt-PT/Site_Statistics.html | 4 +-
.../opds-Community_Services_Infrastructure.xml | 2 +-
public_html/pt-PT/opds-Fedora.xml | 2 +-
.../opds-Fedora_Contributor_Documentation.xml | 2 +-
public_html/pt-PT/opds-Fedora_Core.xml | 2 +-
public_html/pt-PT/opds-Fedora_Documentation.xml | 2 +-
.../pt-PT/opds-Fedora_Draft_Documentation.xml | 2 +-
public_html/pt-PT/opds-Fedora_Security_Team.xml | 22 +-
public_html/pt-PT/opds.xml | 16 +-
public_html/pt-PT/toc.html | 13 +-
public_html/ro/Site_Statistics.html | 4 +-
.../ro/opds-Community_Services_Infrastructure.xml | 2 +-
public_html/ro/opds-Fedora.xml | 2 +-
.../ro/opds-Fedora_Contributor_Documentation.xml | 2 +-
public_html/ro/opds-Fedora_Core.xml | 2 +-
public_html/ro/opds-Fedora_Documentation.xml | 2 +-
public_html/ro/opds-Fedora_Draft_Documentation.xml | 2 +-
public_html/ro/opds-Fedora_Security_Team.xml | 22 +-
public_html/ro/opds.xml | 16 +-
public_html/ro/toc.html | 13 +-
public_html/ru-RU/Site_Statistics.html | 4 +-
.../opds-Community_Services_Infrastructure.xml | 2 +-
public_html/ru-RU/opds-Fedora.xml | 2 +-
.../opds-Fedora_Contributor_Documentation.xml | 2 +-
public_html/ru-RU/opds-Fedora_Core.xml | 2 +-
public_html/ru-RU/opds-Fedora_Documentation.xml | 2 +-
.../ru-RU/opds-Fedora_Draft_Documentation.xml | 2 +-
public_html/ru-RU/opds-Fedora_Security_Team.xml | 22 +-
public_html/ru-RU/opds.xml | 16 +-
public_html/ru-RU/toc.html | 13 +-
public_html/sk-SK/Site_Statistics.html | 4 +-
.../opds-Community_Services_Infrastructure.xml | 2 +-
public_html/sk-SK/opds-Fedora.xml | 2 +-
.../opds-Fedora_Contributor_Documentation.xml | 2 +-
public_html/sk-SK/opds-Fedora_Core.xml | 2 +-
public_html/sk-SK/opds-Fedora_Documentation.xml | 2 +-
.../sk-SK/opds-Fedora_Draft_Documentation.xml | 2 +-
public_html/sk-SK/opds-Fedora_Security_Team.xml | 22 +-
public_html/sk-SK/opds.xml | 16 +-
public_html/sk-SK/toc.html | 13 +-
public_html/sr-Latn-RS/Site_Statistics.html | 4 +-
.../opds-Community_Services_Infrastructure.xml | 2 +-
public_html/sr-Latn-RS/opds-Fedora.xml | 2 +-
.../opds-Fedora_Contributor_Documentation.xml | 2 +-
public_html/sr-Latn-RS/opds-Fedora_Core.xml | 2 +-
.../sr-Latn-RS/opds-Fedora_Documentation.xml | 2 +-
.../sr-Latn-RS/opds-Fedora_Draft_Documentation.xml | 2 +-
.../sr-Latn-RS/opds-Fedora_Security_Team.xml | 22 +-
public_html/sr-Latn-RS/opds.xml | 16 +-
public_html/sr-Latn-RS/toc.html | 13 +-
public_html/sr-RS/Site_Statistics.html | 4 +-
.../opds-Community_Services_Infrastructure.xml | 2 +-
public_html/sr-RS/opds-Fedora.xml | 2 +-
.../opds-Fedora_Contributor_Documentation.xml | 2 +-
public_html/sr-RS/opds-Fedora_Core.xml | 2 +-
public_html/sr-RS/opds-Fedora_Documentation.xml | 2 +-
.../sr-RS/opds-Fedora_Draft_Documentation.xml | 2 +-
public_html/sr-RS/opds-Fedora_Security_Team.xml | 22 +-
public_html/sr-RS/opds.xml | 16 +-
public_html/sr-RS/toc.html | 13 +-
public_html/sv-SE/Site_Statistics.html | 4 +-
.../opds-Community_Services_Infrastructure.xml | 2 +-
public_html/sv-SE/opds-Fedora.xml | 2 +-
.../opds-Fedora_Contributor_Documentation.xml | 2 +-
public_html/sv-SE/opds-Fedora_Core.xml | 2 +-
public_html/sv-SE/opds-Fedora_Documentation.xml | 2 +-
.../sv-SE/opds-Fedora_Draft_Documentation.xml | 2 +-
public_html/sv-SE/opds-Fedora_Security_Team.xml | 22 +-
public_html/sv-SE/opds.xml | 16 +-
public_html/sv-SE/toc.html | 13 +-
public_html/ta-IN/Site_Statistics.html | 4 +-
.../opds-Community_Services_Infrastructure.xml | 2 +-
public_html/ta-IN/opds-Fedora.xml | 2 +-
.../opds-Fedora_Contributor_Documentation.xml | 2 +-
public_html/ta-IN/opds-Fedora_Core.xml | 2 +-
public_html/ta-IN/opds-Fedora_Documentation.xml | 2 +-
.../ta-IN/opds-Fedora_Draft_Documentation.xml | 2 +-
public_html/ta-IN/opds-Fedora_Security_Team.xml | 22 +-
public_html/ta-IN/opds.xml | 16 +-
public_html/ta-IN/toc.html | 13 +-
public_html/te-IN/Site_Statistics.html | 4 +-
.../opds-Community_Services_Infrastructure.xml | 2 +-
public_html/te-IN/opds-Fedora.xml | 2 +-
.../opds-Fedora_Contributor_Documentation.xml | 2 +-
public_html/te-IN/opds-Fedora_Core.xml | 2 +-
public_html/te-IN/opds-Fedora_Documentation.xml | 2 +-
.../te-IN/opds-Fedora_Draft_Documentation.xml | 2 +-
public_html/te-IN/opds-Fedora_Security_Team.xml | 22 +-
public_html/te-IN/opds.xml | 16 +-
public_html/te-IN/toc.html | 13 +-
public_html/toc.html | 20 +-
public_html/uk-UA/Site_Statistics.html | 4 +-
.../opds-Community_Services_Infrastructure.xml | 2 +-
public_html/uk-UA/opds-Fedora.xml | 2 +-
.../opds-Fedora_Contributor_Documentation.xml | 2 +-
public_html/uk-UA/opds-Fedora_Core.xml | 2 +-
public_html/uk-UA/opds-Fedora_Documentation.xml | 2 +-
.../uk-UA/opds-Fedora_Draft_Documentation.xml | 2 +-
public_html/uk-UA/opds-Fedora_Security_Team.xml | 22 +-
public_html/uk-UA/opds.xml | 16 +-
public_html/uk-UA/toc.html | 13 +-
public_html/zh-CN/Site_Statistics.html | 4 +-
.../opds-Community_Services_Infrastructure.xml | 2 +-
public_html/zh-CN/opds-Fedora.xml | 2 +-
.../opds-Fedora_Contributor_Documentation.xml | 2 +-
public_html/zh-CN/opds-Fedora_Core.xml | 2 +-
public_html/zh-CN/opds-Fedora_Documentation.xml | 2 +-
.../zh-CN/opds-Fedora_Draft_Documentation.xml | 2 +-
public_html/zh-CN/opds-Fedora_Security_Team.xml | 22 +-
public_html/zh-CN/opds.xml | 16 +-
public_html/zh-CN/toc.html | 13 +-
public_html/zh-TW/Site_Statistics.html | 4 +-
.../opds-Community_Services_Infrastructure.xml | 2 +-
public_html/zh-TW/opds-Fedora.xml | 2 +-
.../opds-Fedora_Contributor_Documentation.xml | 2 +-
public_html/zh-TW/opds-Fedora_Core.xml | 2 +-
public_html/zh-TW/opds-Fedora_Documentation.xml | 2 +-
.../zh-TW/opds-Fedora_Draft_Documentation.xml | 2 +-
public_html/zh-TW/opds-Fedora_Security_Team.xml | 22 +-
public_html/zh-TW/opds.xml | 16 +-
public_html/zh-TW/toc.html | 13 +-
549 files changed, 3581 insertions(+), 1591 deletions(-)
---
diff --git a/fedoradocs.db b/fedoradocs.db
index 012557a..cc41a63 100755
Binary files a/fedoradocs.db and b/fedoradocs.db differ
diff --git a/public_html/Sitemap b/public_html/Sitemap
index 2714964..0b67a6e 100644
--- a/public_html/Sitemap
+++ b/public_html/Sitemap
@@ -5695,6 +5695,30 @@
<priority>0.8</priority>
</url>
<url>
+ <loc>http://docs.fedoraproject.org/en-US/Fedora_Security_Team/1/epub/Defensive_Coding/Fedora_Security_Team-1-Defensive_Coding-en-US.epub</loc>
+ <lastmod>2014-07-21</lastmod>
+ <changefreq>monthly</changefreq>
+ <priority>0.8</priority>
+</url>
+<url>
+ <loc>http://docs.fedoraproject.org/en-US/Fedora_Security_Team/1/html/Defensive_Coding/index.html</loc>
+ <lastmod>2014-07-21</lastmod>
+ <changefreq>monthly</changefreq>
+ <priority>0.8</priority>
+</url>
+<url>
+ <loc>http://docs.fedoraproject.org/en-US/Fedora_Security_Team/1/html-single/Defensive_Coding/index.html</loc>
+ <lastmod>2014-07-21</lastmod>
+ <changefreq>monthly</changefreq>
+ <priority>0.8</priority>
+</url>
+<url>
+ <loc>http://docs.fedoraproject.org/en-US/Fedora_Security_Team/1/pdf/Defensive_Coding/Fedora_Security_Team-1-Defensive_Coding-en-US.pdf</loc>
+ <lastmod>2014-07-21</lastmod>
+ <changefreq>monthly</changefreq>
+ <priority>0.8</priority>
+</url>
+<url>
<loc>http://docs.fedoraproject.org/en-US/Fedora_Security_Team/1/epub/Secure_Ruby_Development_Guide/Fedora_Security_Team-1-Secure_Ruby_Development_Guide-en-US.epub</loc>
<lastmod>2014-07-14</lastmod>
<changefreq>monthly</changefreq>
diff --git a/public_html/as-IN/Site_Statistics.html b/public_html/as-IN/Site_Statistics.html
index 02caf19..bbbf9bd 100644
--- a/public_html/as-IN/Site_Statistics.html
+++ b/public_html/as-IN/Site_Statistics.html
@@ -28,7 +28,7 @@
<td>7</td>
<td>45</td>
<td>22</td>
- <td>166</td>
+ <td>167</td>
</tr>
<tr>
@@ -430,7 +430,7 @@
</table>
<div class="totals">
<b>Total Languages: </b>45<br />
- <b>Total Packages: </b>906
+ <b>Total Packages: </b>907
</div>
</body>
</html>
diff --git a/public_html/as-IN/opds-Community_Services_Infrastructure.xml b/public_html/as-IN/opds-Community_Services_Infrastructure.xml
index d3aa6f1..05df7a1 100644
--- a/public_html/as-IN/opds-Community_Services_Infrastructure.xml
+++ b/public_html/as-IN/opds-Community_Services_Infrastructure.xml
@@ -6,7 +6,7 @@
<id>http://docs.fedoraproject.org/as-IN/opds-Community_Services_Infrastructure.xml</id>
<title>Community Services Infrastructure</title>
<subtitle>Community Services Infrastructure</subtitle>
- <updated>2014-07-14T17:17:08</updated>
+ <updated>2014-07-21T13:54:24</updated>
<!--author>
<name></name>
<uri></uri>
diff --git a/public_html/as-IN/opds-Fedora.xml b/public_html/as-IN/opds-Fedora.xml
index cb994ca..e309e78 100644
--- a/public_html/as-IN/opds-Fedora.xml
+++ b/public_html/as-IN/opds-Fedora.xml
@@ -6,7 +6,7 @@
<id>http://docs.fedoraproject.org/as-IN/opds-Fedora.xml</id>
<title>Fedora</title>
<subtitle>Fedora</subtitle>
- <updated>2014-07-14T17:17:08</updated>
+ <updated>2014-07-21T13:54:24</updated>
<!--author>
<name></name>
<uri></uri>
diff --git a/public_html/as-IN/opds-Fedora_Contributor_Documentation.xml b/public_html/as-IN/opds-Fedora_Contributor_Documentation.xml
index 12ef2c9..9611ebe 100644
--- a/public_html/as-IN/opds-Fedora_Contributor_Documentation.xml
+++ b/public_html/as-IN/opds-Fedora_Contributor_Documentation.xml
@@ -6,7 +6,7 @@
<id>http://docs.fedoraproject.org/as-IN/opds-Fedora_Contributor_Documentation.xml</id>
<title>Fedora Contributor Documentation</title>
<subtitle>Fedora Contributor Documentation</subtitle>
- <updated>2014-07-14T17:17:08</updated>
+ <updated>2014-07-21T13:54:24</updated>
<!--author>
<name></name>
<uri></uri>
diff --git a/public_html/as-IN/opds-Fedora_Core.xml b/public_html/as-IN/opds-Fedora_Core.xml
index bc64d2c..aafdf5c 100644
--- a/public_html/as-IN/opds-Fedora_Core.xml
+++ b/public_html/as-IN/opds-Fedora_Core.xml
@@ -6,7 +6,7 @@
<id>http://docs.fedoraproject.org/as-IN/opds-Fedora_Core.xml</id>
<title>Fedora Core</title>
<subtitle>Fedora Core</subtitle>
- <updated>2014-07-14T17:17:08</updated>
+ <updated>2014-07-21T13:54:24</updated>
<!--author>
<name></name>
<uri></uri>
diff --git a/public_html/as-IN/opds-Fedora_Documentation.xml b/public_html/as-IN/opds-Fedora_Documentation.xml
index 5c5ded9..01cda22 100644
--- a/public_html/as-IN/opds-Fedora_Documentation.xml
+++ b/public_html/as-IN/opds-Fedora_Documentation.xml
@@ -6,7 +6,7 @@
<id>http://docs.fedoraproject.org/as-IN/opds-Fedora_Documentation.xml</id>
<title>Fedora Documentation</title>
<subtitle>Fedora Documentation</subtitle>
- <updated>2014-07-14T17:17:08</updated>
+ <updated>2014-07-21T13:54:24</updated>
<!--author>
<name></name>
<uri></uri>
diff --git a/public_html/as-IN/opds-Fedora_Draft_Documentation.xml b/public_html/as-IN/opds-Fedora_Draft_Documentation.xml
index cd7d72a..3dbcb5e 100644
--- a/public_html/as-IN/opds-Fedora_Draft_Documentation.xml
+++ b/public_html/as-IN/opds-Fedora_Draft_Documentation.xml
@@ -6,7 +6,7 @@
<id>http://docs.fedoraproject.org/as-IN/opds-Fedora_Draft_Documentation.xml</id>
<title>Fedora Draft Documentation</title>
<subtitle>Fedora Draft Documentation</subtitle>
- <updated>2014-07-14T17:17:08</updated>
+ <updated>2014-07-21T13:54:24</updated>
<!--author>
<name></name>
<uri></uri>
diff --git a/public_html/as-IN/opds-Fedora_Security_Team.xml b/public_html/as-IN/opds-Fedora_Security_Team.xml
index 1c61631..0c0cdfd 100644
--- a/public_html/as-IN/opds-Fedora_Security_Team.xml
+++ b/public_html/as-IN/opds-Fedora_Security_Team.xml
@@ -6,13 +6,31 @@
<id>http://docs.fedoraproject.org/as-IN/opds-Fedora_Security_Team.xml</id>
<title>Fedora Security Team</title>
<subtitle>Fedora Security Team</subtitle>
- <updated>2014-07-14T17:17:08</updated>
+ <updated>2014-07-21T13:54:24</updated>
<!--author>
<name></name>
<uri></uri>
</author-->
<entry>
+ <title>Defensive Coding</title>
+ <id>http://docs.fedoraproject.org/en-US/Fedora_Security_Team/1/epub/Defensive_Coding/Fedora_Security_Team-1-Defensive_Coding-en-US.epub</id>
+ <!--author>
+ <name></name>
+ <uri></uri>
+ </author-->
+ <updated>2014-07-21</updated>
+ <dc:language>as-IN</dc:language>
+ <category label="1" scheme="http://lexcycle.com/stanza/header" term="free"/>
+ <!--dc:issued></dc:issued-->
+ <summary>A Guide to Improving Software Security</summary>
+ <content type="text">This document provides guidelines for improving software security through secure coding. It covers common programming languages and libraries, and focuses on concrete recommendations.</content>
+ <link type="application/epub+zip" rel="http://opds-spec.org/acquisition" href="http://docs.fedoraproject.org/en-US/Fedora_Security_Team/1/epub/Defensive_Coding/Fedora_Security_Team-1-Defensive_Coding-en-US.epub">
+ <dc:format>application/epub+zip</dc:format>
+ </link>
+ <!--link type="application/atom+xml;type=entry" href="" rel="alternate" title="Full entry"/-->
+ </entry>
+ <entry>
<title>Secure Ruby Development Guide</title>
<id>http://docs.fedoraproject.org/en-US/Fedora_Security_Team/1/epub/Secure_Ruby_Development_Guide/Fedora_Security_Team-1-Secure_Ruby_Development_Guide-en-US.epub</id>
<!--author>
@@ -21,7 +39,7 @@
</author-->
<updated>2014-07-14</updated>
<dc:language>as-IN</dc:language>
- <category label="1" scheme="http://lexcycle.com/stanza/header" term="free"/>
+ <category label="" scheme="http://lexcycle.com/stanza/header" term="free"/>
<!--dc:issued></dc:issued-->
<summary>Guide to secure software development in Ruby</summary>
<content type="text">This guide covers security aspects of software development in Ruby.</content>
diff --git a/public_html/as-IN/opds.xml b/public_html/as-IN/opds.xml
index b57f671..81cb2cf 100644
--- a/public_html/as-IN/opds.xml
+++ b/public_html/as-IN/opds.xml
@@ -6,7 +6,7 @@
<link rel="http://opds-spec.org/crawlable" type="application/atom+xml" href="http://bookserver.archive.org/catalog/crawlable" title="Crawlable feed"/>
<id>http://docs.fedoraproject.org/as-IN/opds.xml</id>
<title>Product List</title>
- <updated>2014-07-14T17:17:08</updated>
+ <updated>2014-07-21T13:54:24</updated>
<!--author>
<name></name>
<uri></uri>
@@ -15,7 +15,7 @@
<entry>
<title>Community Services Infrastructure</title>
<id>http://docs.fedoraproject.org/as-IN/Community_Services_Infrastructure/opds-Community_Services_Infrastructure.xml</id>
- <updated>2014-07-14T17:17:08</updated>
+ <updated>2014-07-21T13:54:24</updated>
<dc:language>as-IN</dc:language>
<content type="text"></content>
<link type="application/atom+xml" href="opds-Community_Services_Infrastructure.xml"/>
@@ -23,7 +23,7 @@
<entry>
<title>Fedora</title>
<id>http://docs.fedoraproject.org/as-IN/Fedora/opds-Fedora.xml</id>
- <updated>2014-07-14T17:17:08</updated>
+ <updated>2014-07-21T13:54:24</updated>
<dc:language>as-IN</dc:language>
<content type="text"></content>
<link type="application/atom+xml" href="opds-Fedora.xml"/>
@@ -31,7 +31,7 @@
<entry>
<title>Fedora Contributor Documentation</title>
<id>http://docs.fedoraproject.org/as-IN/Fedora_Contributor_Documentation/opds-Fedora_Contributor_Documentation.xml</id>
- <updated>2014-07-14T17:17:08</updated>
+ <updated>2014-07-21T13:54:24</updated>
<dc:language>as-IN</dc:language>
<content type="text"></content>
<link type="application/atom+xml" href="opds-Fedora_Contributor_Documentation.xml"/>
@@ -39,7 +39,7 @@
<entry>
<title>Fedora Core</title>
<id>http://docs.fedoraproject.org/as-IN/Fedora_Core/opds-Fedora_Core.xml</id>
- <updated>2014-07-14T17:17:08</updated>
+ <updated>2014-07-21T13:54:24</updated>
<dc:language>as-IN</dc:language>
<content type="text"></content>
<link type="application/atom+xml" href="opds-Fedora_Core.xml"/>
@@ -47,7 +47,7 @@
<entry>
<title>Fedora Documentation</title>
<id>http://docs.fedoraproject.org/as-IN/Fedora_Documentation/opds-Fedora_Documentation.xml</id>
- <updated>2014-07-14T17:17:08</updated>
+ <updated>2014-07-21T13:54:24</updated>
<dc:language>as-IN</dc:language>
<content type="text"></content>
<link type="application/atom+xml" href="opds-Fedora_Documentation.xml"/>
@@ -55,7 +55,7 @@
<entry>
<title>Fedora Draft Documentation</title>
<id>http://docs.fedoraproject.org/as-IN/Fedora_Draft_Documentation/opds-Fedora_Draft_Documentation.xml</id>
- <updated>2014-07-14T17:17:08</updated>
+ <updated>2014-07-21T13:54:24</updated>
<dc:language>as-IN</dc:language>
<content type="text"></content>
<link type="application/atom+xml" href="opds-Fedora_Draft_Documentation.xml"/>
@@ -63,7 +63,7 @@
<entry>
<title>Fedora Security Team</title>
<id>http://docs.fedoraproject.org/as-IN/Fedora_Security_Team/opds-Fedora_Security_Team.xml</id>
- <updated>2014-07-14T17:17:08</updated>
+ <updated>2014-07-21T13:54:24</updated>
<dc:language>as-IN</dc:language>
<content type="text"></content>
<link type="application/atom+xml" href="opds-Fedora_Security_Team.xml"/>
diff --git a/public_html/as-IN/toc.html b/public_html/as-IN/toc.html
index 2ed56e4..6362dff 100644
--- a/public_html/as-IN/toc.html
+++ b/public_html/as-IN/toc.html
@@ -1800,12 +1800,19 @@
<div class="product collapsed" onclick="toggle(event, 'Fedora_Security_Team');work=1;">
<span class="product">Fedora Security Team</span>
<div id='Fedora_Security_Team' class="versions hidden">
- <div id='Fedora_Security_Team.1' class="version collapsed" onclick="toggle(event, 'Fedora_Security_Team.1.books');">
- <span class="version">1</span>
- <div id='Fedora_Security_Team.1.books' class="books hidden">
+ <div id='Fedora_Security_Team.1' class="version collapsed" onclick="toggle(event, 'Fedora_Security_Team.1.books');"> <div id='Fedora_Security_Team.1.books' class="books">
<div id='Fedora_Security_Team.1' class="version collapsed untranslated" onclick="toggle(event, 'Fedora_Security_Team.1.untrans_books');">
<span class="version">Untranslated</span>
<div id='Fedora_Security_Team.1.untrans_books' class="books hidden">
+ <div id='Fedora_Security_Team.1.Defensive_Coding' class="book collapsed" onclick="toggle(event, 'Fedora_Security_Team.1.Defensive_Coding.types');">
+ <a class="type" href="../en-US/Fedora_Security_Team/1/html/Defensive_Coding/index.html" onclick="window.top.location='../en-US/Fedora_Security_Team/1/html/Defensive_Coding/index.html'"><span class="book">Defensive Coding</span></a>
+ <div id='Fedora_Security_Team.1.Defensive_Coding.types' class="types hidden" onclick="work=0;">
+ <a class="type" href="../en-US/./Fedora_Security_Team/1/epub/Defensive_Coding/Fedora_Security_Team-1-Defensive_Coding-en-US.epub" >epub</a>
+ <a class="type" href="../en-US/./Fedora_Security_Team/1/html/Defensive_Coding/index.html" onclick="window.top.location='../en-US/./Fedora_Security_Team/1/html/Defensive_Coding/index.html';return false;">html</a>
+ <a class="type" href="../en-US/./Fedora_Security_Team/1/html-single/Defensive_Coding/index.html" onclick="window.top.location='../en-US/./Fedora_Security_Team/1/html-single/Defensive_Coding/index.html';return false;">html-single</a>
+ <a class="type" href="../en-US/./Fedora_Security_Team/1/pdf/Defensive_Coding/Fedora_Security_Team-1-Defensive_Coding-en-US.pdf" onclick="window.top.location='../en-US/./Fedora_Security_Team/1/pdf/Defensive_Coding/Fedora_Security_Team-1-Defensive_Coding-en-US.pdf';return false;">pdf</a>
+ </div>
+ </div>
<div id='Fedora_Security_Team.1.Secure_Ruby_Development_Guide' class="book collapsed" onclick="toggle(event, 'Fedora_Security_Team.1.Secure_Ruby_Development_Guide.types');">
<a class="type" href="../en-US/Fedora_Security_Team/1/html/Secure_Ruby_Development_Guide/index.html" onclick="window.top.location='../en-US/Fedora_Security_Team/1/html/Secure_Ruby_Development_Guide/index.html'"><span class="book">Secure Ruby Development Guide</span></a>
<div id='Fedora_Security_Team.1.Secure_Ruby_Development_Guide.types' class="types hidden" onclick="work=0;">
diff --git a/public_html/bg-BG/Site_Statistics.html b/public_html/bg-BG/Site_Statistics.html
index 02caf19..bbbf9bd 100644
--- a/public_html/bg-BG/Site_Statistics.html
+++ b/public_html/bg-BG/Site_Statistics.html
@@ -28,7 +28,7 @@
<td>7</td>
<td>45</td>
<td>22</td>
- <td>166</td>
+ <td>167</td>
</tr>
<tr>
@@ -430,7 +430,7 @@
</table>
<div class="totals">
<b>Total Languages: </b>45<br />
- <b>Total Packages: </b>906
+ <b>Total Packages: </b>907
</div>
</body>
</html>
diff --git a/public_html/bg-BG/opds-Community_Services_Infrastructure.xml b/public_html/bg-BG/opds-Community_Services_Infrastructure.xml
index eb2819f..5275fa9 100644
--- a/public_html/bg-BG/opds-Community_Services_Infrastructure.xml
+++ b/public_html/bg-BG/opds-Community_Services_Infrastructure.xml
@@ -6,7 +6,7 @@
<id>http://docs.fedoraproject.org/bg-BG/opds-Community_Services_Infrastructure.xml</id>
<title>Community Services Infrastructure</title>
<subtitle>Community Services Infrastructure</subtitle>
- <updated>2014-07-14T17:17:08</updated>
+ <updated>2014-07-21T13:54:24</updated>
<!--author>
<name></name>
<uri></uri>
diff --git a/public_html/bg-BG/opds-Fedora.xml b/public_html/bg-BG/opds-Fedora.xml
index a195168..48d4ff1 100644
--- a/public_html/bg-BG/opds-Fedora.xml
+++ b/public_html/bg-BG/opds-Fedora.xml
@@ -6,7 +6,7 @@
<id>http://docs.fedoraproject.org/bg-BG/opds-Fedora.xml</id>
<title>Fedora</title>
<subtitle>Fedora</subtitle>
- <updated>2014-07-14T17:17:08</updated>
+ <updated>2014-07-21T13:54:24</updated>
<!--author>
<name></name>
<uri></uri>
diff --git a/public_html/bg-BG/opds-Fedora_Contributor_Documentation.xml b/public_html/bg-BG/opds-Fedora_Contributor_Documentation.xml
index 36bb14f..8f7a054 100644
--- a/public_html/bg-BG/opds-Fedora_Contributor_Documentation.xml
+++ b/public_html/bg-BG/opds-Fedora_Contributor_Documentation.xml
@@ -6,7 +6,7 @@
<id>http://docs.fedoraproject.org/bg-BG/opds-Fedora_Contributor_Documentation.xml</id>
<title>Fedora Contributor Documentation</title>
<subtitle>Fedora Contributor Documentation</subtitle>
- <updated>2014-07-14T17:17:08</updated>
+ <updated>2014-07-21T13:54:24</updated>
<!--author>
<name></name>
<uri></uri>
diff --git a/public_html/bg-BG/opds-Fedora_Core.xml b/public_html/bg-BG/opds-Fedora_Core.xml
index 50a1ad4..0305b36 100644
--- a/public_html/bg-BG/opds-Fedora_Core.xml
+++ b/public_html/bg-BG/opds-Fedora_Core.xml
@@ -6,7 +6,7 @@
<id>http://docs.fedoraproject.org/bg-BG/opds-Fedora_Core.xml</id>
<title>Fedora Core</title>
<subtitle>Fedora Core</subtitle>
- <updated>2014-07-14T17:17:08</updated>
+ <updated>2014-07-21T13:54:24</updated>
<!--author>
<name></name>
<uri></uri>
diff --git a/public_html/bg-BG/opds-Fedora_Documentation.xml b/public_html/bg-BG/opds-Fedora_Documentation.xml
index d6ccc83..82b442c 100644
--- a/public_html/bg-BG/opds-Fedora_Documentation.xml
+++ b/public_html/bg-BG/opds-Fedora_Documentation.xml
@@ -6,7 +6,7 @@
<id>http://docs.fedoraproject.org/bg-BG/opds-Fedora_Documentation.xml</id>
<title>Fedora Documentation</title>
<subtitle>Fedora Documentation</subtitle>
- <updated>2014-07-14T17:17:08</updated>
+ <updated>2014-07-21T13:54:24</updated>
<!--author>
<name></name>
<uri></uri>
diff --git a/public_html/bg-BG/opds-Fedora_Draft_Documentation.xml b/public_html/bg-BG/opds-Fedora_Draft_Documentation.xml
index 186978a..a2fca9a 100644
--- a/public_html/bg-BG/opds-Fedora_Draft_Documentation.xml
+++ b/public_html/bg-BG/opds-Fedora_Draft_Documentation.xml
@@ -6,7 +6,7 @@
<id>http://docs.fedoraproject.org/bg-BG/opds-Fedora_Draft_Documentation.xml</id>
<title>Fedora Draft Documentation</title>
<subtitle>Fedora Draft Documentation</subtitle>
- <updated>2014-07-14T17:17:08</updated>
+ <updated>2014-07-21T13:54:24</updated>
<!--author>
<name></name>
<uri></uri>
diff --git a/public_html/bg-BG/opds-Fedora_Security_Team.xml b/public_html/bg-BG/opds-Fedora_Security_Team.xml
index dcabade..6f3e22a 100644
--- a/public_html/bg-BG/opds-Fedora_Security_Team.xml
+++ b/public_html/bg-BG/opds-Fedora_Security_Team.xml
@@ -6,13 +6,31 @@
<id>http://docs.fedoraproject.org/bg-BG/opds-Fedora_Security_Team.xml</id>
<title>Fedora Security Team</title>
<subtitle>Fedora Security Team</subtitle>
- <updated>2014-07-14T17:17:08</updated>
+ <updated>2014-07-21T13:54:24</updated>
<!--author>
<name></name>
<uri></uri>
</author-->
<entry>
+ <title>Defensive Coding</title>
+ <id>http://docs.fedoraproject.org/en-US/Fedora_Security_Team/1/epub/Defensive_Coding/Fedora_Security_Team-1-Defensive_Coding-en-US.epub</id>
+ <!--author>
+ <name></name>
+ <uri></uri>
+ </author-->
+ <updated>2014-07-21</updated>
+ <dc:language>bg-BG</dc:language>
+ <category label="1" scheme="http://lexcycle.com/stanza/header" term="free"/>
+ <!--dc:issued></dc:issued-->
+ <summary>A Guide to Improving Software Security</summary>
+ <content type="text">This document provides guidelines for improving software security through secure coding. It covers common programming languages and libraries, and focuses on concrete recommendations.</content>
+ <link type="application/epub+zip" rel="http://opds-spec.org/acquisition" href="http://docs.fedoraproject.org/en-US/Fedora_Security_Team/1/epub/Defensive_Coding/Fedora_Security_Team-1-Defensive_Coding-en-US.epub">
+ <dc:format>application/epub+zip</dc:format>
+ </link>
+ <!--link type="application/atom+xml;type=entry" href="" rel="alternate" title="Full entry"/-->
+ </entry>
+ <entry>
<title>Secure Ruby Development Guide</title>
<id>http://docs.fedoraproject.org/en-US/Fedora_Security_Team/1/epub/Secure_Ruby_Development_Guide/Fedora_Security_Team-1-Secure_Ruby_Development_Guide-en-US.epub</id>
<!--author>
@@ -21,7 +39,7 @@
</author-->
<updated>2014-07-14</updated>
<dc:language>bg-BG</dc:language>
- <category label="1" scheme="http://lexcycle.com/stanza/header" term="free"/>
+ <category label="" scheme="http://lexcycle.com/stanza/header" term="free"/>
<!--dc:issued></dc:issued-->
<summary>Guide to secure software development in Ruby</summary>
<content type="text">This guide covers security aspects of software development in Ruby.</content>
diff --git a/public_html/bg-BG/opds.xml b/public_html/bg-BG/opds.xml
index abd4420..d706a72 100644
--- a/public_html/bg-BG/opds.xml
+++ b/public_html/bg-BG/opds.xml
@@ -6,7 +6,7 @@
<link rel="http://opds-spec.org/crawlable" type="application/atom+xml" href="http://bookserver.archive.org/catalog/crawlable" title="Crawlable feed"/>
<id>http://docs.fedoraproject.org/bg-BG/opds.xml</id>
<title>Product List</title>
- <updated>2014-07-14T17:17:08</updated>
+ <updated>2014-07-21T13:54:24</updated>
<!--author>
<name></name>
<uri></uri>
@@ -15,7 +15,7 @@
<entry>
<title>Community Services Infrastructure</title>
<id>http://docs.fedoraproject.org/bg-BG/Community_Services_Infrastructure/opds-Community_Services_Infrastructure.xml</id>
- <updated>2014-07-14T17:17:08</updated>
+ <updated>2014-07-21T13:54:24</updated>
<dc:language>bg-BG</dc:language>
<content type="text"></content>
<link type="application/atom+xml" href="opds-Community_Services_Infrastructure.xml"/>
@@ -23,7 +23,7 @@
<entry>
<title>Fedora</title>
<id>http://docs.fedoraproject.org/bg-BG/Fedora/opds-Fedora.xml</id>
- <updated>2014-07-14T17:17:08</updated>
+ <updated>2014-07-21T13:54:24</updated>
<dc:language>bg-BG</dc:language>
<content type="text"></content>
<link type="application/atom+xml" href="opds-Fedora.xml"/>
@@ -31,7 +31,7 @@
<entry>
<title>Fedora Contributor Documentation</title>
<id>http://docs.fedoraproject.org/bg-BG/Fedora_Contributor_Documentation/opds-Fedora_Contributor_Documentation.xml</id>
- <updated>2014-07-14T17:17:08</updated>
+ <updated>2014-07-21T13:54:24</updated>
<dc:language>bg-BG</dc:language>
<content type="text"></content>
<link type="application/atom+xml" href="opds-Fedora_Contributor_Documentation.xml"/>
@@ -39,7 +39,7 @@
<entry>
<title>Fedora Core</title>
<id>http://docs.fedoraproject.org/bg-BG/Fedora_Core/opds-Fedora_Core.xml</id>
- <updated>2014-07-14T17:17:08</updated>
+ <updated>2014-07-21T13:54:24</updated>
<dc:language>bg-BG</dc:language>
<content type="text"></content>
<link type="application/atom+xml" href="opds-Fedora_Core.xml"/>
@@ -47,7 +47,7 @@
<entry>
<title>Fedora Documentation</title>
<id>http://docs.fedoraproject.org/bg-BG/Fedora_Documentation/opds-Fedora_Documentation.xml</id>
- <updated>2014-07-14T17:17:08</updated>
+ <updated>2014-07-21T13:54:24</updated>
<dc:language>bg-BG</dc:language>
<content type="text"></content>
<link type="application/atom+xml" href="opds-Fedora_Documentation.xml"/>
@@ -55,7 +55,7 @@
<entry>
<title>Fedora Draft Documentation</title>
<id>http://docs.fedoraproject.org/bg-BG/Fedora_Draft_Documentation/opds-Fedora_Draft_Documentation.xml</id>
- <updated>2014-07-14T17:17:08</updated>
+ <updated>2014-07-21T13:54:24</updated>
<dc:language>bg-BG</dc:language>
<content type="text"></content>
<link type="application/atom+xml" href="opds-Fedora_Draft_Documentation.xml"/>
@@ -63,7 +63,7 @@
<entry>
<title>Fedora Security Team</title>
<id>http://docs.fedoraproject.org/bg-BG/Fedora_Security_Team/opds-Fedora_Security_Team.xml</id>
- <updated>2014-07-14T17:17:08</updated>
+ <updated>2014-07-21T13:54:24</updated>
<dc:language>bg-BG</dc:language>
<content type="text"></content>
<link type="application/atom+xml" href="opds-Fedora_Security_Team.xml"/>
diff --git a/public_html/bg-BG/toc.html b/public_html/bg-BG/toc.html
index 052faa8..c218b01 100644
--- a/public_html/bg-BG/toc.html
+++ b/public_html/bg-BG/toc.html
@@ -1798,12 +1798,19 @@
<div class="product collapsed" onclick="toggle(event, 'Fedora_Security_Team');work=1;">
<span class="product">Fedora Security Team</span>
<div id='Fedora_Security_Team' class="versions hidden">
- <div id='Fedora_Security_Team.1' class="version collapsed" onclick="toggle(event, 'Fedora_Security_Team.1.books');">
- <span class="version">1</span>
- <div id='Fedora_Security_Team.1.books' class="books hidden">
+ <div id='Fedora_Security_Team.1' class="version collapsed" onclick="toggle(event, 'Fedora_Security_Team.1.books');"> <div id='Fedora_Security_Team.1.books' class="books">
<div id='Fedora_Security_Team.1' class="version collapsed untranslated" onclick="toggle(event, 'Fedora_Security_Team.1.untrans_books');">
<span class="version">Untranslated</span>
<div id='Fedora_Security_Team.1.untrans_books' class="books hidden">
+ <div id='Fedora_Security_Team.1.Defensive_Coding' class="book collapsed" onclick="toggle(event, 'Fedora_Security_Team.1.Defensive_Coding.types');">
+ <a class="type" href="../en-US/Fedora_Security_Team/1/html/Defensive_Coding/index.html" onclick="window.top.location='../en-US/Fedora_Security_Team/1/html/Defensive_Coding/index.html'"><span class="book">Defensive Coding</span></a>
+ <div id='Fedora_Security_Team.1.Defensive_Coding.types' class="types hidden" onclick="work=0;">
+ <a class="type" href="../en-US/./Fedora_Security_Team/1/epub/Defensive_Coding/Fedora_Security_Team-1-Defensive_Coding-en-US.epub" >epub</a>
+ <a class="type" href="../en-US/./Fedora_Security_Team/1/html/Defensive_Coding/index.html" onclick="window.top.location='../en-US/./Fedora_Security_Team/1/html/Defensive_Coding/index.html';return false;">html</a>
+ <a class="type" href="../en-US/./Fedora_Security_Team/1/html-single/Defensive_Coding/index.html" onclick="window.top.location='../en-US/./Fedora_Security_Team/1/html-single/Defensive_Coding/index.html';return false;">html-single</a>
+ <a class="type" href="../en-US/./Fedora_Security_Team/1/pdf/Defensive_Coding/Fedora_Security_Team-1-Defensive_Coding-en-US.pdf" onclick="window.top.location='../en-US/./Fedora_Security_Team/1/pdf/Defensive_Coding/Fedora_Security_Team-1-Defensive_Coding-en-US.pdf';return false;">pdf</a>
+ </div>
+ </div>
<div id='Fedora_Security_Team.1.Secure_Ruby_Development_Guide' class="book collapsed" onclick="toggle(event, 'Fedora_Security_Team.1.Secure_Ruby_Development_Guide.types');">
<a class="type" href="../en-US/Fedora_Security_Team/1/html/Secure_Ruby_Development_Guide/index.html" onclick="window.top.location='../en-US/Fedora_Security_Team/1/html/Secure_Ruby_Development_Guide/index.html'"><span class="book">Secure Ruby Development Guide</span></a>
<div id='Fedora_Security_Team.1.Secure_Ruby_Development_Guide.types' class="types hidden" onclick="work=0;">
diff --git a/public_html/bn-IN/Site_Statistics.html b/public_html/bn-IN/Site_Statistics.html
index 02caf19..bbbf9bd 100644
--- a/public_html/bn-IN/Site_Statistics.html
+++ b/public_html/bn-IN/Site_Statistics.html
@@ -28,7 +28,7 @@
<td>7</td>
<td>45</td>
<td>22</td>
- <td>166</td>
+ <td>167</td>
</tr>
<tr>
@@ -430,7 +430,7 @@
</table>
<div class="totals">
<b>Total Languages: </b>45<br />
- <b>Total Packages: </b>906
+ <b>Total Packages: </b>907
</div>
</body>
</html>
diff --git a/public_html/bn-IN/opds-Community_Services_Infrastructure.xml b/public_html/bn-IN/opds-Community_Services_Infrastructure.xml
index ef74b34..df13948 100644
--- a/public_html/bn-IN/opds-Community_Services_Infrastructure.xml
+++ b/public_html/bn-IN/opds-Community_Services_Infrastructure.xml
@@ -6,7 +6,7 @@
<id>http://docs.fedoraproject.org/bn-IN/opds-Community_Services_Infrastructure.xml</id>
<title>Community Services Infrastructure</title>
<subtitle>Community Services Infrastructure</subtitle>
- <updated>2014-07-14T17:17:08</updated>
+ <updated>2014-07-21T13:54:24</updated>
<!--author>
<name></name>
<uri></uri>
diff --git a/public_html/bn-IN/opds-Fedora.xml b/public_html/bn-IN/opds-Fedora.xml
index 900ec05..a38a6d7 100644
--- a/public_html/bn-IN/opds-Fedora.xml
+++ b/public_html/bn-IN/opds-Fedora.xml
@@ -6,7 +6,7 @@
<id>http://docs.fedoraproject.org/bn-IN/opds-Fedora.xml</id>
<title>Fedora</title>
<subtitle>Fedora</subtitle>
- <updated>2014-07-14T17:17:08</updated>
+ <updated>2014-07-21T13:54:24</updated>
<!--author>
<name></name>
<uri></uri>
diff --git a/public_html/bn-IN/opds-Fedora_Contributor_Documentation.xml b/public_html/bn-IN/opds-Fedora_Contributor_Documentation.xml
index 9f90faf..221c4d4 100644
--- a/public_html/bn-IN/opds-Fedora_Contributor_Documentation.xml
+++ b/public_html/bn-IN/opds-Fedora_Contributor_Documentation.xml
@@ -6,7 +6,7 @@
<id>http://docs.fedoraproject.org/bn-IN/opds-Fedora_Contributor_Documentation.xml</id>
<title>Fedora Contributor Documentation</title>
<subtitle>Fedora Contributor Documentation</subtitle>
- <updated>2014-07-14T17:17:08</updated>
+ <updated>2014-07-21T13:54:24</updated>
<!--author>
<name></name>
<uri></uri>
diff --git a/public_html/bn-IN/opds-Fedora_Core.xml b/public_html/bn-IN/opds-Fedora_Core.xml
index edcbc66..9cd1224 100644
--- a/public_html/bn-IN/opds-Fedora_Core.xml
+++ b/public_html/bn-IN/opds-Fedora_Core.xml
@@ -6,7 +6,7 @@
<id>http://docs.fedoraproject.org/bn-IN/opds-Fedora_Core.xml</id>
<title>Fedora Core</title>
<subtitle>Fedora Core</subtitle>
- <updated>2014-07-14T17:17:08</updated>
+ <updated>2014-07-21T13:54:24</updated>
<!--author>
<name></name>
<uri></uri>
diff --git a/public_html/bn-IN/opds-Fedora_Documentation.xml b/public_html/bn-IN/opds-Fedora_Documentation.xml
index 7ea7148..81a7c0c 100644
--- a/public_html/bn-IN/opds-Fedora_Documentation.xml
+++ b/public_html/bn-IN/opds-Fedora_Documentation.xml
@@ -6,7 +6,7 @@
<id>http://docs.fedoraproject.org/bn-IN/opds-Fedora_Documentation.xml</id>
<title>Fedora Documentation</title>
<subtitle>Fedora Documentation</subtitle>
- <updated>2014-07-14T17:17:08</updated>
+ <updated>2014-07-21T13:54:24</updated>
<!--author>
<name></name>
<uri></uri>
diff --git a/public_html/bn-IN/opds-Fedora_Draft_Documentation.xml b/public_html/bn-IN/opds-Fedora_Draft_Documentation.xml
index a5208cf..eb071e5 100644
--- a/public_html/bn-IN/opds-Fedora_Draft_Documentation.xml
+++ b/public_html/bn-IN/opds-Fedora_Draft_Documentation.xml
@@ -6,7 +6,7 @@
<id>http://docs.fedoraproject.org/bn-IN/opds-Fedora_Draft_Documentation.xml</id>
<title>Fedora Draft Documentation</title>
<subtitle>Fedora Draft Documentation</subtitle>
- <updated>2014-07-14T17:17:08</updated>
+ <updated>2014-07-21T13:54:24</updated>
<!--author>
<name></name>
<uri></uri>
diff --git a/public_html/bn-IN/opds-Fedora_Security_Team.xml b/public_html/bn-IN/opds-Fedora_Security_Team.xml
index b27a292..f0162e6 100644
--- a/public_html/bn-IN/opds-Fedora_Security_Team.xml
+++ b/public_html/bn-IN/opds-Fedora_Security_Team.xml
@@ -6,13 +6,31 @@
<id>http://docs.fedoraproject.org/bn-IN/opds-Fedora_Security_Team.xml</id>
<title>Fedora Security Team</title>
<subtitle>Fedora Security Team</subtitle>
- <updated>2014-07-14T17:17:08</updated>
+ <updated>2014-07-21T13:54:24</updated>
<!--author>
<name></name>
<uri></uri>
</author-->
<entry>
+ <title>Defensive Coding</title>
+ <id>http://docs.fedoraproject.org/en-US/Fedora_Security_Team/1/epub/Defensive_Coding/Fedora_Security_Team-1-Defensive_Coding-en-US.epub</id>
+ <!--author>
+ <name></name>
+ <uri></uri>
+ </author-->
+ <updated>2014-07-21</updated>
+ <dc:language>bn-IN</dc:language>
+ <category label="1" scheme="http://lexcycle.com/stanza/header" term="free"/>
+ <!--dc:issued></dc:issued-->
+ <summary>A Guide to Improving Software Security</summary>
+ <content type="text">This document provides guidelines for improving software security through secure coding. It covers common programming languages and libraries, and focuses on concrete recommendations.</content>
+ <link type="application/epub+zip" rel="http://opds-spec.org/acquisition" href="http://docs.fedoraproject.org/en-US/Fedora_Security_Team/1/epub/Defensive_Coding/Fedora_Security_Team-1-Defensive_Coding-en-US.epub">
+ <dc:format>application/epub+zip</dc:format>
+ </link>
+ <!--link type="application/atom+xml;type=entry" href="" rel="alternate" title="Full entry"/-->
+ </entry>
+ <entry>
<title>Secure Ruby Development Guide</title>
<id>http://docs.fedoraproject.org/en-US/Fedora_Security_Team/1/epub/Secure_Ruby_Development_Guide/Fedora_Security_Team-1-Secure_Ruby_Development_Guide-en-US.epub</id>
<!--author>
@@ -21,7 +39,7 @@
</author-->
<updated>2014-07-14</updated>
<dc:language>bn-IN</dc:language>
- <category label="1" scheme="http://lexcycle.com/stanza/header" term="free"/>
+ <category label="" scheme="http://lexcycle.com/stanza/header" term="free"/>
<!--dc:issued></dc:issued-->
<summary>Guide to secure software development in Ruby</summary>
<content type="text">This guide covers security aspects of software development in Ruby.</content>
diff --git a/public_html/bn-IN/opds.xml b/public_html/bn-IN/opds.xml
index 51156e0..7c598db 100644
--- a/public_html/bn-IN/opds.xml
+++ b/public_html/bn-IN/opds.xml
@@ -6,7 +6,7 @@
<link rel="http://opds-spec.org/crawlable" type="application/atom+xml" href="http://bookserver.archive.org/catalog/crawlable" title="Crawlable feed"/>
<id>http://docs.fedoraproject.org/bn-IN/opds.xml</id>
<title>Product List</title>
- <updated>2014-07-14T17:17:08</updated>
+ <updated>2014-07-21T13:54:24</updated>
<!--author>
<name></name>
<uri></uri>
@@ -15,7 +15,7 @@
<entry>
<title>Community Services Infrastructure</title>
<id>http://docs.fedoraproject.org/bn-IN/Community_Services_Infrastructure/opds-Community_Services_Infrastructure.xml</id>
- <updated>2014-07-14T17:17:08</updated>
+ <updated>2014-07-21T13:54:24</updated>
<dc:language>bn-IN</dc:language>
<content type="text"></content>
<link type="application/atom+xml" href="opds-Community_Services_Infrastructure.xml"/>
@@ -23,7 +23,7 @@
<entry>
<title>Fedora</title>
<id>http://docs.fedoraproject.org/bn-IN/Fedora/opds-Fedora.xml</id>
- <updated>2014-07-14T17:17:08</updated>
+ <updated>2014-07-21T13:54:24</updated>
<dc:language>bn-IN</dc:language>
<content type="text"></content>
<link type="application/atom+xml" href="opds-Fedora.xml"/>
@@ -31,7 +31,7 @@
<entry>
<title>Fedora Contributor Documentation</title>
<id>http://docs.fedoraproject.org/bn-IN/Fedora_Contributor_Documentation/opds-Fedora_Contributor_Documentation.xml</id>
- <updated>2014-07-14T17:17:08</updated>
+ <updated>2014-07-21T13:54:24</updated>
<dc:language>bn-IN</dc:language>
<content type="text"></content>
<link type="application/atom+xml" href="opds-Fedora_Contributor_Documentation.xml"/>
@@ -39,7 +39,7 @@
<entry>
<title>Fedora Core</title>
<id>http://docs.fedoraproject.org/bn-IN/Fedora_Core/opds-Fedora_Core.xml</id>
- <updated>2014-07-14T17:17:08</updated>
+ <updated>2014-07-21T13:54:24</updated>
<dc:language>bn-IN</dc:language>
<content type="text"></content>
<link type="application/atom+xml" href="opds-Fedora_Core.xml"/>
@@ -47,7 +47,7 @@
<entry>
<title>Fedora Documentation</title>
<id>http://docs.fedoraproject.org/bn-IN/Fedora_Documentation/opds-Fedora_Documentation.xml</id>
- <updated>2014-07-14T17:17:08</updated>
+ <updated>2014-07-21T13:54:24</updated>
<dc:language>bn-IN</dc:language>
<content type="text"></content>
<link type="application/atom+xml" href="opds-Fedora_Documentation.xml"/>
@@ -55,7 +55,7 @@
<entry>
<title>Fedora Draft Documentation</title>
<id>http://docs.fedoraproject.org/bn-IN/Fedora_Draft_Documentation/opds-Fedora_Draft_Documentation.xml</id>
- <updated>2014-07-14T17:17:08</updated>
+ <updated>2014-07-21T13:54:24</updated>
<dc:language>bn-IN</dc:language>
<content type="text"></content>
<link type="application/atom+xml" href="opds-Fedora_Draft_Documentation.xml"/>
@@ -63,7 +63,7 @@
<entry>
<title>Fedora Security Team</title>
<id>http://docs.fedoraproject.org/bn-IN/Fedora_Security_Team/opds-Fedora_Security_Team.xml</id>
- <updated>2014-07-14T17:17:08</updated>
+ <updated>2014-07-21T13:54:24</updated>
<dc:language>bn-IN</dc:language>
<content type="text"></content>
<link type="application/atom+xml" href="opds-Fedora_Security_Team.xml"/>
diff --git a/public_html/bn-IN/toc.html b/public_html/bn-IN/toc.html
index 7401040..6c4e130 100644
--- a/public_html/bn-IN/toc.html
+++ b/public_html/bn-IN/toc.html
@@ -1800,12 +1800,19 @@
<div class="product collapsed" onclick="toggle(event, 'Fedora_Security_Team');work=1;">
<span class="product">Fedora Security Team</span>
<div id='Fedora_Security_Team' class="versions hidden">
- <div id='Fedora_Security_Team.1' class="version collapsed" onclick="toggle(event, 'Fedora_Security_Team.1.books');">
- <span class="version">1</span>
- <div id='Fedora_Security_Team.1.books' class="books hidden">
+ <div id='Fedora_Security_Team.1' class="version collapsed" onclick="toggle(event, 'Fedora_Security_Team.1.books');"> <div id='Fedora_Security_Team.1.books' class="books">
<div id='Fedora_Security_Team.1' class="version collapsed untranslated" onclick="toggle(event, 'Fedora_Security_Team.1.untrans_books');">
<span class="version">Untranslated</span>
<div id='Fedora_Security_Team.1.untrans_books' class="books hidden">
+ <div id='Fedora_Security_Team.1.Defensive_Coding' class="book collapsed" onclick="toggle(event, 'Fedora_Security_Team.1.Defensive_Coding.types');">
+ <a class="type" href="../en-US/Fedora_Security_Team/1/html/Defensive_Coding/index.html" onclick="window.top.location='../en-US/Fedora_Security_Team/1/html/Defensive_Coding/index.html'"><span class="book">Defensive Coding</span></a>
+ <div id='Fedora_Security_Team.1.Defensive_Coding.types' class="types hidden" onclick="work=0;">
+ <a class="type" href="../en-US/./Fedora_Security_Team/1/epub/Defensive_Coding/Fedora_Security_Team-1-Defensive_Coding-en-US.epub" >epub</a>
+ <a class="type" href="../en-US/./Fedora_Security_Team/1/html/Defensive_Coding/index.html" onclick="window.top.location='../en-US/./Fedora_Security_Team/1/html/Defensive_Coding/index.html';return false;">html</a>
+ <a class="type" href="../en-US/./Fedora_Security_Team/1/html-single/Defensive_Coding/index.html" onclick="window.top.location='../en-US/./Fedora_Security_Team/1/html-single/Defensive_Coding/index.html';return false;">html-single</a>
+ <a class="type" href="../en-US/./Fedora_Security_Team/1/pdf/Defensive_Coding/Fedora_Security_Team-1-Defensive_Coding-en-US.pdf" onclick="window.top.location='../en-US/./Fedora_Security_Team/1/pdf/Defensive_Coding/Fedora_Security_Team-1-Defensive_Coding-en-US.pdf';return false;">pdf</a>
+ </div>
+ </div>
<div id='Fedora_Security_Team.1.Secure_Ruby_Development_Guide' class="book collapsed" onclick="toggle(event, 'Fedora_Security_Team.1.Secure_Ruby_Development_Guide.types');">
<a class="type" href="../en-US/Fedora_Security_Team/1/html/Secure_Ruby_Development_Guide/index.html" onclick="window.top.location='../en-US/Fedora_Security_Team/1/html/Secure_Ruby_Development_Guide/index.html'"><span class="book">Secure Ruby Development Guide</span></a>
<div id='Fedora_Security_Team.1.Secure_Ruby_Development_Guide.types' class="types hidden" onclick="work=0;">
diff --git a/public_html/bs-BA/Site_Statistics.html b/public_html/bs-BA/Site_Statistics.html
index 02caf19..bbbf9bd 100644
--- a/public_html/bs-BA/Site_Statistics.html
+++ b/public_html/bs-BA/Site_Statistics.html
@@ -28,7 +28,7 @@
<td>7</td>
<td>45</td>
<td>22</td>
- <td>166</td>
+ <td>167</td>
</tr>
<tr>
@@ -430,7 +430,7 @@
</table>
<div class="totals">
<b>Total Languages: </b>45<br />
- <b>Total Packages: </b>906
+ <b>Total Packages: </b>907
</div>
</body>
</html>
diff --git a/public_html/bs-BA/opds-Community_Services_Infrastructure.xml b/public_html/bs-BA/opds-Community_Services_Infrastructure.xml
index fac419a..2bc7077 100644
--- a/public_html/bs-BA/opds-Community_Services_Infrastructure.xml
+++ b/public_html/bs-BA/opds-Community_Services_Infrastructure.xml
@@ -6,7 +6,7 @@
<id>http://docs.fedoraproject.org/bs-BA/opds-Community_Services_Infrastructure.xml</id>
<title>Community Services Infrastructure</title>
<subtitle>Community Services Infrastructure</subtitle>
- <updated>2014-07-14T17:17:08</updated>
+ <updated>2014-07-21T13:54:24</updated>
<!--author>
<name></name>
<uri></uri>
diff --git a/public_html/bs-BA/opds-Fedora.xml b/public_html/bs-BA/opds-Fedora.xml
index 5aa001f..bbc0bca 100644
--- a/public_html/bs-BA/opds-Fedora.xml
+++ b/public_html/bs-BA/opds-Fedora.xml
@@ -6,7 +6,7 @@
<id>http://docs.fedoraproject.org/bs-BA/opds-Fedora.xml</id>
<title>Fedora</title>
<subtitle>Fedora</subtitle>
- <updated>2014-07-14T17:17:08</updated>
+ <updated>2014-07-21T13:54:24</updated>
<!--author>
<name></name>
<uri></uri>
diff --git a/public_html/bs-BA/opds-Fedora_Contributor_Documentation.xml b/public_html/bs-BA/opds-Fedora_Contributor_Documentation.xml
index 5f69e88..70d2fcd 100644
--- a/public_html/bs-BA/opds-Fedora_Contributor_Documentation.xml
+++ b/public_html/bs-BA/opds-Fedora_Contributor_Documentation.xml
@@ -6,7 +6,7 @@
<id>http://docs.fedoraproject.org/bs-BA/opds-Fedora_Contributor_Documentation.xml</id>
<title>Fedora Contributor Documentation</title>
<subtitle>Fedora Contributor Documentation</subtitle>
- <updated>2014-07-14T17:17:09</updated>
+ <updated>2014-07-21T13:54:24</updated>
<!--author>
<name></name>
<uri></uri>
diff --git a/public_html/bs-BA/opds-Fedora_Core.xml b/public_html/bs-BA/opds-Fedora_Core.xml
index e00dc65..239dc7b 100644
--- a/public_html/bs-BA/opds-Fedora_Core.xml
+++ b/public_html/bs-BA/opds-Fedora_Core.xml
@@ -6,7 +6,7 @@
<id>http://docs.fedoraproject.org/bs-BA/opds-Fedora_Core.xml</id>
<title>Fedora Core</title>
<subtitle>Fedora Core</subtitle>
- <updated>2014-07-14T17:17:09</updated>
+ <updated>2014-07-21T13:54:24</updated>
<!--author>
<name></name>
<uri></uri>
diff --git a/public_html/bs-BA/opds-Fedora_Documentation.xml b/public_html/bs-BA/opds-Fedora_Documentation.xml
index faf6259..40ffc22 100644
--- a/public_html/bs-BA/opds-Fedora_Documentation.xml
+++ b/public_html/bs-BA/opds-Fedora_Documentation.xml
@@ -6,7 +6,7 @@
<id>http://docs.fedoraproject.org/bs-BA/opds-Fedora_Documentation.xml</id>
<title>Fedora Documentation</title>
<subtitle>Fedora Documentation</subtitle>
- <updated>2014-07-14T17:17:09</updated>
+ <updated>2014-07-21T13:54:25</updated>
<!--author>
<name></name>
<uri></uri>
diff --git a/public_html/bs-BA/opds-Fedora_Draft_Documentation.xml b/public_html/bs-BA/opds-Fedora_Draft_Documentation.xml
index e75cc83..14af182 100644
--- a/public_html/bs-BA/opds-Fedora_Draft_Documentation.xml
+++ b/public_html/bs-BA/opds-Fedora_Draft_Documentation.xml
@@ -6,7 +6,7 @@
<id>http://docs.fedoraproject.org/bs-BA/opds-Fedora_Draft_Documentation.xml</id>
<title>Fedora Draft Documentation</title>
<subtitle>Fedora Draft Documentation</subtitle>
- <updated>2014-07-14T17:17:09</updated>
+ <updated>2014-07-21T13:54:25</updated>
<!--author>
<name></name>
<uri></uri>
diff --git a/public_html/bs-BA/opds-Fedora_Security_Team.xml b/public_html/bs-BA/opds-Fedora_Security_Team.xml
index 93a4c2b..42e764e 100644
--- a/public_html/bs-BA/opds-Fedora_Security_Team.xml
+++ b/public_html/bs-BA/opds-Fedora_Security_Team.xml
@@ -6,13 +6,31 @@
<id>http://docs.fedoraproject.org/bs-BA/opds-Fedora_Security_Team.xml</id>
<title>Fedora Security Team</title>
<subtitle>Fedora Security Team</subtitle>
- <updated>2014-07-14T17:17:09</updated>
+ <updated>2014-07-21T13:54:25</updated>
<!--author>
<name></name>
<uri></uri>
</author-->
<entry>
+ <title>Defensive Coding</title>
+ <id>http://docs.fedoraproject.org/en-US/Fedora_Security_Team/1/epub/Defensive_Coding/Fedora_Security_Team-1-Defensive_Coding-en-US.epub</id>
+ <!--author>
+ <name></name>
+ <uri></uri>
+ </author-->
+ <updated>2014-07-21</updated>
+ <dc:language>bs-BA</dc:language>
+ <category label="1" scheme="http://lexcycle.com/stanza/header" term="free"/>
+ <!--dc:issued></dc:issued-->
+ <summary>A Guide to Improving Software Security</summary>
+ <content type="text">This document provides guidelines for improving software security through secure coding. It covers common programming languages and libraries, and focuses on concrete recommendations.</content>
+ <link type="application/epub+zip" rel="http://opds-spec.org/acquisition" href="http://docs.fedoraproject.org/en-US/Fedora_Security_Team/1/epub/Defensive_Coding/Fedora_Security_Team-1-Defensive_Coding-en-US.epub">
+ <dc:format>application/epub+zip</dc:format>
+ </link>
+ <!--link type="application/atom+xml;type=entry" href="" rel="alternate" title="Full entry"/-->
+ </entry>
+ <entry>
<title>Secure Ruby Development Guide</title>
<id>http://docs.fedoraproject.org/en-US/Fedora_Security_Team/1/epub/Secure_Ruby_Development_Guide/Fedora_Security_Team-1-Secure_Ruby_Development_Guide-en-US.epub</id>
<!--author>
@@ -21,7 +39,7 @@
</author-->
<updated>2014-07-14</updated>
<dc:language>bs-BA</dc:language>
- <category label="1" scheme="http://lexcycle.com/stanza/header" term="free"/>
+ <category label="" scheme="http://lexcycle.com/stanza/header" term="free"/>
<!--dc:issued></dc:issued-->
<summary>Guide to secure software development in Ruby</summary>
<content type="text">This guide covers security aspects of software development in Ruby.</content>
diff --git a/public_html/bs-BA/opds.xml b/public_html/bs-BA/opds.xml
index 2c7ae1e..ad5064a 100644
--- a/public_html/bs-BA/opds.xml
+++ b/public_html/bs-BA/opds.xml
@@ -6,7 +6,7 @@
<link rel="http://opds-spec.org/crawlable" type="application/atom+xml" href="http://bookserver.archive.org/catalog/crawlable" title="Crawlable feed"/>
<id>http://docs.fedoraproject.org/bs-BA/opds.xml</id>
<title>Product List</title>
- <updated>2014-07-14T17:17:09</updated>
+ <updated>2014-07-21T13:54:25</updated>
<!--author>
<name></name>
<uri></uri>
@@ -15,7 +15,7 @@
<entry>
<title>Community Services Infrastructure</title>
<id>http://docs.fedoraproject.org/bs-BA/Community_Services_Infrastructure/opds-Community_Services_Infrastructure.xml</id>
- <updated>2014-07-14T17:17:08</updated>
+ <updated>2014-07-21T13:54:24</updated>
<dc:language>bs-BA</dc:language>
<content type="text"></content>
<link type="application/atom+xml" href="opds-Community_Services_Infrastructure.xml"/>
@@ -23,7 +23,7 @@
<entry>
<title>Fedora</title>
<id>http://docs.fedoraproject.org/bs-BA/Fedora/opds-Fedora.xml</id>
- <updated>2014-07-14T17:17:08</updated>
+ <updated>2014-07-21T13:54:24</updated>
<dc:language>bs-BA</dc:language>
<content type="text"></content>
<link type="application/atom+xml" href="opds-Fedora.xml"/>
@@ -31,7 +31,7 @@
<entry>
<title>Fedora Contributor Documentation</title>
<id>http://docs.fedoraproject.org/bs-BA/Fedora_Contributor_Documentation/opds-Fedora_Contributor_Documentation.xml</id>
- <updated>2014-07-14T17:17:09</updated>
+ <updated>2014-07-21T13:54:24</updated>
<dc:language>bs-BA</dc:language>
<content type="text"></content>
<link type="application/atom+xml" href="opds-Fedora_Contributor_Documentation.xml"/>
@@ -39,7 +39,7 @@
<entry>
<title>Fedora Core</title>
<id>http://docs.fedoraproject.org/bs-BA/Fedora_Core/opds-Fedora_Core.xml</id>
- <updated>2014-07-14T17:17:09</updated>
+ <updated>2014-07-21T13:54:24</updated>
<dc:language>bs-BA</dc:language>
<content type="text"></content>
<link type="application/atom+xml" href="opds-Fedora_Core.xml"/>
@@ -47,7 +47,7 @@
<entry>
<title>Fedora Documentation</title>
<id>http://docs.fedoraproject.org/bs-BA/Fedora_Documentation/opds-Fedora_Documentation.xml</id>
- <updated>2014-07-14T17:17:09</updated>
+ <updated>2014-07-21T13:54:25</updated>
<dc:language>bs-BA</dc:language>
<content type="text"></content>
<link type="application/atom+xml" href="opds-Fedora_Documentation.xml"/>
@@ -55,7 +55,7 @@
<entry>
<title>Fedora Draft Documentation</title>
<id>http://docs.fedoraproject.org/bs-BA/Fedora_Draft_Documentation/opds-Fedora_Draft_Documentation.xml</id>
- <updated>2014-07-14T17:17:09</updated>
+ <updated>2014-07-21T13:54:25</updated>
<dc:language>bs-BA</dc:language>
<content type="text"></content>
<link type="application/atom+xml" href="opds-Fedora_Draft_Documentation.xml"/>
@@ -63,7 +63,7 @@
<entry>
<title>Fedora Security Team</title>
<id>http://docs.fedoraproject.org/bs-BA/Fedora_Security_Team/opds-Fedora_Security_Team.xml</id>
- <updated>2014-07-14T17:17:09</updated>
+ <updated>2014-07-21T13:54:25</updated>
<dc:language>bs-BA</dc:language>
<content type="text"></content>
<link type="application/atom+xml" href="opds-Fedora_Security_Team.xml"/>
diff --git a/public_html/bs-BA/toc.html b/public_html/bs-BA/toc.html
index d58bff1..d195d4f 100644
--- a/public_html/bs-BA/toc.html
+++ b/public_html/bs-BA/toc.html
@@ -1800,12 +1800,19 @@
<div class="product collapsed" onclick="toggle(event, 'Fedora_Security_Team');work=1;">
<span class="product">Fedora Security Team</span>
<div id='Fedora_Security_Team' class="versions hidden">
- <div id='Fedora_Security_Team.1' class="version collapsed" onclick="toggle(event, 'Fedora_Security_Team.1.books');">
- <span class="version">1</span>
- <div id='Fedora_Security_Team.1.books' class="books hidden">
+ <div id='Fedora_Security_Team.1' class="version collapsed" onclick="toggle(event, 'Fedora_Security_Team.1.books');"> <div id='Fedora_Security_Team.1.books' class="books">
<div id='Fedora_Security_Team.1' class="version collapsed untranslated" onclick="toggle(event, 'Fedora_Security_Team.1.untrans_books');">
<span class="version">Untranslated</span>
<div id='Fedora_Security_Team.1.untrans_books' class="books hidden">
+ <div id='Fedora_Security_Team.1.Defensive_Coding' class="book collapsed" onclick="toggle(event, 'Fedora_Security_Team.1.Defensive_Coding.types');">
+ <a class="type" href="../en-US/Fedora_Security_Team/1/html/Defensive_Coding/index.html" onclick="window.top.location='../en-US/Fedora_Security_Team/1/html/Defensive_Coding/index.html'"><span class="book">Defensive Coding</span></a>
+ <div id='Fedora_Security_Team.1.Defensive_Coding.types' class="types hidden" onclick="work=0;">
+ <a class="type" href="../en-US/./Fedora_Security_Team/1/epub/Defensive_Coding/Fedora_Security_Team-1-Defensive_Coding-en-US.epub" >epub</a>
+ <a class="type" href="../en-US/./Fedora_Security_Team/1/html/Defensive_Coding/index.html" onclick="window.top.location='../en-US/./Fedora_Security_Team/1/html/Defensive_Coding/index.html';return false;">html</a>
+ <a class="type" href="../en-US/./Fedora_Security_Team/1/html-single/Defensive_Coding/index.html" onclick="window.top.location='../en-US/./Fedora_Security_Team/1/html-single/Defensive_Coding/index.html';return false;">html-single</a>
+ <a class="type" href="../en-US/./Fedora_Security_Team/1/pdf/Defensive_Coding/Fedora_Security_Team-1-Defensive_Coding-en-US.pdf" onclick="window.top.location='../en-US/./Fedora_Security_Team/1/pdf/Defensive_Coding/Fedora_Security_Team-1-Defensive_Coding-en-US.pdf';return false;">pdf</a>
+ </div>
+ </div>
<div id='Fedora_Security_Team.1.Secure_Ruby_Development_Guide' class="book collapsed" onclick="toggle(event, 'Fedora_Security_Team.1.Secure_Ruby_Development_Guide.types');">
<a class="type" href="../en-US/Fedora_Security_Team/1/html/Secure_Ruby_Development_Guide/index.html" onclick="window.top.location='../en-US/Fedora_Security_Team/1/html/Secure_Ruby_Development_Guide/index.html'"><span class="book">Secure Ruby Development Guide</span></a>
<div id='Fedora_Security_Team.1.Secure_Ruby_Development_Guide.types' class="types hidden" onclick="work=0;">
diff --git a/public_html/ca-ES/Site_Statistics.html b/public_html/ca-ES/Site_Statistics.html
index 02caf19..bbbf9bd 100644
--- a/public_html/ca-ES/Site_Statistics.html
+++ b/public_html/ca-ES/Site_Statistics.html
@@ -28,7 +28,7 @@
<td>7</td>
<td>45</td>
<td>22</td>
- <td>166</td>
+ <td>167</td>
</tr>
<tr>
@@ -430,7 +430,7 @@
</table>
<div class="totals">
<b>Total Languages: </b>45<br />
- <b>Total Packages: </b>906
+ <b>Total Packages: </b>907
</div>
</body>
</html>
diff --git a/public_html/ca-ES/opds-Community_Services_Infrastructure.xml b/public_html/ca-ES/opds-Community_Services_Infrastructure.xml
index 3950324..78a6cb7 100644
--- a/public_html/ca-ES/opds-Community_Services_Infrastructure.xml
+++ b/public_html/ca-ES/opds-Community_Services_Infrastructure.xml
@@ -6,7 +6,7 @@
<id>http://docs.fedoraproject.org/ca-ES/opds-Community_Services_Infrastructure.xml</id>
<title>Community Services Infrastructure</title>
<subtitle>Community Services Infrastructure</subtitle>
- <updated>2014-07-14T17:17:09</updated>
+ <updated>2014-07-21T13:54:25</updated>
<!--author>
<name></name>
<uri></uri>
diff --git a/public_html/ca-ES/opds-Fedora.xml b/public_html/ca-ES/opds-Fedora.xml
index d243e2f..65f75fa 100644
--- a/public_html/ca-ES/opds-Fedora.xml
+++ b/public_html/ca-ES/opds-Fedora.xml
@@ -6,7 +6,7 @@
<id>http://docs.fedoraproject.org/ca-ES/opds-Fedora.xml</id>
<title>Fedora</title>
<subtitle>Fedora</subtitle>
- <updated>2014-07-14T17:17:09</updated>
+ <updated>2014-07-21T13:54:25</updated>
<!--author>
<name></name>
<uri></uri>
diff --git a/public_html/ca-ES/opds-Fedora_Contributor_Documentation.xml b/public_html/ca-ES/opds-Fedora_Contributor_Documentation.xml
index 40064bc..c516791 100644
--- a/public_html/ca-ES/opds-Fedora_Contributor_Documentation.xml
+++ b/public_html/ca-ES/opds-Fedora_Contributor_Documentation.xml
@@ -6,7 +6,7 @@
<id>http://docs.fedoraproject.org/ca-ES/opds-Fedora_Contributor_Documentation.xml</id>
<title>Fedora Contributor Documentation</title>
<subtitle>Fedora Contributor Documentation</subtitle>
- <updated>2014-07-14T17:17:09</updated>
+ <updated>2014-07-21T13:54:25</updated>
<!--author>
<name></name>
<uri></uri>
diff --git a/public_html/ca-ES/opds-Fedora_Core.xml b/public_html/ca-ES/opds-Fedora_Core.xml
index 701d11a..27efcee 100644
--- a/public_html/ca-ES/opds-Fedora_Core.xml
+++ b/public_html/ca-ES/opds-Fedora_Core.xml
@@ -6,7 +6,7 @@
<id>http://docs.fedoraproject.org/ca-ES/opds-Fedora_Core.xml</id>
<title>Fedora Core</title>
<subtitle>Fedora Core</subtitle>
- <updated>2014-07-14T17:17:09</updated>
+ <updated>2014-07-21T13:54:25</updated>
<!--author>
<name></name>
<uri></uri>
diff --git a/public_html/ca-ES/opds-Fedora_Documentation.xml b/public_html/ca-ES/opds-Fedora_Documentation.xml
index 25def12..e5a1e63 100644
--- a/public_html/ca-ES/opds-Fedora_Documentation.xml
+++ b/public_html/ca-ES/opds-Fedora_Documentation.xml
@@ -6,7 +6,7 @@
<id>http://docs.fedoraproject.org/ca-ES/opds-Fedora_Documentation.xml</id>
<title>Fedora Documentation</title>
<subtitle>Fedora Documentation</subtitle>
- <updated>2014-07-14T17:17:09</updated>
+ <updated>2014-07-21T13:54:25</updated>
<!--author>
<name></name>
<uri></uri>
diff --git a/public_html/ca-ES/opds-Fedora_Draft_Documentation.xml b/public_html/ca-ES/opds-Fedora_Draft_Documentation.xml
index d28e3e3..26d4b49 100644
--- a/public_html/ca-ES/opds-Fedora_Draft_Documentation.xml
+++ b/public_html/ca-ES/opds-Fedora_Draft_Documentation.xml
@@ -6,7 +6,7 @@
<id>http://docs.fedoraproject.org/ca-ES/opds-Fedora_Draft_Documentation.xml</id>
<title>Fedora Draft Documentation</title>
<subtitle>Fedora Draft Documentation</subtitle>
- <updated>2014-07-14T17:17:09</updated>
+ <updated>2014-07-21T13:54:25</updated>
<!--author>
<name></name>
<uri></uri>
diff --git a/public_html/ca-ES/opds-Fedora_Security_Team.xml b/public_html/ca-ES/opds-Fedora_Security_Team.xml
index 8952b86..ae7fa3e 100644
--- a/public_html/ca-ES/opds-Fedora_Security_Team.xml
+++ b/public_html/ca-ES/opds-Fedora_Security_Team.xml
@@ -6,13 +6,31 @@
<id>http://docs.fedoraproject.org/ca-ES/opds-Fedora_Security_Team.xml</id>
<title>Fedora Security Team</title>
<subtitle>Fedora Security Team</subtitle>
- <updated>2014-07-14T17:17:09</updated>
+ <updated>2014-07-21T13:54:25</updated>
<!--author>
<name></name>
<uri></uri>
</author-->
<entry>
+ <title>Defensive Coding</title>
+ <id>http://docs.fedoraproject.org/en-US/Fedora_Security_Team/1/epub/Defensive_Coding/Fedora_Security_Team-1-Defensive_Coding-en-US.epub</id>
+ <!--author>
+ <name></name>
+ <uri></uri>
+ </author-->
+ <updated>2014-07-21</updated>
+ <dc:language>ca-ES</dc:language>
+ <category label="1" scheme="http://lexcycle.com/stanza/header" term="free"/>
+ <!--dc:issued></dc:issued-->
+ <summary>A Guide to Improving Software Security</summary>
+ <content type="text">This document provides guidelines for improving software security through secure coding. It covers common programming languages and libraries, and focuses on concrete recommendations.</content>
+ <link type="application/epub+zip" rel="http://opds-spec.org/acquisition" href="http://docs.fedoraproject.org/en-US/Fedora_Security_Team/1/epub/Defensive_Coding/Fedora_Security_Team-1-Defensive_Coding-en-US.epub">
+ <dc:format>application/epub+zip</dc:format>
+ </link>
+ <!--link type="application/atom+xml;type=entry" href="" rel="alternate" title="Full entry"/-->
+ </entry>
+ <entry>
<title>Secure Ruby Development Guide</title>
<id>http://docs.fedoraproject.org/en-US/Fedora_Security_Team/1/epub/Secure_Ruby_Development_Guide/Fedora_Security_Team-1-Secure_Ruby_Development_Guide-en-US.epub</id>
<!--author>
@@ -21,7 +39,7 @@
</author-->
<updated>2014-07-14</updated>
<dc:language>ca-ES</dc:language>
- <category label="1" scheme="http://lexcycle.com/stanza/header" term="free"/>
+ <category label="" scheme="http://lexcycle.com/stanza/header" term="free"/>
<!--dc:issued></dc:issued-->
<summary>Guide to secure software development in Ruby</summary>
<content type="text">This guide covers security aspects of software development in Ruby.</content>
diff --git a/public_html/ca-ES/opds.xml b/public_html/ca-ES/opds.xml
index ea21f4e..f9c1dff 100644
--- a/public_html/ca-ES/opds.xml
+++ b/public_html/ca-ES/opds.xml
@@ -6,7 +6,7 @@
<link rel="http://opds-spec.org/crawlable" type="application/atom+xml" href="http://bookserver.archive.org/catalog/crawlable" title="Crawlable feed"/>
<id>http://docs.fedoraproject.org/ca-ES/opds.xml</id>
<title>Product List</title>
- <updated>2014-07-14T17:17:09</updated>
+ <updated>2014-07-21T13:54:25</updated>
<!--author>
<name></name>
<uri></uri>
@@ -15,7 +15,7 @@
<entry>
<title>Community Services Infrastructure</title>
<id>http://docs.fedoraproject.org/ca-ES/Community_Services_Infrastructure/opds-Community_Services_Infrastructure.xml</id>
- <updated>2014-07-14T17:17:09</updated>
+ <updated>2014-07-21T13:54:25</updated>
<dc:language>ca-ES</dc:language>
<content type="text"></content>
<link type="application/atom+xml" href="opds-Community_Services_Infrastructure.xml"/>
@@ -23,7 +23,7 @@
<entry>
<title>Fedora</title>
<id>http://docs.fedoraproject.org/ca-ES/Fedora/opds-Fedora.xml</id>
- <updated>2014-07-14T17:17:09</updated>
+ <updated>2014-07-21T13:54:25</updated>
<dc:language>ca-ES</dc:language>
<content type="text"></content>
<link type="application/atom+xml" href="opds-Fedora.xml"/>
@@ -31,7 +31,7 @@
<entry>
<title>Fedora Contributor Documentation</title>
<id>http://docs.fedoraproject.org/ca-ES/Fedora_Contributor_Documentation/opds-Fedora_Contributor_Documentation.xml</id>
- <updated>2014-07-14T17:17:09</updated>
+ <updated>2014-07-21T13:54:25</updated>
<dc:language>ca-ES</dc:language>
<content type="text"></content>
<link type="application/atom+xml" href="opds-Fedora_Contributor_Documentation.xml"/>
@@ -39,7 +39,7 @@
<entry>
<title>Fedora Core</title>
<id>http://docs.fedoraproject.org/ca-ES/Fedora_Core/opds-Fedora_Core.xml</id>
- <updated>2014-07-14T17:17:09</updated>
+ <updated>2014-07-21T13:54:25</updated>
<dc:language>ca-ES</dc:language>
<content type="text"></content>
<link type="application/atom+xml" href="opds-Fedora_Core.xml"/>
@@ -47,7 +47,7 @@
<entry>
<title>Fedora Documentation</title>
<id>http://docs.fedoraproject.org/ca-ES/Fedora_Documentation/opds-Fedora_Documentation.xml</id>
- <updated>2014-07-14T17:17:09</updated>
+ <updated>2014-07-21T13:54:25</updated>
<dc:language>ca-ES</dc:language>
<content type="text"></content>
<link type="application/atom+xml" href="opds-Fedora_Documentation.xml"/>
@@ -55,7 +55,7 @@
<entry>
<title>Fedora Draft Documentation</title>
<id>http://docs.fedoraproject.org/ca-ES/Fedora_Draft_Documentation/opds-Fedora_Draft_Documentation.xml</id>
- <updated>2014-07-14T17:17:09</updated>
+ <updated>2014-07-21T13:54:25</updated>
<dc:language>ca-ES</dc:language>
<content type="text"></content>
<link type="application/atom+xml" href="opds-Fedora_Draft_Documentation.xml"/>
@@ -63,7 +63,7 @@
<entry>
<title>Fedora Security Team</title>
<id>http://docs.fedoraproject.org/ca-ES/Fedora_Security_Team/opds-Fedora_Security_Team.xml</id>
- <updated>2014-07-14T17:17:09</updated>
+ <updated>2014-07-21T13:54:25</updated>
<dc:language>ca-ES</dc:language>
<content type="text"></content>
<link type="application/atom+xml" href="opds-Fedora_Security_Team.xml"/>
diff --git a/public_html/ca-ES/toc.html b/public_html/ca-ES/toc.html
index cc66130..9c61144 100644
--- a/public_html/ca-ES/toc.html
+++ b/public_html/ca-ES/toc.html
@@ -1800,12 +1800,19 @@
<div class="product collapsed" onclick="toggle(event, 'Fedora_Security_Team');work=1;">
<span class="product">Fedora Security Team</span>
<div id='Fedora_Security_Team' class="versions hidden">
- <div id='Fedora_Security_Team.1' class="version collapsed" onclick="toggle(event, 'Fedora_Security_Team.1.books');">
- <span class="version">1</span>
- <div id='Fedora_Security_Team.1.books' class="books hidden">
+ <div id='Fedora_Security_Team.1' class="version collapsed" onclick="toggle(event, 'Fedora_Security_Team.1.books');"> <div id='Fedora_Security_Team.1.books' class="books">
<div id='Fedora_Security_Team.1' class="version collapsed untranslated" onclick="toggle(event, 'Fedora_Security_Team.1.untrans_books');">
<span class="version">Untranslated</span>
<div id='Fedora_Security_Team.1.untrans_books' class="books hidden">
+ <div id='Fedora_Security_Team.1.Defensive_Coding' class="book collapsed" onclick="toggle(event, 'Fedora_Security_Team.1.Defensive_Coding.types');">
+ <a class="type" href="../en-US/Fedora_Security_Team/1/html/Defensive_Coding/index.html" onclick="window.top.location='../en-US/Fedora_Security_Team/1/html/Defensive_Coding/index.html'"><span class="book">Defensive Coding</span></a>
+ <div id='Fedora_Security_Team.1.Defensive_Coding.types' class="types hidden" onclick="work=0;">
+ <a class="type" href="../en-US/./Fedora_Security_Team/1/epub/Defensive_Coding/Fedora_Security_Team-1-Defensive_Coding-en-US.epub" >epub</a>
+ <a class="type" href="../en-US/./Fedora_Security_Team/1/html/Defensive_Coding/index.html" onclick="window.top.location='../en-US/./Fedora_Security_Team/1/html/Defensive_Coding/index.html';return false;">html</a>
+ <a class="type" href="../en-US/./Fedora_Security_Team/1/html-single/Defensive_Coding/index.html" onclick="window.top.location='../en-US/./Fedora_Security_Team/1/html-single/Defensive_Coding/index.html';return false;">html-single</a>
+ <a class="type" href="../en-US/./Fedora_Security_Team/1/pdf/Defensive_Coding/Fedora_Security_Team-1-Defensive_Coding-en-US.pdf" onclick="window.top.location='../en-US/./Fedora_Security_Team/1/pdf/Defensive_Coding/Fedora_Security_Team-1-Defensive_Coding-en-US.pdf';return false;">pdf</a>
+ </div>
+ </div>
<div id='Fedora_Security_Team.1.Secure_Ruby_Development_Guide' class="book collapsed" onclick="toggle(event, 'Fedora_Security_Team.1.Secure_Ruby_Development_Guide.types');">
<a class="type" href="../en-US/Fedora_Security_Team/1/html/Secure_Ruby_Development_Guide/index.html" onclick="window.top.location='../en-US/Fedora_Security_Team/1/html/Secure_Ruby_Development_Guide/index.html'"><span class="book">Secure Ruby Development Guide</span></a>
<div id='Fedora_Security_Team.1.Secure_Ruby_Development_Guide.types' class="types hidden" onclick="work=0;">
diff --git a/public_html/cs-CZ/Site_Statistics.html b/public_html/cs-CZ/Site_Statistics.html
index 02caf19..bbbf9bd 100644
--- a/public_html/cs-CZ/Site_Statistics.html
+++ b/public_html/cs-CZ/Site_Statistics.html
@@ -28,7 +28,7 @@
<td>7</td>
<td>45</td>
<td>22</td>
- <td>166</td>
+ <td>167</td>
</tr>
<tr>
@@ -430,7 +430,7 @@
</table>
<div class="totals">
<b>Total Languages: </b>45<br />
- <b>Total Packages: </b>906
+ <b>Total Packages: </b>907
</div>
</body>
</html>
diff --git a/public_html/cs-CZ/opds-Community_Services_Infrastructure.xml b/public_html/cs-CZ/opds-Community_Services_Infrastructure.xml
index 229962f..b4f10c0 100644
--- a/public_html/cs-CZ/opds-Community_Services_Infrastructure.xml
+++ b/public_html/cs-CZ/opds-Community_Services_Infrastructure.xml
@@ -6,7 +6,7 @@
<id>http://docs.fedoraproject.org/cs-CZ/opds-Community_Services_Infrastructure.xml</id>
<title>Community Services Infrastructure</title>
<subtitle>Community Services Infrastructure</subtitle>
- <updated>2014-07-14T17:17:09</updated>
+ <updated>2014-07-21T13:54:25</updated>
<!--author>
<name></name>
<uri></uri>
diff --git a/public_html/cs-CZ/opds-Fedora.xml b/public_html/cs-CZ/opds-Fedora.xml
index 2e06cef..586b33e 100644
--- a/public_html/cs-CZ/opds-Fedora.xml
+++ b/public_html/cs-CZ/opds-Fedora.xml
@@ -6,7 +6,7 @@
<id>http://docs.fedoraproject.org/cs-CZ/opds-Fedora.xml</id>
<title>Fedora</title>
<subtitle>Fedora</subtitle>
- <updated>2014-07-14T17:17:09</updated>
+ <updated>2014-07-21T13:54:25</updated>
<!--author>
<name></name>
<uri></uri>
diff --git a/public_html/cs-CZ/opds-Fedora_Contributor_Documentation.xml b/public_html/cs-CZ/opds-Fedora_Contributor_Documentation.xml
index 89239cf..918ce70 100644
--- a/public_html/cs-CZ/opds-Fedora_Contributor_Documentation.xml
+++ b/public_html/cs-CZ/opds-Fedora_Contributor_Documentation.xml
@@ -6,7 +6,7 @@
<id>http://docs.fedoraproject.org/cs-CZ/opds-Fedora_Contributor_Documentation.xml</id>
<title>Fedora Contributor Documentation</title>
<subtitle>Fedora Contributor Documentation</subtitle>
- <updated>2014-07-14T17:17:09</updated>
+ <updated>2014-07-21T13:54:25</updated>
<!--author>
<name></name>
<uri></uri>
diff --git a/public_html/cs-CZ/opds-Fedora_Core.xml b/public_html/cs-CZ/opds-Fedora_Core.xml
index c72b3a3..846c3ad 100644
--- a/public_html/cs-CZ/opds-Fedora_Core.xml
+++ b/public_html/cs-CZ/opds-Fedora_Core.xml
@@ -6,7 +6,7 @@
<id>http://docs.fedoraproject.org/cs-CZ/opds-Fedora_Core.xml</id>
<title>Fedora Core</title>
<subtitle>Fedora Core</subtitle>
- <updated>2014-07-14T17:17:09</updated>
+ <updated>2014-07-21T13:54:25</updated>
<!--author>
<name></name>
<uri></uri>
diff --git a/public_html/cs-CZ/opds-Fedora_Documentation.xml b/public_html/cs-CZ/opds-Fedora_Documentation.xml
index f98ad3b..93d043a 100644
--- a/public_html/cs-CZ/opds-Fedora_Documentation.xml
+++ b/public_html/cs-CZ/opds-Fedora_Documentation.xml
@@ -6,7 +6,7 @@
<id>http://docs.fedoraproject.org/cs-CZ/opds-Fedora_Documentation.xml</id>
<title>Fedora Documentation</title>
<subtitle>Fedora Documentation</subtitle>
- <updated>2014-07-14T17:17:09</updated>
+ <updated>2014-07-21T13:54:25</updated>
<!--author>
<name></name>
<uri></uri>
diff --git a/public_html/cs-CZ/opds-Fedora_Draft_Documentation.xml b/public_html/cs-CZ/opds-Fedora_Draft_Documentation.xml
index fdac3bc..9df4c55 100644
--- a/public_html/cs-CZ/opds-Fedora_Draft_Documentation.xml
+++ b/public_html/cs-CZ/opds-Fedora_Draft_Documentation.xml
@@ -6,7 +6,7 @@
<id>http://docs.fedoraproject.org/cs-CZ/opds-Fedora_Draft_Documentation.xml</id>
<title>Fedora Draft Documentation</title>
<subtitle>Fedora Draft Documentation</subtitle>
- <updated>2014-07-14T17:17:09</updated>
+ <updated>2014-07-21T13:54:25</updated>
<!--author>
<name></name>
<uri></uri>
diff --git a/public_html/cs-CZ/opds-Fedora_Security_Team.xml b/public_html/cs-CZ/opds-Fedora_Security_Team.xml
index 19578ff..d2054aa 100644
--- a/public_html/cs-CZ/opds-Fedora_Security_Team.xml
+++ b/public_html/cs-CZ/opds-Fedora_Security_Team.xml
@@ -6,13 +6,31 @@
<id>http://docs.fedoraproject.org/cs-CZ/opds-Fedora_Security_Team.xml</id>
<title>Fedora Security Team</title>
<subtitle>Fedora Security Team</subtitle>
- <updated>2014-07-14T17:17:09</updated>
+ <updated>2014-07-21T13:54:25</updated>
<!--author>
<name></name>
<uri></uri>
</author-->
<entry>
+ <title>Defensive Coding</title>
+ <id>http://docs.fedoraproject.org/en-US/Fedora_Security_Team/1/epub/Defensive_Coding/Fedora_Security_Team-1-Defensive_Coding-en-US.epub</id>
+ <!--author>
+ <name></name>
+ <uri></uri>
+ </author-->
+ <updated>2014-07-21</updated>
+ <dc:language>cs-CZ</dc:language>
+ <category label="1" scheme="http://lexcycle.com/stanza/header" term="free"/>
+ <!--dc:issued></dc:issued-->
+ <summary>A Guide to Improving Software Security</summary>
+ <content type="text">This document provides guidelines for improving software security through secure coding. It covers common programming languages and libraries, and focuses on concrete recommendations.</content>
+ <link type="application/epub+zip" rel="http://opds-spec.org/acquisition" href="http://docs.fedoraproject.org/en-US/Fedora_Security_Team/1/epub/Defensive_Coding/Fedora_Security_Team-1-Defensive_Coding-en-US.epub">
+ <dc:format>application/epub+zip</dc:format>
+ </link>
+ <!--link type="application/atom+xml;type=entry" href="" rel="alternate" title="Full entry"/-->
+ </entry>
+ <entry>
<title>Secure Ruby Development Guide</title>
<id>http://docs.fedoraproject.org/en-US/Fedora_Security_Team/1/epub/Secure_Ruby_Development_Guide/Fedora_Security_Team-1-Secure_Ruby_Development_Guide-en-US.epub</id>
<!--author>
@@ -21,7 +39,7 @@
</author-->
<updated>2014-07-14</updated>
<dc:language>cs-CZ</dc:language>
- <category label="1" scheme="http://lexcycle.com/stanza/header" term="free"/>
+ <category label="" scheme="http://lexcycle.com/stanza/header" term="free"/>
<!--dc:issued></dc:issued-->
<summary>Guide to secure software development in Ruby</summary>
<content type="text">This guide covers security aspects of software development in Ruby.</content>
diff --git a/public_html/cs-CZ/opds.xml b/public_html/cs-CZ/opds.xml
index 4ac6a8b..9df5066 100644
--- a/public_html/cs-CZ/opds.xml
+++ b/public_html/cs-CZ/opds.xml
@@ -6,7 +6,7 @@
<link rel="http://opds-spec.org/crawlable" type="application/atom+xml" href="http://bookserver.archive.org/catalog/crawlable" title="Crawlable feed"/>
<id>http://docs.fedoraproject.org/cs-CZ/opds.xml</id>
<title>Product List</title>
- <updated>2014-07-14T17:17:09</updated>
+ <updated>2014-07-21T13:54:25</updated>
<!--author>
<name></name>
<uri></uri>
@@ -15,7 +15,7 @@
<entry>
<title>Community Services Infrastructure</title>
<id>http://docs.fedoraproject.org/cs-CZ/Community_Services_Infrastructure/opds-Community_Services_Infrastructure.xml</id>
- <updated>2014-07-14T17:17:09</updated>
+ <updated>2014-07-21T13:54:25</updated>
<dc:language>cs-CZ</dc:language>
<content type="text"></content>
<link type="application/atom+xml" href="opds-Community_Services_Infrastructure.xml"/>
@@ -23,7 +23,7 @@
<entry>
<title>Fedora</title>
<id>http://docs.fedoraproject.org/cs-CZ/Fedora/opds-Fedora.xml</id>
- <updated>2014-07-14T17:17:09</updated>
+ <updated>2014-07-21T13:54:25</updated>
<dc:language>cs-CZ</dc:language>
<content type="text"></content>
<link type="application/atom+xml" href="opds-Fedora.xml"/>
@@ -31,7 +31,7 @@
<entry>
<title>Fedora Contributor Documentation</title>
<id>http://docs.fedoraproject.org/cs-CZ/Fedora_Contributor_Documentation/opds-Fedora_Contributor_Documentation.xml</id>
- <updated>2014-07-14T17:17:09</updated>
+ <updated>2014-07-21T13:54:25</updated>
<dc:language>cs-CZ</dc:language>
<content type="text"></content>
<link type="application/atom+xml" href="opds-Fedora_Contributor_Documentation.xml"/>
@@ -39,7 +39,7 @@
<entry>
<title>Fedora Core</title>
<id>http://docs.fedoraproject.org/cs-CZ/Fedora_Core/opds-Fedora_Core.xml</id>
- <updated>2014-07-14T17:17:09</updated>
+ <updated>2014-07-21T13:54:25</updated>
<dc:language>cs-CZ</dc:language>
<content type="text"></content>
<link type="application/atom+xml" href="opds-Fedora_Core.xml"/>
@@ -47,7 +47,7 @@
<entry>
<title>Fedora Documentation</title>
<id>http://docs.fedoraproject.org/cs-CZ/Fedora_Documentation/opds-Fedora_Documentation.xml</id>
- <updated>2014-07-14T17:17:09</updated>
+ <updated>2014-07-21T13:54:25</updated>
<dc:language>cs-CZ</dc:language>
<content type="text"></content>
<link type="application/atom+xml" href="opds-Fedora_Documentation.xml"/>
@@ -55,7 +55,7 @@
<entry>
<title>Fedora Draft Documentation</title>
<id>http://docs.fedoraproject.org/cs-CZ/Fedora_Draft_Documentation/opds-Fedora_Draft_Documentation.xml</id>
- <updated>2014-07-14T17:17:09</updated>
+ <updated>2014-07-21T13:54:25</updated>
<dc:language>cs-CZ</dc:language>
<content type="text"></content>
<link type="application/atom+xml" href="opds-Fedora_Draft_Documentation.xml"/>
@@ -63,7 +63,7 @@
<entry>
<title>Fedora Security Team</title>
<id>http://docs.fedoraproject.org/cs-CZ/Fedora_Security_Team/opds-Fedora_Security_Team.xml</id>
- <updated>2014-07-14T17:17:09</updated>
+ <updated>2014-07-21T13:54:25</updated>
<dc:language>cs-CZ</dc:language>
<content type="text"></content>
<link type="application/atom+xml" href="opds-Fedora_Security_Team.xml"/>
diff --git a/public_html/cs-CZ/toc.html b/public_html/cs-CZ/toc.html
index 9cc7c5d..b37552e 100644
--- a/public_html/cs-CZ/toc.html
+++ b/public_html/cs-CZ/toc.html
@@ -1800,12 +1800,19 @@
<div class="product collapsed" onclick="toggle(event, 'Fedora_Security_Team');work=1;">
<span class="product">Fedora Security Team</span>
<div id='Fedora_Security_Team' class="versions hidden">
- <div id='Fedora_Security_Team.1' class="version collapsed" onclick="toggle(event, 'Fedora_Security_Team.1.books');">
- <span class="version">1</span>
- <div id='Fedora_Security_Team.1.books' class="books hidden">
+ <div id='Fedora_Security_Team.1' class="version collapsed" onclick="toggle(event, 'Fedora_Security_Team.1.books');"> <div id='Fedora_Security_Team.1.books' class="books">
<div id='Fedora_Security_Team.1' class="version collapsed untranslated" onclick="toggle(event, 'Fedora_Security_Team.1.untrans_books');">
<span class="version">Untranslated</span>
<div id='Fedora_Security_Team.1.untrans_books' class="books hidden">
+ <div id='Fedora_Security_Team.1.Defensive_Coding' class="book collapsed" onclick="toggle(event, 'Fedora_Security_Team.1.Defensive_Coding.types');">
+ <a class="type" href="../en-US/Fedora_Security_Team/1/html/Defensive_Coding/index.html" onclick="window.top.location='../en-US/Fedora_Security_Team/1/html/Defensive_Coding/index.html'"><span class="book">Defensive Coding</span></a>
+ <div id='Fedora_Security_Team.1.Defensive_Coding.types' class="types hidden" onclick="work=0;">
+ <a class="type" href="../en-US/./Fedora_Security_Team/1/epub/Defensive_Coding/Fedora_Security_Team-1-Defensive_Coding-en-US.epub" >epub</a>
+ <a class="type" href="../en-US/./Fedora_Security_Team/1/html/Defensive_Coding/index.html" onclick="window.top.location='../en-US/./Fedora_Security_Team/1/html/Defensive_Coding/index.html';return false;">html</a>
+ <a class="type" href="../en-US/./Fedora_Security_Team/1/html-single/Defensive_Coding/index.html" onclick="window.top.location='../en-US/./Fedora_Security_Team/1/html-single/Defensive_Coding/index.html';return false;">html-single</a>
+ <a class="type" href="../en-US/./Fedora_Security_Team/1/pdf/Defensive_Coding/Fedora_Security_Team-1-Defensive_Coding-en-US.pdf" onclick="window.top.location='../en-US/./Fedora_Security_Team/1/pdf/Defensive_Coding/Fedora_Security_Team-1-Defensive_Coding-en-US.pdf';return false;">pdf</a>
+ </div>
+ </div>
<div id='Fedora_Security_Team.1.Secure_Ruby_Development_Guide' class="book collapsed" onclick="toggle(event, 'Fedora_Security_Team.1.Secure_Ruby_Development_Guide.types');">
<a class="type" href="../en-US/Fedora_Security_Team/1/html/Secure_Ruby_Development_Guide/index.html" onclick="window.top.location='../en-US/Fedora_Security_Team/1/html/Secure_Ruby_Development_Guide/index.html'"><span class="book">Secure Ruby Development Guide</span></a>
<div id='Fedora_Security_Team.1.Secure_Ruby_Development_Guide.types' class="types hidden" onclick="work=0;">
diff --git a/public_html/da-DK/Site_Statistics.html b/public_html/da-DK/Site_Statistics.html
index 02caf19..bbbf9bd 100644
--- a/public_html/da-DK/Site_Statistics.html
+++ b/public_html/da-DK/Site_Statistics.html
@@ -28,7 +28,7 @@
<td>7</td>
<td>45</td>
<td>22</td>
- <td>166</td>
+ <td>167</td>
</tr>
<tr>
@@ -430,7 +430,7 @@
</table>
<div class="totals">
<b>Total Languages: </b>45<br />
- <b>Total Packages: </b>906
+ <b>Total Packages: </b>907
</div>
</body>
</html>
diff --git a/public_html/da-DK/opds-Community_Services_Infrastructure.xml b/public_html/da-DK/opds-Community_Services_Infrastructure.xml
index 71def35..9abbfae 100644
--- a/public_html/da-DK/opds-Community_Services_Infrastructure.xml
+++ b/public_html/da-DK/opds-Community_Services_Infrastructure.xml
@@ -6,7 +6,7 @@
<id>http://docs.fedoraproject.org/da-DK/opds-Community_Services_Infrastructure.xml</id>
<title>Community Services Infrastructure</title>
<subtitle>Community Services Infrastructure</subtitle>
- <updated>2014-07-14T17:17:09</updated>
+ <updated>2014-07-21T13:54:25</updated>
<!--author>
<name></name>
<uri></uri>
diff --git a/public_html/da-DK/opds-Fedora.xml b/public_html/da-DK/opds-Fedora.xml
index 1a1e87b..ef8be41 100644
--- a/public_html/da-DK/opds-Fedora.xml
+++ b/public_html/da-DK/opds-Fedora.xml
@@ -6,7 +6,7 @@
<id>http://docs.fedoraproject.org/da-DK/opds-Fedora.xml</id>
<title>Fedora</title>
<subtitle>Fedora</subtitle>
- <updated>2014-07-14T17:17:09</updated>
+ <updated>2014-07-21T13:54:25</updated>
<!--author>
<name></name>
<uri></uri>
diff --git a/public_html/da-DK/opds-Fedora_Contributor_Documentation.xml b/public_html/da-DK/opds-Fedora_Contributor_Documentation.xml
index 7b51334..d4432f7 100644
--- a/public_html/da-DK/opds-Fedora_Contributor_Documentation.xml
+++ b/public_html/da-DK/opds-Fedora_Contributor_Documentation.xml
@@ -6,7 +6,7 @@
<id>http://docs.fedoraproject.org/da-DK/opds-Fedora_Contributor_Documentation.xml</id>
<title>Fedora Contributor Documentation</title>
<subtitle>Fedora Contributor Documentation</subtitle>
- <updated>2014-07-14T17:17:09</updated>
+ <updated>2014-07-21T13:54:25</updated>
<!--author>
<name></name>
<uri></uri>
diff --git a/public_html/da-DK/opds-Fedora_Core.xml b/public_html/da-DK/opds-Fedora_Core.xml
index 22e4372..93e714c 100644
--- a/public_html/da-DK/opds-Fedora_Core.xml
+++ b/public_html/da-DK/opds-Fedora_Core.xml
@@ -6,7 +6,7 @@
<id>http://docs.fedoraproject.org/da-DK/opds-Fedora_Core.xml</id>
<title>Fedora Core</title>
<subtitle>Fedora Core</subtitle>
- <updated>2014-07-14T17:17:09</updated>
+ <updated>2014-07-21T13:54:25</updated>
<!--author>
<name></name>
<uri></uri>
diff --git a/public_html/da-DK/opds-Fedora_Documentation.xml b/public_html/da-DK/opds-Fedora_Documentation.xml
index 6347af2..5c3ecb9 100644
--- a/public_html/da-DK/opds-Fedora_Documentation.xml
+++ b/public_html/da-DK/opds-Fedora_Documentation.xml
@@ -6,7 +6,7 @@
<id>http://docs.fedoraproject.org/da-DK/opds-Fedora_Documentation.xml</id>
<title>Fedora Documentation</title>
<subtitle>Fedora Documentation</subtitle>
- <updated>2014-07-14T17:17:09</updated>
+ <updated>2014-07-21T13:54:25</updated>
<!--author>
<name></name>
<uri></uri>
diff --git a/public_html/da-DK/opds-Fedora_Draft_Documentation.xml b/public_html/da-DK/opds-Fedora_Draft_Documentation.xml
index 71b5d30..25539f9 100644
--- a/public_html/da-DK/opds-Fedora_Draft_Documentation.xml
+++ b/public_html/da-DK/opds-Fedora_Draft_Documentation.xml
@@ -6,7 +6,7 @@
<id>http://docs.fedoraproject.org/da-DK/opds-Fedora_Draft_Documentation.xml</id>
<title>Fedora Draft Documentation</title>
<subtitle>Fedora Draft Documentation</subtitle>
- <updated>2014-07-14T17:17:09</updated>
+ <updated>2014-07-21T13:54:25</updated>
<!--author>
<name></name>
<uri></uri>
diff --git a/public_html/da-DK/opds-Fedora_Security_Team.xml b/public_html/da-DK/opds-Fedora_Security_Team.xml
index 076eca7..b8358e3 100644
--- a/public_html/da-DK/opds-Fedora_Security_Team.xml
+++ b/public_html/da-DK/opds-Fedora_Security_Team.xml
@@ -6,13 +6,31 @@
<id>http://docs.fedoraproject.org/da-DK/opds-Fedora_Security_Team.xml</id>
<title>Fedora Security Team</title>
<subtitle>Fedora Security Team</subtitle>
- <updated>2014-07-14T17:17:09</updated>
+ <updated>2014-07-21T13:54:25</updated>
<!--author>
<name></name>
<uri></uri>
</author-->
<entry>
+ <title>Defensive Coding</title>
+ <id>http://docs.fedoraproject.org/en-US/Fedora_Security_Team/1/epub/Defensive_Coding/Fedora_Security_Team-1-Defensive_Coding-en-US.epub</id>
+ <!--author>
+ <name></name>
+ <uri></uri>
+ </author-->
+ <updated>2014-07-21</updated>
+ <dc:language>da-DK</dc:language>
+ <category label="1" scheme="http://lexcycle.com/stanza/header" term="free"/>
+ <!--dc:issued></dc:issued-->
+ <summary>A Guide to Improving Software Security</summary>
+ <content type="text">This document provides guidelines for improving software security through secure coding. It covers common programming languages and libraries, and focuses on concrete recommendations.</content>
+ <link type="application/epub+zip" rel="http://opds-spec.org/acquisition" href="http://docs.fedoraproject.org/en-US/Fedora_Security_Team/1/epub/Defensive_Coding/Fedora_Security_Team-1-Defensive_Coding-en-US.epub">
+ <dc:format>application/epub+zip</dc:format>
+ </link>
+ <!--link type="application/atom+xml;type=entry" href="" rel="alternate" title="Full entry"/-->
+ </entry>
+ <entry>
<title>Secure Ruby Development Guide</title>
<id>http://docs.fedoraproject.org/en-US/Fedora_Security_Team/1/epub/Secure_Ruby_Development_Guide/Fedora_Security_Team-1-Secure_Ruby_Development_Guide-en-US.epub</id>
<!--author>
@@ -21,7 +39,7 @@
</author-->
<updated>2014-07-14</updated>
<dc:language>da-DK</dc:language>
- <category label="1" scheme="http://lexcycle.com/stanza/header" term="free"/>
+ <category label="" scheme="http://lexcycle.com/stanza/header" term="free"/>
<!--dc:issued></dc:issued-->
<summary>Guide to secure software development in Ruby</summary>
<content type="text">This guide covers security aspects of software development in Ruby.</content>
diff --git a/public_html/da-DK/opds.xml b/public_html/da-DK/opds.xml
index 5678d46..104e387 100644
--- a/public_html/da-DK/opds.xml
+++ b/public_html/da-DK/opds.xml
@@ -6,7 +6,7 @@
<link rel="http://opds-spec.org/crawlable" type="application/atom+xml" href="http://bookserver.archive.org/catalog/crawlable" title="Crawlable feed"/>
<id>http://docs.fedoraproject.org/da-DK/opds.xml</id>
<title>Product List</title>
- <updated>2014-07-14T17:17:09</updated>
+ <updated>2014-07-21T13:54:25</updated>
<!--author>
<name></name>
<uri></uri>
@@ -15,7 +15,7 @@
<entry>
<title>Community Services Infrastructure</title>
<id>http://docs.fedoraproject.org/da-DK/Community_Services_Infrastructure/opds-Community_Services_Infrastructure.xml</id>
- <updated>2014-07-14T17:17:09</updated>
+ <updated>2014-07-21T13:54:25</updated>
<dc:language>da-DK</dc:language>
<content type="text"></content>
<link type="application/atom+xml" href="opds-Community_Services_Infrastructure.xml"/>
@@ -23,7 +23,7 @@
<entry>
<title>Fedora</title>
<id>http://docs.fedoraproject.org/da-DK/Fedora/opds-Fedora.xml</id>
- <updated>2014-07-14T17:17:09</updated>
+ <updated>2014-07-21T13:54:25</updated>
<dc:language>da-DK</dc:language>
<content type="text"></content>
<link type="application/atom+xml" href="opds-Fedora.xml"/>
@@ -31,7 +31,7 @@
<entry>
<title>Fedora Contributor Documentation</title>
<id>http://docs.fedoraproject.org/da-DK/Fedora_Contributor_Documentation/opds-Fedora_Contributor_Documentation.xml</id>
- <updated>2014-07-14T17:17:09</updated>
+ <updated>2014-07-21T13:54:25</updated>
<dc:language>da-DK</dc:language>
<content type="text"></content>
<link type="application/atom+xml" href="opds-Fedora_Contributor_Documentation.xml"/>
@@ -39,7 +39,7 @@
<entry>
<title>Fedora Core</title>
<id>http://docs.fedoraproject.org/da-DK/Fedora_Core/opds-Fedora_Core.xml</id>
- <updated>2014-07-14T17:17:09</updated>
+ <updated>2014-07-21T13:54:25</updated>
<dc:language>da-DK</dc:language>
<content type="text"></content>
<link type="application/atom+xml" href="opds-Fedora_Core.xml"/>
@@ -47,7 +47,7 @@
<entry>
<title>Fedora Documentation</title>
<id>http://docs.fedoraproject.org/da-DK/Fedora_Documentation/opds-Fedora_Documentation.xml</id>
- <updated>2014-07-14T17:17:09</updated>
+ <updated>2014-07-21T13:54:25</updated>
<dc:language>da-DK</dc:language>
<content type="text"></content>
<link type="application/atom+xml" href="opds-Fedora_Documentation.xml"/>
@@ -55,7 +55,7 @@
<entry>
<title>Fedora Draft Documentation</title>
<id>http://docs.fedoraproject.org/da-DK/Fedora_Draft_Documentation/opds-Fedora_Draft_Documentation.xml</id>
- <updated>2014-07-14T17:17:09</updated>
+ <updated>2014-07-21T13:54:25</updated>
<dc:language>da-DK</dc:language>
<content type="text"></content>
<link type="application/atom+xml" href="opds-Fedora_Draft_Documentation.xml"/>
@@ -63,7 +63,7 @@
<entry>
<title>Fedora Security Team</title>
<id>http://docs.fedoraproject.org/da-DK/Fedora_Security_Team/opds-Fedora_Security_Team.xml</id>
- <updated>2014-07-14T17:17:09</updated>
+ <updated>2014-07-21T13:54:25</updated>
<dc:language>da-DK</dc:language>
<content type="text"></content>
<link type="application/atom+xml" href="opds-Fedora_Security_Team.xml"/>
diff --git a/public_html/da-DK/toc.html b/public_html/da-DK/toc.html
index bafabb7..318e635 100644
--- a/public_html/da-DK/toc.html
+++ b/public_html/da-DK/toc.html
@@ -1800,12 +1800,19 @@
<div class="product collapsed" onclick="toggle(event, 'Fedora_Security_Team');work=1;">
<span class="product">Fedora Security Team</span>
<div id='Fedora_Security_Team' class="versions hidden">
- <div id='Fedora_Security_Team.1' class="version collapsed" onclick="toggle(event, 'Fedora_Security_Team.1.books');">
- <span class="version">1</span>
- <div id='Fedora_Security_Team.1.books' class="books hidden">
+ <div id='Fedora_Security_Team.1' class="version collapsed" onclick="toggle(event, 'Fedora_Security_Team.1.books');"> <div id='Fedora_Security_Team.1.books' class="books">
<div id='Fedora_Security_Team.1' class="version collapsed untranslated" onclick="toggle(event, 'Fedora_Security_Team.1.untrans_books');">
<span class="version">Untranslated</span>
<div id='Fedora_Security_Team.1.untrans_books' class="books hidden">
+ <div id='Fedora_Security_Team.1.Defensive_Coding' class="book collapsed" onclick="toggle(event, 'Fedora_Security_Team.1.Defensive_Coding.types');">
+ <a class="type" href="../en-US/Fedora_Security_Team/1/html/Defensive_Coding/index.html" onclick="window.top.location='../en-US/Fedora_Security_Team/1/html/Defensive_Coding/index.html'"><span class="book">Defensive Coding</span></a>
+ <div id='Fedora_Security_Team.1.Defensive_Coding.types' class="types hidden" onclick="work=0;">
+ <a class="type" href="../en-US/./Fedora_Security_Team/1/epub/Defensive_Coding/Fedora_Security_Team-1-Defensive_Coding-en-US.epub" >epub</a>
+ <a class="type" href="../en-US/./Fedora_Security_Team/1/html/Defensive_Coding/index.html" onclick="window.top.location='../en-US/./Fedora_Security_Team/1/html/Defensive_Coding/index.html';return false;">html</a>
+ <a class="type" href="../en-US/./Fedora_Security_Team/1/html-single/Defensive_Coding/index.html" onclick="window.top.location='../en-US/./Fedora_Security_Team/1/html-single/Defensive_Coding/index.html';return false;">html-single</a>
+ <a class="type" href="../en-US/./Fedora_Security_Team/1/pdf/Defensive_Coding/Fedora_Security_Team-1-Defensive_Coding-en-US.pdf" onclick="window.top.location='../en-US/./Fedora_Security_Team/1/pdf/Defensive_Coding/Fedora_Security_Team-1-Defensive_Coding-en-US.pdf';return false;">pdf</a>
+ </div>
+ </div>
<div id='Fedora_Security_Team.1.Secure_Ruby_Development_Guide' class="book collapsed" onclick="toggle(event, 'Fedora_Security_Team.1.Secure_Ruby_Development_Guide.types');">
<a class="type" href="../en-US/Fedora_Security_Team/1/html/Secure_Ruby_Development_Guide/index.html" onclick="window.top.location='../en-US/Fedora_Security_Team/1/html/Secure_Ruby_Development_Guide/index.html'"><span class="book">Secure Ruby Development Guide</span></a>
<div id='Fedora_Security_Team.1.Secure_Ruby_Development_Guide.types' class="types hidden" onclick="work=0;">
diff --git a/public_html/de-DE/Site_Statistics.html b/public_html/de-DE/Site_Statistics.html
index 481233f..a61dc8b 100644
--- a/public_html/de-DE/Site_Statistics.html
+++ b/public_html/de-DE/Site_Statistics.html
@@ -28,7 +28,7 @@
<td>7</td>
<td>45</td>
<td>22</td>
- <td>166</td>
+ <td>167</td>
</tr>
<tr>
@@ -430,7 +430,7 @@
</table>
<div class="totals">
<b>Sprachen gesamt: </b>45<br />
- <b>Pakete gesamt: </b>906
+ <b>Pakete gesamt: </b>907
</div>
</body>
</html>
diff --git a/public_html/de-DE/opds-Community_Services_Infrastructure.xml b/public_html/de-DE/opds-Community_Services_Infrastructure.xml
index 9e0075a..013d0f5 100644
--- a/public_html/de-DE/opds-Community_Services_Infrastructure.xml
+++ b/public_html/de-DE/opds-Community_Services_Infrastructure.xml
@@ -6,7 +6,7 @@
<id>http://docs.fedoraproject.org/de-DE/opds-Community_Services_Infrastructure.xml</id>
<title>Community Services Infrastructure</title>
<subtitle>Community Services Infrastructure</subtitle>
- <updated>2014-07-14T17:17:09</updated>
+ <updated>2014-07-21T13:54:25</updated>
<!--author>
<name></name>
<uri></uri>
diff --git a/public_html/de-DE/opds-Fedora.xml b/public_html/de-DE/opds-Fedora.xml
index ebff079..de3448e 100644
--- a/public_html/de-DE/opds-Fedora.xml
+++ b/public_html/de-DE/opds-Fedora.xml
@@ -6,7 +6,7 @@
<id>http://docs.fedoraproject.org/de-DE/opds-Fedora.xml</id>
<title>Fedora</title>
<subtitle>Fedora</subtitle>
- <updated>2014-07-14T17:17:09</updated>
+ <updated>2014-07-21T13:54:25</updated>
<!--author>
<name></name>
<uri></uri>
diff --git a/public_html/de-DE/opds-Fedora_Contributor_Documentation.xml b/public_html/de-DE/opds-Fedora_Contributor_Documentation.xml
index 5520eef..e3e0eb1 100644
--- a/public_html/de-DE/opds-Fedora_Contributor_Documentation.xml
+++ b/public_html/de-DE/opds-Fedora_Contributor_Documentation.xml
@@ -6,7 +6,7 @@
<id>http://docs.fedoraproject.org/de-DE/opds-Fedora_Contributor_Documentation.xml</id>
<title>Fedora Contributor Documentation</title>
<subtitle>Fedora Contributor Documentation</subtitle>
- <updated>2014-07-14T17:17:09</updated>
+ <updated>2014-07-21T13:54:25</updated>
<!--author>
<name></name>
<uri></uri>
diff --git a/public_html/de-DE/opds-Fedora_Core.xml b/public_html/de-DE/opds-Fedora_Core.xml
index 77c0199..89b72ac6 100644
--- a/public_html/de-DE/opds-Fedora_Core.xml
+++ b/public_html/de-DE/opds-Fedora_Core.xml
@@ -6,7 +6,7 @@
<id>http://docs.fedoraproject.org/de-DE/opds-Fedora_Core.xml</id>
<title>Fedora Core</title>
<subtitle>Fedora Core</subtitle>
- <updated>2014-07-14T17:17:09</updated>
+ <updated>2014-07-21T13:54:25</updated>
<!--author>
<name></name>
<uri></uri>
diff --git a/public_html/de-DE/opds-Fedora_Documentation.xml b/public_html/de-DE/opds-Fedora_Documentation.xml
index 62f185a..7c128e4 100644
--- a/public_html/de-DE/opds-Fedora_Documentation.xml
+++ b/public_html/de-DE/opds-Fedora_Documentation.xml
@@ -6,7 +6,7 @@
<id>http://docs.fedoraproject.org/de-DE/opds-Fedora_Documentation.xml</id>
<title>Fedora Documentation</title>
<subtitle>Fedora Documentation</subtitle>
- <updated>2014-07-14T17:17:09</updated>
+ <updated>2014-07-21T13:54:25</updated>
<!--author>
<name></name>
<uri></uri>
diff --git a/public_html/de-DE/opds-Fedora_Draft_Documentation.xml b/public_html/de-DE/opds-Fedora_Draft_Documentation.xml
index 0c781e3..2d792c0 100644
--- a/public_html/de-DE/opds-Fedora_Draft_Documentation.xml
+++ b/public_html/de-DE/opds-Fedora_Draft_Documentation.xml
@@ -6,7 +6,7 @@
<id>http://docs.fedoraproject.org/de-DE/opds-Fedora_Draft_Documentation.xml</id>
<title>Fedora Draft Documentation</title>
<subtitle>Fedora Draft Documentation</subtitle>
- <updated>2014-07-14T17:17:09</updated>
+ <updated>2014-07-21T13:54:25</updated>
<!--author>
<name></name>
<uri></uri>
diff --git a/public_html/de-DE/opds-Fedora_Security_Team.xml b/public_html/de-DE/opds-Fedora_Security_Team.xml
index e43fd5a..2d530a9 100644
--- a/public_html/de-DE/opds-Fedora_Security_Team.xml
+++ b/public_html/de-DE/opds-Fedora_Security_Team.xml
@@ -6,13 +6,31 @@
<id>http://docs.fedoraproject.org/de-DE/opds-Fedora_Security_Team.xml</id>
<title>Fedora Security Team</title>
<subtitle>Fedora Security Team</subtitle>
- <updated>2014-07-14T17:17:09</updated>
+ <updated>2014-07-21T13:54:25</updated>
<!--author>
<name></name>
<uri></uri>
</author-->
<entry>
+ <title>Defensive Coding</title>
+ <id>http://docs.fedoraproject.org/en-US/Fedora_Security_Team/1/epub/Defensive_Coding/Fedora_Security_Team-1-Defensive_Coding-en-US.epub</id>
+ <!--author>
+ <name></name>
+ <uri></uri>
+ </author-->
+ <updated>2014-07-21</updated>
+ <dc:language>de-DE</dc:language>
+ <category label="1" scheme="http://lexcycle.com/stanza/header" term="free"/>
+ <!--dc:issued></dc:issued-->
+ <summary>A Guide to Improving Software Security</summary>
+ <content type="text">This document provides guidelines for improving software security through secure coding. It covers common programming languages and libraries, and focuses on concrete recommendations.</content>
+ <link type="application/epub+zip" rel="http://opds-spec.org/acquisition" href="http://docs.fedoraproject.org/en-US/Fedora_Security_Team/1/epub/Defensive_Coding/Fedora_Security_Team-1-Defensive_Coding-en-US.epub">
+ <dc:format>application/epub+zip</dc:format>
+ </link>
+ <!--link type="application/atom+xml;type=entry" href="" rel="alternate" title="Full entry"/-->
+ </entry>
+ <entry>
<title>Secure Ruby Development Guide</title>
<id>http://docs.fedoraproject.org/en-US/Fedora_Security_Team/1/epub/Secure_Ruby_Development_Guide/Fedora_Security_Team-1-Secure_Ruby_Development_Guide-en-US.epub</id>
<!--author>
@@ -21,7 +39,7 @@
</author-->
<updated>2014-07-14</updated>
<dc:language>de-DE</dc:language>
- <category label="1" scheme="http://lexcycle.com/stanza/header" term="free"/>
+ <category label="" scheme="http://lexcycle.com/stanza/header" term="free"/>
<!--dc:issued></dc:issued-->
<summary>Guide to secure software development in Ruby</summary>
<content type="text">This guide covers security aspects of software development in Ruby.</content>
diff --git a/public_html/de-DE/opds.xml b/public_html/de-DE/opds.xml
index 02cb26c..ba85478 100644
--- a/public_html/de-DE/opds.xml
+++ b/public_html/de-DE/opds.xml
@@ -6,7 +6,7 @@
<link rel="http://opds-spec.org/crawlable" type="application/atom+xml" href="http://bookserver.archive.org/catalog/crawlable" title="Crawlable feed"/>
<id>http://docs.fedoraproject.org/de-DE/opds.xml</id>
<title>Product List</title>
- <updated>2014-07-14T17:17:09</updated>
+ <updated>2014-07-21T13:54:25</updated>
<!--author>
<name></name>
<uri></uri>
@@ -15,7 +15,7 @@
<entry>
<title>Community Services Infrastructure</title>
<id>http://docs.fedoraproject.org/de-DE/Community_Services_Infrastructure/opds-Community_Services_Infrastructure.xml</id>
- <updated>2014-07-14T17:17:09</updated>
+ <updated>2014-07-21T13:54:25</updated>
<dc:language>de-DE</dc:language>
<content type="text"></content>
<link type="application/atom+xml" href="opds-Community_Services_Infrastructure.xml"/>
@@ -23,7 +23,7 @@
<entry>
<title>Fedora</title>
<id>http://docs.fedoraproject.org/de-DE/Fedora/opds-Fedora.xml</id>
- <updated>2014-07-14T17:17:09</updated>
+ <updated>2014-07-21T13:54:25</updated>
<dc:language>de-DE</dc:language>
<content type="text"></content>
<link type="application/atom+xml" href="opds-Fedora.xml"/>
@@ -31,7 +31,7 @@
<entry>
<title>Fedora Contributor Documentation</title>
<id>http://docs.fedoraproject.org/de-DE/Fedora_Contributor_Documentation/opds-Fedora_Contributor_Documentation.xml</id>
- <updated>2014-07-14T17:17:09</updated>
+ <updated>2014-07-21T13:54:25</updated>
<dc:language>de-DE</dc:language>
<content type="text"></content>
<link type="application/atom+xml" href="opds-Fedora_Contributor_Documentation.xml"/>
@@ -39,7 +39,7 @@
<entry>
<title>Fedora Core</title>
<id>http://docs.fedoraproject.org/de-DE/Fedora_Core/opds-Fedora_Core.xml</id>
- <updated>2014-07-14T17:17:09</updated>
+ <updated>2014-07-21T13:54:25</updated>
<dc:language>de-DE</dc:language>
<content type="text"></content>
<link type="application/atom+xml" href="opds-Fedora_Core.xml"/>
@@ -47,7 +47,7 @@
<entry>
<title>Fedora Documentation</title>
<id>http://docs.fedoraproject.org/de-DE/Fedora_Documentation/opds-Fedora_Documentation.xml</id>
- <updated>2014-07-14T17:17:09</updated>
+ <updated>2014-07-21T13:54:25</updated>
<dc:language>de-DE</dc:language>
<content type="text"></content>
<link type="application/atom+xml" href="opds-Fedora_Documentation.xml"/>
@@ -55,7 +55,7 @@
<entry>
<title>Fedora Draft Documentation</title>
<id>http://docs.fedoraproject.org/de-DE/Fedora_Draft_Documentation/opds-Fedora_Draft_Documentation.xml</id>
- <updated>2014-07-14T17:17:09</updated>
+ <updated>2014-07-21T13:54:25</updated>
<dc:language>de-DE</dc:language>
<content type="text"></content>
<link type="application/atom+xml" href="opds-Fedora_Draft_Documentation.xml"/>
@@ -63,7 +63,7 @@
<entry>
<title>Fedora Security Team</title>
<id>http://docs.fedoraproject.org/de-DE/Fedora_Security_Team/opds-Fedora_Security_Team.xml</id>
- <updated>2014-07-14T17:17:09</updated>
+ <updated>2014-07-21T13:54:25</updated>
<dc:language>de-DE</dc:language>
<content type="text"></content>
<link type="application/atom+xml" href="opds-Fedora_Security_Team.xml"/>
diff --git a/public_html/de-DE/toc.html b/public_html/de-DE/toc.html
index 7bd3289..966f1bc 100644
--- a/public_html/de-DE/toc.html
+++ b/public_html/de-DE/toc.html
@@ -1854,12 +1854,19 @@
<div class="product collapsed" onclick="toggle(event, 'Fedora_Security_Team');work=1;">
<span class="product">Fedora Security Team</span>
<div id='Fedora_Security_Team' class="versions hidden">
- <div id='Fedora_Security_Team.1' class="version collapsed" onclick="toggle(event, 'Fedora_Security_Team.1.books');">
- <span class="version">1</span>
- <div id='Fedora_Security_Team.1.books' class="books hidden">
+ <div id='Fedora_Security_Team.1' class="version collapsed" onclick="toggle(event, 'Fedora_Security_Team.1.books');"> <div id='Fedora_Security_Team.1.books' class="books">
<div id='Fedora_Security_Team.1' class="version collapsed untranslated" onclick="toggle(event, 'Fedora_Security_Team.1.untrans_books');">
<span class="version">Nicht übersetzt</span>
<div id='Fedora_Security_Team.1.untrans_books' class="books hidden">
+ <div id='Fedora_Security_Team.1.Defensive_Coding' class="book collapsed" onclick="toggle(event, 'Fedora_Security_Team.1.Defensive_Coding.types');">
+ <a class="type" href="../en-US/Fedora_Security_Team/1/html/Defensive_Coding/index.html" onclick="window.top.location='../en-US/Fedora_Security_Team/1/html/Defensive_Coding/index.html'"><span class="book">Defensive Coding</span></a>
+ <div id='Fedora_Security_Team.1.Defensive_Coding.types' class="types hidden" onclick="work=0;">
+ <a class="type" href="../en-US/./Fedora_Security_Team/1/epub/Defensive_Coding/Fedora_Security_Team-1-Defensive_Coding-en-US.epub" >epub</a>
+ <a class="type" href="../en-US/./Fedora_Security_Team/1/html/Defensive_Coding/index.html" onclick="window.top.location='../en-US/./Fedora_Security_Team/1/html/Defensive_Coding/index.html';return false;">html</a>
+ <a class="type" href="../en-US/./Fedora_Security_Team/1/html-single/Defensive_Coding/index.html" onclick="window.top.location='../en-US/./Fedora_Security_Team/1/html-single/Defensive_Coding/index.html';return false;">html-single</a>
+ <a class="type" href="../en-US/./Fedora_Security_Team/1/pdf/Defensive_Coding/Fedora_Security_Team-1-Defensive_Coding-en-US.pdf" onclick="window.top.location='../en-US/./Fedora_Security_Team/1/pdf/Defensive_Coding/Fedora_Security_Team-1-Defensive_Coding-en-US.pdf';return false;">pdf</a>
+ </div>
+ </div>
<div id='Fedora_Security_Team.1.Secure_Ruby_Development_Guide' class="book collapsed" onclick="toggle(event, 'Fedora_Security_Team.1.Secure_Ruby_Development_Guide.types');">
<a class="type" href="../en-US/Fedora_Security_Team/1/html/Secure_Ruby_Development_Guide/index.html" onclick="window.top.location='../en-US/Fedora_Security_Team/1/html/Secure_Ruby_Development_Guide/index.html'"><span class="book">Secure Ruby Development Guide</span></a>
<div id='Fedora_Security_Team.1.Secure_Ruby_Development_Guide.types' class="types hidden" onclick="work=0;">
diff --git a/public_html/el-GR/Site_Statistics.html b/public_html/el-GR/Site_Statistics.html
index 02caf19..bbbf9bd 100644
--- a/public_html/el-GR/Site_Statistics.html
+++ b/public_html/el-GR/Site_Statistics.html
@@ -28,7 +28,7 @@
<td>7</td>
<td>45</td>
<td>22</td>
- <td>166</td>
+ <td>167</td>
</tr>
<tr>
@@ -430,7 +430,7 @@
</table>
<div class="totals">
<b>Total Languages: </b>45<br />
- <b>Total Packages: </b>906
+ <b>Total Packages: </b>907
</div>
</body>
</html>
diff --git a/public_html/el-GR/opds-Community_Services_Infrastructure.xml b/public_html/el-GR/opds-Community_Services_Infrastructure.xml
index 8951c31..39e36fb 100644
--- a/public_html/el-GR/opds-Community_Services_Infrastructure.xml
+++ b/public_html/el-GR/opds-Community_Services_Infrastructure.xml
@@ -6,7 +6,7 @@
<id>http://docs.fedoraproject.org/el-GR/opds-Community_Services_Infrastructure.xml</id>
<title>Community Services Infrastructure</title>
<subtitle>Community Services Infrastructure</subtitle>
- <updated>2014-07-14T17:17:09</updated>
+ <updated>2014-07-21T13:54:25</updated>
<!--author>
<name></name>
<uri></uri>
diff --git a/public_html/el-GR/opds-Fedora.xml b/public_html/el-GR/opds-Fedora.xml
index 189ac1f..70711ee 100644
--- a/public_html/el-GR/opds-Fedora.xml
+++ b/public_html/el-GR/opds-Fedora.xml
@@ -6,7 +6,7 @@
<id>http://docs.fedoraproject.org/el-GR/opds-Fedora.xml</id>
<title>Fedora</title>
<subtitle>Fedora</subtitle>
- <updated>2014-07-14T17:17:09</updated>
+ <updated>2014-07-21T13:54:26</updated>
<!--author>
<name></name>
<uri></uri>
diff --git a/public_html/el-GR/opds-Fedora_Contributor_Documentation.xml b/public_html/el-GR/opds-Fedora_Contributor_Documentation.xml
index 5d2e5e2..3373b44 100644
--- a/public_html/el-GR/opds-Fedora_Contributor_Documentation.xml
+++ b/public_html/el-GR/opds-Fedora_Contributor_Documentation.xml
@@ -6,7 +6,7 @@
<id>http://docs.fedoraproject.org/el-GR/opds-Fedora_Contributor_Documentation.xml</id>
<title>Fedora Contributor Documentation</title>
<subtitle>Fedora Contributor Documentation</subtitle>
- <updated>2014-07-14T17:17:09</updated>
+ <updated>2014-07-21T13:54:26</updated>
<!--author>
<name></name>
<uri></uri>
diff --git a/public_html/el-GR/opds-Fedora_Core.xml b/public_html/el-GR/opds-Fedora_Core.xml
index 39926da..b21c031 100644
--- a/public_html/el-GR/opds-Fedora_Core.xml
+++ b/public_html/el-GR/opds-Fedora_Core.xml
@@ -6,7 +6,7 @@
<id>http://docs.fedoraproject.org/el-GR/opds-Fedora_Core.xml</id>
<title>Fedora Core</title>
<subtitle>Fedora Core</subtitle>
- <updated>2014-07-14T17:17:09</updated>
+ <updated>2014-07-21T13:54:26</updated>
<!--author>
<name></name>
<uri></uri>
diff --git a/public_html/el-GR/opds-Fedora_Documentation.xml b/public_html/el-GR/opds-Fedora_Documentation.xml
index 19fa86b..72e3202 100644
--- a/public_html/el-GR/opds-Fedora_Documentation.xml
+++ b/public_html/el-GR/opds-Fedora_Documentation.xml
@@ -6,7 +6,7 @@
<id>http://docs.fedoraproject.org/el-GR/opds-Fedora_Documentation.xml</id>
<title>Fedora Documentation</title>
<subtitle>Fedora Documentation</subtitle>
- <updated>2014-07-14T17:17:09</updated>
+ <updated>2014-07-21T13:54:26</updated>
<!--author>
<name></name>
<uri></uri>
diff --git a/public_html/el-GR/opds-Fedora_Draft_Documentation.xml b/public_html/el-GR/opds-Fedora_Draft_Documentation.xml
index 469f656..3630c90 100644
--- a/public_html/el-GR/opds-Fedora_Draft_Documentation.xml
+++ b/public_html/el-GR/opds-Fedora_Draft_Documentation.xml
@@ -6,7 +6,7 @@
<id>http://docs.fedoraproject.org/el-GR/opds-Fedora_Draft_Documentation.xml</id>
<title>Fedora Draft Documentation</title>
<subtitle>Fedora Draft Documentation</subtitle>
- <updated>2014-07-14T17:17:09</updated>
+ <updated>2014-07-21T13:54:26</updated>
<!--author>
<name></name>
<uri></uri>
diff --git a/public_html/el-GR/opds-Fedora_Security_Team.xml b/public_html/el-GR/opds-Fedora_Security_Team.xml
index ce7bf60..c0cf019 100644
--- a/public_html/el-GR/opds-Fedora_Security_Team.xml
+++ b/public_html/el-GR/opds-Fedora_Security_Team.xml
@@ -6,13 +6,31 @@
<id>http://docs.fedoraproject.org/el-GR/opds-Fedora_Security_Team.xml</id>
<title>Fedora Security Team</title>
<subtitle>Fedora Security Team</subtitle>
- <updated>2014-07-14T17:17:09</updated>
+ <updated>2014-07-21T13:54:26</updated>
<!--author>
<name></name>
<uri></uri>
</author-->
<entry>
+ <title>Defensive Coding</title>
+ <id>http://docs.fedoraproject.org/en-US/Fedora_Security_Team/1/epub/Defensive_Coding/Fedora_Security_Team-1-Defensive_Coding-en-US.epub</id>
+ <!--author>
+ <name></name>
+ <uri></uri>
+ </author-->
+ <updated>2014-07-21</updated>
+ <dc:language>el-GR</dc:language>
+ <category label="1" scheme="http://lexcycle.com/stanza/header" term="free"/>
+ <!--dc:issued></dc:issued-->
+ <summary>A Guide to Improving Software Security</summary>
+ <content type="text">This document provides guidelines for improving software security through secure coding. It covers common programming languages and libraries, and focuses on concrete recommendations.</content>
+ <link type="application/epub+zip" rel="http://opds-spec.org/acquisition" href="http://docs.fedoraproject.org/en-US/Fedora_Security_Team/1/epub/Defensive_Coding/Fedora_Security_Team-1-Defensive_Coding-en-US.epub">
+ <dc:format>application/epub+zip</dc:format>
+ </link>
+ <!--link type="application/atom+xml;type=entry" href="" rel="alternate" title="Full entry"/-->
+ </entry>
+ <entry>
<title>Secure Ruby Development Guide</title>
<id>http://docs.fedoraproject.org/en-US/Fedora_Security_Team/1/epub/Secure_Ruby_Development_Guide/Fedora_Security_Team-1-Secure_Ruby_Development_Guide-en-US.epub</id>
<!--author>
@@ -21,7 +39,7 @@
</author-->
<updated>2014-07-14</updated>
<dc:language>el-GR</dc:language>
- <category label="1" scheme="http://lexcycle.com/stanza/header" term="free"/>
+ <category label="" scheme="http://lexcycle.com/stanza/header" term="free"/>
<!--dc:issued></dc:issued-->
<summary>Guide to secure software development in Ruby</summary>
<content type="text">This guide covers security aspects of software development in Ruby.</content>
diff --git a/public_html/el-GR/opds.xml b/public_html/el-GR/opds.xml
index 2396b08..51005d8 100644
--- a/public_html/el-GR/opds.xml
+++ b/public_html/el-GR/opds.xml
@@ -6,7 +6,7 @@
<link rel="http://opds-spec.org/crawlable" type="application/atom+xml" href="http://bookserver.archive.org/catalog/crawlable" title="Crawlable feed"/>
<id>http://docs.fedoraproject.org/el-GR/opds.xml</id>
<title>Product List</title>
- <updated>2014-07-14T17:17:09</updated>
+ <updated>2014-07-21T13:54:26</updated>
<!--author>
<name></name>
<uri></uri>
@@ -15,7 +15,7 @@
<entry>
<title>Community Services Infrastructure</title>
<id>http://docs.fedoraproject.org/el-GR/Community_Services_Infrastructure/opds-Community_Services_Infrastructure.xml</id>
- <updated>2014-07-14T17:17:09</updated>
+ <updated>2014-07-21T13:54:25</updated>
<dc:language>el-GR</dc:language>
<content type="text"></content>
<link type="application/atom+xml" href="opds-Community_Services_Infrastructure.xml"/>
@@ -23,7 +23,7 @@
<entry>
<title>Fedora</title>
<id>http://docs.fedoraproject.org/el-GR/Fedora/opds-Fedora.xml</id>
- <updated>2014-07-14T17:17:09</updated>
+ <updated>2014-07-21T13:54:26</updated>
<dc:language>el-GR</dc:language>
<content type="text"></content>
<link type="application/atom+xml" href="opds-Fedora.xml"/>
@@ -31,7 +31,7 @@
<entry>
<title>Fedora Contributor Documentation</title>
<id>http://docs.fedoraproject.org/el-GR/Fedora_Contributor_Documentation/opds-Fedora_Contributor_Documentation.xml</id>
- <updated>2014-07-14T17:17:09</updated>
+ <updated>2014-07-21T13:54:26</updated>
<dc:language>el-GR</dc:language>
<content type="text"></content>
<link type="application/atom+xml" href="opds-Fedora_Contributor_Documentation.xml"/>
@@ -39,7 +39,7 @@
<entry>
<title>Fedora Core</title>
<id>http://docs.fedoraproject.org/el-GR/Fedora_Core/opds-Fedora_Core.xml</id>
- <updated>2014-07-14T17:17:09</updated>
+ <updated>2014-07-21T13:54:26</updated>
<dc:language>el-GR</dc:language>
<content type="text"></content>
<link type="application/atom+xml" href="opds-Fedora_Core.xml"/>
@@ -47,7 +47,7 @@
<entry>
<title>Fedora Documentation</title>
<id>http://docs.fedoraproject.org/el-GR/Fedora_Documentation/opds-Fedora_Documentation.xml</id>
- <updated>2014-07-14T17:17:09</updated>
+ <updated>2014-07-21T13:54:26</updated>
<dc:language>el-GR</dc:language>
<content type="text"></content>
<link type="application/atom+xml" href="opds-Fedora_Documentation.xml"/>
@@ -55,7 +55,7 @@
<entry>
<title>Fedora Draft Documentation</title>
<id>http://docs.fedoraproject.org/el-GR/Fedora_Draft_Documentation/opds-Fedora_Draft_Documentation.xml</id>
- <updated>2014-07-14T17:17:09</updated>
+ <updated>2014-07-21T13:54:26</updated>
<dc:language>el-GR</dc:language>
<content type="text"></content>
<link type="application/atom+xml" href="opds-Fedora_Draft_Documentation.xml"/>
@@ -63,7 +63,7 @@
<entry>
<title>Fedora Security Team</title>
<id>http://docs.fedoraproject.org/el-GR/Fedora_Security_Team/opds-Fedora_Security_Team.xml</id>
- <updated>2014-07-14T17:17:09</updated>
+ <updated>2014-07-21T13:54:26</updated>
<dc:language>el-GR</dc:language>
<content type="text"></content>
<link type="application/atom+xml" href="opds-Fedora_Security_Team.xml"/>
diff --git a/public_html/el-GR/toc.html b/public_html/el-GR/toc.html
index 02d02a6..e8397fa 100644
--- a/public_html/el-GR/toc.html
+++ b/public_html/el-GR/toc.html
@@ -1800,12 +1800,19 @@
<div class="product collapsed" onclick="toggle(event, 'Fedora_Security_Team');work=1;">
<span class="product">Fedora Security Team</span>
<div id='Fedora_Security_Team' class="versions hidden">
- <div id='Fedora_Security_Team.1' class="version collapsed" onclick="toggle(event, 'Fedora_Security_Team.1.books');">
- <span class="version">1</span>
- <div id='Fedora_Security_Team.1.books' class="books hidden">
+ <div id='Fedora_Security_Team.1' class="version collapsed" onclick="toggle(event, 'Fedora_Security_Team.1.books');"> <div id='Fedora_Security_Team.1.books' class="books">
<div id='Fedora_Security_Team.1' class="version collapsed untranslated" onclick="toggle(event, 'Fedora_Security_Team.1.untrans_books');">
<span class="version">Untranslated</span>
<div id='Fedora_Security_Team.1.untrans_books' class="books hidden">
+ <div id='Fedora_Security_Team.1.Defensive_Coding' class="book collapsed" onclick="toggle(event, 'Fedora_Security_Team.1.Defensive_Coding.types');">
+ <a class="type" href="../en-US/Fedora_Security_Team/1/html/Defensive_Coding/index.html" onclick="window.top.location='../en-US/Fedora_Security_Team/1/html/Defensive_Coding/index.html'"><span class="book">Defensive Coding</span></a>
+ <div id='Fedora_Security_Team.1.Defensive_Coding.types' class="types hidden" onclick="work=0;">
+ <a class="type" href="../en-US/./Fedora_Security_Team/1/epub/Defensive_Coding/Fedora_Security_Team-1-Defensive_Coding-en-US.epub" >epub</a>
+ <a class="type" href="../en-US/./Fedora_Security_Team/1/html/Defensive_Coding/index.html" onclick="window.top.location='../en-US/./Fedora_Security_Team/1/html/Defensive_Coding/index.html';return false;">html</a>
+ <a class="type" href="../en-US/./Fedora_Security_Team/1/html-single/Defensive_Coding/index.html" onclick="window.top.location='../en-US/./Fedora_Security_Team/1/html-single/Defensive_Coding/index.html';return false;">html-single</a>
+ <a class="type" href="../en-US/./Fedora_Security_Team/1/pdf/Defensive_Coding/Fedora_Security_Team-1-Defensive_Coding-en-US.pdf" onclick="window.top.location='../en-US/./Fedora_Security_Team/1/pdf/Defensive_Coding/Fedora_Security_Team-1-Defensive_Coding-en-US.pdf';return false;">pdf</a>
+ </div>
+ </div>
<div id='Fedora_Security_Team.1.Secure_Ruby_Development_Guide' class="book collapsed" onclick="toggle(event, 'Fedora_Security_Team.1.Secure_Ruby_Development_Guide.types');">
<a class="type" href="../en-US/Fedora_Security_Team/1/html/Secure_Ruby_Development_Guide/index.html" onclick="window.top.location='../en-US/Fedora_Security_Team/1/html/Secure_Ruby_Development_Guide/index.html'"><span class="book">Secure Ruby Development Guide</span></a>
<div id='Fedora_Security_Team.1.Secure_Ruby_Development_Guide.types' class="types hidden" onclick="work=0;">
diff --git a/public_html/en-US/Fedora_Security_Team/1/epub/Defensive_Coding/Fedora_Security_Team-1-Defensive_Coding-en-US.epub b/public_html/en-US/Fedora_Security_Team/1/epub/Defensive_Coding/Fedora_Security_Team-1-Defensive_Coding-en-US.epub
index 501a939..54d2dfb 100644
Binary files a/public_html/en-US/Fedora_Security_Team/1/epub/Defensive_Coding/Fedora_Security_Team-1-Defensive_Coding-en-US.epub and b/public_html/en-US/Fedora_Security_Team/1/epub/Defensive_Coding/Fedora_Security_Team-1-Defensive_Coding-en-US.epub differ
diff --git a/public_html/en-US/Fedora_Security_Team/1/html-single/Defensive_Coding/index.html b/public_html/en-US/Fedora_Security_Team/1/html-single/Defensive_Coding/index.html
index 1b8dc2f..733d609 100644
--- a/public_html/en-US/Fedora_Security_Team/1/html-single/Defensive_Coding/index.html
+++ b/public_html/en-US/Fedora_Security_Team/1/html-single/Defensive_Coding/index.html
@@ -1,16 +1,16 @@
<?xml version="1.0" encoding="UTF-8"?>
-<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd"><html xmlns="http://www.w3.org/1999/xhtml"><head><meta http-equiv="Content-Type" content="text/html; charset=UTF-8" /><title>Defensive Coding</title><link rel="stylesheet" type="text/css" href="Common_Content/css/default.css" /><link rel="stylesheet" media="print" href="Common_Content/css/print.css" type="text/css" /><meta name="generator" content="publican 2.8" /><meta name="package" content="Fedora_Security_Team-Defensive_Coding-1-en-US--" /><meta name="description" content="This document provides guidelines for improving software security through secure coding. It covers common programming languages and libraries, and focuses on concrete recommendations." /><script type="text/javascript" src="../../../../../toc.js"></script><script type="text/javascript">
+<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd"><html xmlns="http://www.w3.org/1999/xhtml"><head><meta http-equiv="Content-Type" content="text/html; charset=UTF-8" /><title>Defensive Coding</title><link rel="stylesheet" type="text/css" href="Common_Content/css/default.css" /><link rel="stylesheet" media="print" href="Common_Content/css/print.css" type="text/css" /><meta name="generator" content="publican 2.8" /><meta name="package" content="Fedora_Security_Team-Defensive_Coding-1-en-US-1-1" /><meta name="description" content="This document provides guidelines for improving software security through secure coding. It covers common programming languages and libraries, and focuses on concrete recommendations." /><script type="text/javascript" src="../../../../../toc.js"></script><script type="text/javascript">
addID('Fedora_Security_Team');
addID('Fedora_Security_Team.1');
addID('Fedora_Security_Team.1.books');
addID('Fedora_Security_Team.1.Defensive_Coding');
- </script></head><body class="toc_embeded "><div id="tocdiv" class="toc"><iframe id="tocframe" class="toc" src="../../../../toc.html">This is an iframe, to view it upgrade your browser or enable iframe display.</iframe></div><p id="title"><a class="left" href="http://www.fedoraproject.org"><img src="Common_Content/images/image_left.png" alt="Product Site" /></a><a class="right" href="http://docs.fedoraproject.org"><img src="Common_Content/images/image_right.png" alt="Documentation Site" /></a></p><div xml:lang="en-US" class="book" id="idm217624904560" lang="en-US"><div class="titlepage"><div><div class="producttitle" font-family="sans-serif,Symbol,ZapfDingbats" font-weight="bold" font-size="12pt" text-align="center"><span class="productname">Fedora Security Team</span> <span class="productnumber"></span></div><div font-family="sans-serif,Symbol,ZapfDingbats" font-weight="bold" font-size="12pt" text-align="center"><h1 id="idm217624904560" class="title">Defensive
Coding</h1></div><div font-family="sans-serif,Symbol,ZapfDingbats" font-weight="bold" font-size="12pt" text-align="center"><h2 class="subtitle">A Guide to Improving Software Security</h2></div><p class="edition">Edition </p><div font-family="sans-serif,Symbol,ZapfDingbats" font-weight="bold" font-size="12pt" text-align="center"><h3 class="corpauthor">
+ </script></head><body class="toc_embeded "><div id="tocdiv" class="toc"><iframe id="tocframe" class="toc" src="../../../../toc.html">This is an iframe, to view it upgrade your browser or enable iframe display.</iframe></div><p id="title"><a class="left" href="http://www.fedoraproject.org"><img src="Common_Content/images/image_left.png" alt="Product Site" /></a><a class="right" href="http://docs.fedoraproject.org"><img src="Common_Content/images/image_right.png" alt="Documentation Site" /></a></p><div xml:lang="en-US" class="book" id="idm225446880576" lang="en-US"><div class="titlepage"><div><div class="producttitle" font-family="sans-serif,Symbol,ZapfDingbats" font-weight="bold" font-size="12pt" text-align="center"><span class="productname">Fedora Security Team</span> <span class="productnumber"></span></div><div font-family="sans-serif,Symbol,ZapfDingbats" font-weight="bold" font-size="12pt" text-align="center"><h1 id="idm225446880576" class="title">Defensive
Coding</h1></div><div font-family="sans-serif,Symbol,ZapfDingbats" font-weight="bold" font-size="12pt" text-align="center"><h2 class="subtitle">A Guide to Improving Software Security</h2></div><p class="edition">Edition 1</p><div font-family="sans-serif,Symbol,ZapfDingbats" font-weight="bold" font-size="12pt" text-align="center"><h3 class="corpauthor">
<span class="inlinemediaobject"><object data="Common_Content/images/title_logo.svg" type="image/svg+xml"> </object></span>
- </h3></div><div font-family="sans-serif,Symbol,ZapfDingbats" font-weight="bold" font-size="12pt" text-align="center"><div xml:lang="en-US" class="authorgroup" lang="en-US"><div class="author"><h3 class="author"><span class="firstname">Florian</span> <span class="surname">Weimer</span></h3><div class="affiliation"><span class="orgname">Red Hat</span> <span class="orgdiv">Product Security Team</span></div><code class="email"><a class="email" href="mailto:fweimer at redhat.com">fweimer at redhat.com</a></code></div></div></div><hr /><div font-family="sans-serif,Symbol,ZapfDingbats" font-weight="bold" font-size="12pt" text-align="center"><div id="idm217599039872" class="legalnotice"><h1 class="legalnotice">Legal Notice</h1><div class="para">
- Copyright <span class="trademark"></span>© 2012 Red Hat, Inc.
+ </h3></div><div font-family="sans-serif,Symbol,ZapfDingbats" font-weight="bold" font-size="12pt" text-align="center"><div xml:lang="en-US" class="authorgroup" lang="en-US"><div class="author"><h3 class="author"><span class="firstname">Florian</span> <span class="surname">Weimer</span></h3><div class="affiliation"><span class="orgname">Red Hat</span> <span class="orgdiv">Product Security Team</span></div><code class="email"><a class="email" href="mailto:fweimer at redhat.com">fweimer at redhat.com</a></code></div></div></div><hr /><div font-family="sans-serif,Symbol,ZapfDingbats" font-weight="bold" font-size="12pt" text-align="center"><div id="idm225468071376" class="legalnotice"><h1 class="legalnotice">Legal Notice</h1><div class="para">
+ Copyright <span class="trademark"></span>© 2012-2014 Red Hat, Inc.
</div><div class="para">
The text of and illustrations in this document are licensed by Red Hat under a Creative Commons Attribution–Share Alike 3.0 Unported license ("CC-BY-SA"). An explanation of CC-BY-SA is available at <a href="http://creativecommons.org/licenses/by-sa/3.0/">http://creativecommons.org/licenses/by-sa/3.0/</a>. The original authors of this document, and Red Hat, designate the Fedora Project as the "Attribution Party" for purposes of CC-BY-SA. In accordance with CC-BY-SA, if you distribute this document or an adaptation of it, you must provide the URL for the original version.
</div><div class="para">
@@ -31,7 +31,7 @@
All other trademarks are the property of their respective owners.
</div></div></div><div font-family="sans-serif,Symbol,ZapfDingbats" font-weight="bold" font-size="12pt" text-align="center"><div class="abstract"><h6>Abstract</h6><div class="para">
This document provides guidelines for improving software security through secure coding. It covers common programming languages and libraries, and focuses on concrete recommendations.
- </div></div></div></div><hr /></div><div class="toc"><dl class="toc"><dt><span class="part"><a href="#idm217521212288">I. Programming Languages</a></span></dt><dd><dl><dt><span class="chapter"><a href="#chap-Defensive_Coding-C">1. The C Programming Language</a></span></dt><dd><dl><dt><span class="section"><a href="#sect-Defensive_Coding-C-Language">1.1. The core language</a></span></dt><dd><dl><dt><span class="section"><a href="#sect-Defensive_Coding-C-Undefined">1.1.1. Undefined behavior</a></span></dt><dt><span class="section"><a href="#sect-Defensive_Coding-C-Pointers">1.1.2. Recommendations for pointers and array handling</a></span></dt><dt><span class="section"><a href="#sect-Defensive_Coding-C-Arithmetic">1.1.3. Recommendations for integer arithmetic</a></span></dt></dl></dd><dt><span class="section"><a href="#sect-Defensive_Coding-C-Libc">1.2. The C standard library</a></span></dt><dd><dl><dt><span class="section"><a href="#sect-Defensive_Coding-C-Absolutely-Banned"
>1.2.1. Absolutely banned interfaces</a></span></dt><dt><span class="section"><a href="#sect-Defensive_Coding-C-Avoid">1.2.2. Functions to avoid</a></span></dt><dt><span class="section"><a href="#sect-Defensive_Coding-C-String-Functions-Length">1.2.3. String Functions With Explicit Length Arguments</a></span></dt></dl></dd><dt><span class="section"><a href="#sect-Defensive_Coding-C-Allocators">1.3. Memory allocators</a></span></dt><dd><dl><dt><span class="section"><a href="#idm217607479392">1.3.1. <code class="function">malloc</code> and related functions</a></span></dt><dt><span class="section"><a href="#sect-Defensive_Coding-C-Allocators-alloca">1.3.2. <code class="function">alloca</code> and other forms of stack-based allocation</a></span></dt><dt><span class="section"><a href="#sect-Defensive_Coding-C-Allocators-Arrays">1.3.3. Array allocation</a></span></dt><dt><span class="section"><a href="#idm217620118944">1.3.4. Custom memory allocators</a></span></dt><dt><span clas
s="section"><a href="#idm217613303056">1.3.5. Conservative garbage collection</a></span></dt></dl></dd><dt><span class="section"><a href="#sect-Defensive_Coding-C-Other">1.4. Other C-related topics</a></span></dt><dd><dl><dt><span class="section"><a href="#sect-Defensive_Coding-C-Wrapper-Functions">1.4.1. Wrapper functions</a></span></dt></dl></dd></dl></dd><dt><span class="chapter"><a href="#chap-Defensive_Coding-CXX">2. The C++ Programming Language</a></span></dt><dd><dl><dt><span class="section"><a href="#sect-Defensive_Coding-CXX-Language">2.1. The core language</a></span></dt><dd><dl><dt><span class="section"><a href="#idm217621747072">2.1.1. Array allocation with <code class="literal">operator new[]</code></a></span></dt><dt><span class="section"><a href="#idm217616218752">2.1.2. Overloading</a></span></dt><dt><span class="section"><a href="#idm217523870384">2.1.3. ABI compatibility and preparing for security updates</a></span></dt><dt><span class="section"><a href="#s
ect-Defensive_Coding-CXX-Language-CXX11">2.1.4. C++0X and C++11 support</a></span></dt></dl></dd><dt><span class="section"><a href="#sect-Defensive_Coding-CXX-Std">2.2. The C++ standard library</a></span></dt><dd><dl><dt><span class="section"><a href="#idm217612409584">2.2.1. Containers and <code class="literal">operator[]</code></a></span></dt></dl></dd></dl></dd><dt><span class="chapter"><a href="#chap-Defensive_Coding-Java">3. The Java Programming Language</a></span></dt><dd><dl><dt><span class="section"><a href="#sect-Defensive_Coding-Java-Language">3.1. The core language</a></span></dt><dd><dl><dt><span class="section"><a href="#sect-Defensive_Coding-Java-Language-ReadArray">3.1.1. Inceasing robustness when reading arrays</a></span></dt><dt><span class="section"><a href="#sect-Defensive_Coding-Java-Language-Resources">3.1.2. Resource management</a></span></dt><dt><span class="section"><a href="#sect-Defensive_Coding-Java-Language-Finalizers">3.1.3. Finalizers</a></span>
</dt><dt><span class="section"><a href="#sect-Defensive_Coding-Java-Language-Exceptions">3.1.4. Recovering from exceptions and errors</a></span></dt></dl></dd><dt><span class="section"><a href="#sect-Defensive_Coding-Java-LowLevel">3.2. Low-level features of the virtual machine</a></span></dt><dd><dl><dt><span class="section"><a href="#sect-Defensive_Coding-Java-Reflection">3.2.1. <code class="literal">Reflection and private parts</code></a></span></dt><dt><span class="section"><a href="#sect-Defensive_Coding-Java-JNI">3.2.2. Java Native Interface (JNI)</a></span></dt><dt><span class="section"><a href="#sect-Defensive_Coding-Java-MiscUnsafe">3.2.3. <code class="literal">sun.misc.Unsafe</code></a></span></dt></dl></dd><dt><span class="section"><a href="#sect-Defensive_Coding-Java-SecurityManager">3.3. Interacting with the security manager</a></span></dt><dd><dl><dt><span class="section"><a href="#sect-Defensive_Coding-Java-SecurityManager-Compatible">3.3.1. Security manager c
ompatibility</a></span></dt><dt><span class="section"><a href="#sect-Defensive_Coding-Java-SecurityManager-Activate">3.3.2. Activating the security manager</a></span></dt><dt><span class="section"><a href="#sect-Defensive_Coding-Java-SecurityManager-Unprivileged">3.3.3. Reducing trust in code</a></span></dt><dt><span class="section"><a href="#sect-Defensive_Coding-Java-SecurityManager-Privileged">3.3.4. Re-gaining privileges</a></span></dt></dl></dd></dl></dd><dt><span class="chapter"><a href="#chap-Defensive_Coding-Python">4. The Python Programming Language</a></span></dt><dd><dl><dt><span class="section"><a href="#idm217608326608">4.1. Dangerous standard library features</a></span></dt><dt><span class="section"><a href="#idm217606502144">4.2. Run-time compilation and code generation</a></span></dt><dt><span class="section"><a href="#idm217628816768">4.3. Sandboxing</a></span></dt></dl></dd></dl></dd><dt><span class="part"><a href="#idm217603864128">II. Specific Programming
Tasks</a></span></dt><dd><dl><dt><span class="chapter"><a href="#chap-Defensive_Coding-Tasks-Library_Design">5. Library Design</a></span></dt><dd><dl><dt><span class="section"><a href="#idm217647310832">5.1. State management</a></span></dt><dd><dl><dt><span class="section"><a href="#idm217628244928">5.1.1. Global state</a></span></dt><dt><span class="section"><a href="#idm217649075984">5.1.2. Handles</a></span></dt></dl></dd><dt><span class="section"><a href="#idm217618443168">5.2. Object orientation</a></span></dt><dt><span class="section"><a href="#sect-Defensive_Coding-Tasks-Library_Design-Callbacks">5.3. Callbacks</a></span></dt><dt><span class="section"><a href="#idm217608062976">5.4. Process attributes</a></span></dt></dl></dd><dt><span class="chapter"><a href="#sect-Defensive_Coding-Tasks-Descriptors">6. File Descriptor Management</a></span></dt><dd><dl><dt><span class="section"><a href="#idm217616949440">6.1. Closing descriptors</a></span></dt><dd><dl><dt><span clas
s="section"><a href="#idm217564313984">6.1.1. Error handling during descriptor close</a></span></dt><dt><span class="section"><a href="#idm217619823472">6.1.2. Closing descriptors and race conditions</a></span></dt><dt><span class="section"><a href="#idm217652421088">6.1.3. Lingering state after close</a></span></dt></dl></dd><dt><span class="section"><a href="#sect-Defensive_Coding-Tasks-Descriptors-Child_Processes">6.2. Preventing file descriptor leaks to child processes</a></span></dt><dt><span class="section"><a href="#sect-Defensive_Coding-Tasks-Descriptors-Limit">6.3. Dealing with the <code class="function">select</code> limit</a></span></dt></dl></dd><dt><span class="chapter"><a href="#chap-Defensive_Coding-Tasks-File_System">7. File system manipulation</a></span></dt><dd><dl><dt><span class="section"><a href="#sect-Defensive_Coding-Tasks-File_System-Unowned">7.1. Working with files and directories owned by other users</a></span></dt><dt><span class="section"><a href=
"#sect-Defensive_Coding-Tasks-File_System-Foreign">7.2. Accessing the file system as a different user</a></span></dt><dt><span class="section"><a href="#sect-Defensive_Coding-Tasks-File_System-Limits">7.3. File system limits</a></span></dt><dt><span class="section"><a href="#sect-Defensive_Coding-Tasks-File_System-Features">7.4. File system features</a></span></dt><dt><span class="section"><a href="#sect-Defensive_Coding-Tasks-File_System-Free_Space">7.5. Checking free space</a></span></dt></dl></dd><dt><span class="chapter"><a href="#chap-Defensive_Coding-Tasks-Temporary_Files">8. Temporary files</a></span></dt><dd><dl><dt><span class="section"><a href="#chap-Defensive_Coding-Tasks-Temporary_Files-Location">8.1. Obtaining the location of temporary directory</a></span></dt><dt><span class="section"><a href="#idm217623690400">8.2. Named temporary files</a></span></dt><dt><span class="section"><a href="#idm217564767056">8.3. Temporary files without names</a></span></dt><dt><sp
an class="section"><a href="#chap-Defensive_Coding-Tasks-Temporary_Directory">8.4. Temporary directories</a></span></dt><dt><span class="section"><a href="#idm217628443664">8.5. Compensating for unsafe file creation</a></span></dt></dl></dd><dt><span class="chapter"><a href="#sect-Defensive_Coding-Tasks-Processes">9. Processes</a></span></dt><dd><dl><dt><span class="section"><a href="#sect-Defensive_Coding-Tasks-Processes-Creation">9.1. Safe process creation</a></span></dt><dd><dl><dt><span class="section"><a href="#idm217628802256">9.1.1. Obtaining the program path and the command line template</a></span></dt><dt><span class="section"><a href="#sect-Defensive_Coding-Tasks-Processes-execve">9.1.2. Bypassing the shell</a></span></dt><dt><span class="section"><a href="#sect-Defensive_Coding-Tasks-Processes-environ">9.1.3. Specifying the process environment</a></span></dt><dt><span class="section"><a href="#idm217619964880">9.1.4. Robust argument list processing</a></span></dt>
<dt><span class="section"><a href="#sect-Defensive_Coding-Tasks-Processes-Command_Line_Visibility">9.1.5. Passing secrets to subprocesses</a></span></dt></dl></dd><dt><span class="section"><a href="#idm217622868752">9.2. Handling child process termination</a></span></dt><dt><span class="section"><a href="#idm217625586384">9.3. <code class="literal">SUID</code>/<code class="literal">SGID</code> processes</a></span></dt><dd><dl><dt><span class="section"><a href="#sect-Defensive_Coding-Tasks-secure_getenv">9.3.1. Accessing environment variables</a></span></dt></dl></dd><dt><span class="section"><a href="#sect-Defensive_Coding-Tasks-Processes-Daemons">9.4. Daemons</a></span></dt><dt><span class="section"><a href="#idm217626109008">9.5. Semantics of command line arguments</a></span></dt><dt><span class="section"><a href="#sect-Defensive_Coding-Tasks-Processes-Fork-Parallel">9.6. <code class="function">fork</code> as a primitive for parallelism</a></span></dt></dl></dd><dt><span c
lass="chapter"><a href="#chap-Defensive_Coding-Tasks-Serialization">10. Serialization and Deserialization</a></span></dt><dd><dl><dt><span class="section"><a href="#sect-Defensive_Coding-Tasks-Serialization-Decoders">10.1. Recommendations for manually written decoders</a></span></dt><dt><span class="section"><a href="#idm217619956912">10.2. Protocol design</a></span></dt><dt><span class="section"><a href="#idm217645053984">10.3. Library support for deserialization</a></span></dt><dt><span class="section"><a href="#sect-Defensive_Coding-Tasks-Serialization-XML">10.4. XML serialization</a></span></dt><dd><dl><dt><span class="section"><a href="#sect-Defensive_Coding-Tasks-Serialization-XML-External">10.4.1. External references</a></span></dt><dt><span class="section"><a href="#sect-Defensive_Coding-Tasks-Serialization-XML-Entities">10.4.2. Entity expansion</a></span></dt><dt><span class="section"><a href="#sect-Defensive_Coding-Tasks-Serialization-XML-XInclude">10.4.3. XInclude
processing</a></span></dt><dt><span class="section"><a href="#sect-Defensive_Coding-Tasks-Serialization-XML-Validation">10.4.4. Algorithmic complexity of XML validation</a></span></dt><dt><span class="section"><a href="#sect-Defensive_Coding-Tasks-Serialization-XML-Expat">10.4.5. Using Expat for XML parsing</a></span></dt><dt><span class="section"><a href="#sect-Defensive_Coding-Tasks-Serialization-Qt">10.4.6. Using Qt for XML parsing</a></span></dt><dt><span class="section"><a href="#sect-Defensive_Coding-Tasks-Serialization-XML-OpenJDK_Parse">10.4.7. Using OpenJDK for XML parsing and validation</a></span></dt></dl></dd><dt><span class="section"><a href="#idm217614300256">10.5. Protocol Encoders</a></span></dt></dl></dd><dt><span class="chapter"><a href="#chap-Defensive_Coding-Tasks-Cryptography">11. Cryptography</a></span></dt><dd><dl><dt><span class="section"><a href="#idm217608525920">11.1. Primitives</a></span></dt><dt><span class="section"><a href="#idm217628358944">1
1.2. Randomness</a></span></dt></dl></dd></dl></dd><dt><span class="part"><a href="#idm217604414304">III. Implementing Security Features</a></span></dt><dd><dl><dt><span class="chapter"><a href="#chap-Defensive_Coding-Authentication">12. Authentication and Authorization</a></span></dt><dd><dl><dt><span class="section"><a href="#sect-Defensive_Coding-Authentication-Server">12.1. Authenticating servers</a></span></dt><dt><span class="section"><a href="#sect-Defensive_Coding-Authentication-Host_based">12.2. Host-based authentication</a></span></dt><dt><span class="section"><a href="#sect-Defensive_Coding-Authentication-UNIX_Domain">12.3. UNIX domain socket authentication</a></span></dt><dt><span class="section"><a href="#sect-Defensive_Coding-Authentication-Netlink">12.4. <code class="literal">AF_NETLINK</code> authentication of origin</a></span></dt></dl></dd><dt><span class="chapter"><a href="#chap-Defensive_Coding-TLS">13. Transport Layer Security</a></span></dt><dd><dl><dt>
<span class="section"><a href="#sect-Defensive_Coding-TLS-Pitfalls">13.1. Common Pitfalls</a></span></dt><dd><dl><dt><span class="section"><a href="#sect-Defensive_Coding-TLS-OpenSSL">13.1.1. OpenSSL Pitfalls</a></span></dt><dt><span class="section"><a href="#sect-Defensive_Coding-TLS-Pitfalls-GNUTLS">13.1.2. GNUTLS Pitfalls</a></span></dt><dt><span class="section"><a href="#sect-Defensive_Coding-TLS-Pitfalls-OpenJDK">13.1.3. OpenJDK Pitfalls</a></span></dt><dt><span class="section"><a href="#sect-Defensive_Coding-TLS-Pitfalls-NSS">13.1.4. NSS Pitfalls</a></span></dt></dl></dd><dt><span class="section"><a href="#sect-Defensive_Coding-TLS-Client">13.2. TLS Clients</a></span></dt><dd><dl><dt><span class="section"><a href="#idm217604048736">13.2.1. Implementation TLS Clients With OpenSSL</a></span></dt><dt><span class="section"><a href="#sect-Defensive_Coding-TLS-Client-GNUTLS">13.2.2. Implementation TLS Clients With GNUTLS</a></span></dt><dt><span class="section"><a href="#sec
t-Defensive_Coding-TLS-Client-OpenJDK">13.2.3. Implementing TLS Clients With OpenJDK</a></span></dt><dt><span class="section"><a href="#sect-Defensive_Coding-TLS-Client-NSS">13.2.4. Implementing TLS Clients With NSS</a></span></dt><dt><span class="section"><a href="#sect-Defensive_Coding-TLS-Client-Python">13.2.5. Implementing TLS Clients With Python</a></span></dt></dl></dd></dl></dd></dl></dd><dt><span class="appendix"><a href="#appe-UEFI_Secure_Boot_Guide-Revision_History">A. Revision History</a></span></dt></dl></div><div class="part" id="idm217521212288"><div class="titlepage"><div><div text-align="center"><h1 class="title">Part I. Programming Languages</h1></div></div></div><div class="toc"><p><strong>Table of Contents</strong></p><dl class="toc"><dt><span class="chapter"><a href="#chap-Defensive_Coding-C">1. The C Programming Language</a></span></dt><dd><dl><dt><span class="section"><a href="#sect-Defensive_Coding-C-Language">1.1. The core language</a></span></dt><d
d><dl><dt><span class="section"><a href="#sect-Defensive_Coding-C-Undefined">1.1.1. Undefined behavior</a></span></dt><dt><span class="section"><a href="#sect-Defensive_Coding-C-Pointers">1.1.2. Recommendations for pointers and array handling</a></span></dt><dt><span class="section"><a href="#sect-Defensive_Coding-C-Arithmetic">1.1.3. Recommendations for integer arithmetic</a></span></dt></dl></dd><dt><span class="section"><a href="#sect-Defensive_Coding-C-Libc">1.2. The C standard library</a></span></dt><dd><dl><dt><span class="section"><a href="#sect-Defensive_Coding-C-Absolutely-Banned">1.2.1. Absolutely banned interfaces</a></span></dt><dt><span class="section"><a href="#sect-Defensive_Coding-C-Avoid">1.2.2. Functions to avoid</a></span></dt><dt><span class="section"><a href="#sect-Defensive_Coding-C-String-Functions-Length">1.2.3. String Functions With Explicit Length Arguments</a></span></dt></dl></dd><dt><span class="section"><a href="#sect-Defensive_Coding-C-Allocato
rs">1.3. Memory allocators</a></span></dt><dd><dl><dt><span class="section"><a href="#idm217607479392">1.3.1. <code class="function">malloc</code> and related functions</a></span></dt><dt><span class="section"><a href="#sect-Defensive_Coding-C-Allocators-alloca">1.3.2. <code class="function">alloca</code> and other forms of stack-based allocation</a></span></dt><dt><span class="section"><a href="#sect-Defensive_Coding-C-Allocators-Arrays">1.3.3. Array allocation</a></span></dt><dt><span class="section"><a href="#idm217620118944">1.3.4. Custom memory allocators</a></span></dt><dt><span class="section"><a href="#idm217613303056">1.3.5. Conservative garbage collection</a></span></dt></dl></dd><dt><span class="section"><a href="#sect-Defensive_Coding-C-Other">1.4. Other C-related topics</a></span></dt><dd><dl><dt><span class="section"><a href="#sect-Defensive_Coding-C-Wrapper-Functions">1.4.1. Wrapper functions</a></span></dt></dl></dd></dl></dd><dt><span class="chapter"><a href
="#chap-Defensive_Coding-CXX">2. The C++ Programming Language</a></span></dt><dd><dl><dt><span class="section"><a href="#sect-Defensive_Coding-CXX-Language">2.1. The core language</a></span></dt><dd><dl><dt><span class="section"><a href="#idm217621747072">2.1.1. Array allocation with <code class="literal">operator new[]</code></a></span></dt><dt><span class="section"><a href="#idm217616218752">2.1.2. Overloading</a></span></dt><dt><span class="section"><a href="#idm217523870384">2.1.3. ABI compatibility and preparing for security updates</a></span></dt><dt><span class="section"><a href="#sect-Defensive_Coding-CXX-Language-CXX11">2.1.4. C++0X and C++11 support</a></span></dt></dl></dd><dt><span class="section"><a href="#sect-Defensive_Coding-CXX-Std">2.2. The C++ standard library</a></span></dt><dd><dl><dt><span class="section"><a href="#idm217612409584">2.2.1. Containers and <code class="literal">operator[]</code></a></span></dt></dl></dd></dl></dd><dt><span class="chapter">
<a href="#chap-Defensive_Coding-Java">3. The Java Programming Language</a></span></dt><dd><dl><dt><span class="section"><a href="#sect-Defensive_Coding-Java-Language">3.1. The core language</a></span></dt><dd><dl><dt><span class="section"><a href="#sect-Defensive_Coding-Java-Language-ReadArray">3.1.1. Inceasing robustness when reading arrays</a></span></dt><dt><span class="section"><a href="#sect-Defensive_Coding-Java-Language-Resources">3.1.2. Resource management</a></span></dt><dt><span class="section"><a href="#sect-Defensive_Coding-Java-Language-Finalizers">3.1.3. Finalizers</a></span></dt><dt><span class="section"><a href="#sect-Defensive_Coding-Java-Language-Exceptions">3.1.4. Recovering from exceptions and errors</a></span></dt></dl></dd><dt><span class="section"><a href="#sect-Defensive_Coding-Java-LowLevel">3.2. Low-level features of the virtual machine</a></span></dt><dd><dl><dt><span class="section"><a href="#sect-Defensive_Coding-Java-Reflection">3.2.1. <code cla
ss="literal">Reflection and private parts</code></a></span></dt><dt><span class="section"><a href="#sect-Defensive_Coding-Java-JNI">3.2.2. Java Native Interface (JNI)</a></span></dt><dt><span class="section"><a href="#sect-Defensive_Coding-Java-MiscUnsafe">3.2.3. <code class="literal">sun.misc.Unsafe</code></a></span></dt></dl></dd><dt><span class="section"><a href="#sect-Defensive_Coding-Java-SecurityManager">3.3. Interacting with the security manager</a></span></dt><dd><dl><dt><span class="section"><a href="#sect-Defensive_Coding-Java-SecurityManager-Compatible">3.3.1. Security manager compatibility</a></span></dt><dt><span class="section"><a href="#sect-Defensive_Coding-Java-SecurityManager-Activate">3.3.2. Activating the security manager</a></span></dt><dt><span class="section"><a href="#sect-Defensive_Coding-Java-SecurityManager-Unprivileged">3.3.3. Reducing trust in code</a></span></dt><dt><span class="section"><a href="#sect-Defensive_Coding-Java-SecurityManager-Privi
leged">3.3.4. Re-gaining privileges</a></span></dt></dl></dd></dl></dd><dt><span class="chapter"><a href="#chap-Defensive_Coding-Python">4. The Python Programming Language</a></span></dt><dd><dl><dt><span class="section"><a href="#idm217608326608">4.1. Dangerous standard library features</a></span></dt><dt><span class="section"><a href="#idm217606502144">4.2. Run-time compilation and code generation</a></span></dt><dt><span class="section"><a href="#idm217628816768">4.3. Sandboxing</a></span></dt></dl></dd></dl></div><div xml:lang="en-US" class="chapter" id="chap-Defensive_Coding-C" lang="en-US"><div class="titlepage"><div><div><h2 class="title">Chapter 1. The C Programming Language</h2></div></div></div><div class="toc"><dl class="toc"><dt><span class="section"><a href="#sect-Defensive_Coding-C-Language">1.1. The core language</a></span></dt><dd><dl><dt><span class="section"><a href="#sect-Defensive_Coding-C-Undefined">1.1.1. Undefined behavior</a></span></dt><dt><span cl
ass="section"><a href="#sect-Defensive_Coding-C-Pointers">1.1.2. Recommendations for pointers and array handling</a></span></dt><dt><span class="section"><a href="#sect-Defensive_Coding-C-Arithmetic">1.1.3. Recommendations for integer arithmetic</a></span></dt></dl></dd><dt><span class="section"><a href="#sect-Defensive_Coding-C-Libc">1.2. The C standard library</a></span></dt><dd><dl><dt><span class="section"><a href="#sect-Defensive_Coding-C-Absolutely-Banned">1.2.1. Absolutely banned interfaces</a></span></dt><dt><span class="section"><a href="#sect-Defensive_Coding-C-Avoid">1.2.2. Functions to avoid</a></span></dt><dt><span class="section"><a href="#sect-Defensive_Coding-C-String-Functions-Length">1.2.3. String Functions With Explicit Length Arguments</a></span></dt></dl></dd><dt><span class="section"><a href="#sect-Defensive_Coding-C-Allocators">1.3. Memory allocators</a></span></dt><dd><dl><dt><span class="section"><a href="#idm217607479392">1.3.1. <code class="functio
n">malloc</code> and related functions</a></span></dt><dt><span class="section"><a href="#sect-Defensive_Coding-C-Allocators-alloca">1.3.2. <code class="function">alloca</code> and other forms of stack-based allocation</a></span></dt><dt><span class="section"><a href="#sect-Defensive_Coding-C-Allocators-Arrays">1.3.3. Array allocation</a></span></dt><dt><span class="section"><a href="#idm217620118944">1.3.4. Custom memory allocators</a></span></dt><dt><span class="section"><a href="#idm217613303056">1.3.5. Conservative garbage collection</a></span></dt></dl></dd><dt><span class="section"><a href="#sect-Defensive_Coding-C-Other">1.4. Other C-related topics</a></span></dt><dd><dl><dt><span class="section"><a href="#sect-Defensive_Coding-C-Wrapper-Functions">1.4.1. Wrapper functions</a></span></dt></dl></dd></dl></div><div xml:lang="en-US" class="section" id="sect-Defensive_Coding-C-Language" lang="en-US"><div class="titlepage"><div><div keep-together.within-column="always"><h2
class="title">1.1. The core language</h2></div></div></div><div class="para">
+ </div></div></div></div><hr /></div><div class="toc"><dl class="toc"><dt><span class="part"><a href="#idm225447251568">I. Programming Languages</a></span></dt><dd><dl><dt><span class="chapter"><a href="#chap-Defensive_Coding-C">1. The C Programming Language</a></span></dt><dd><dl><dt><span class="section"><a href="#sect-Defensive_Coding-C-Language">1.1. The core language</a></span></dt><dd><dl><dt><span class="section"><a href="#sect-Defensive_Coding-C-Undefined">1.1.1. Undefined behavior</a></span></dt><dt><span class="section"><a href="#sect-Defensive_Coding-C-Pointers">1.1.2. Recommendations for pointers and array handling</a></span></dt><dt><span class="section"><a href="#sect-Defensive_Coding-C-Arithmetic">1.1.3. Recommendations for integer arithmetic</a></span></dt><dt><span class="section"><a href="#sect-Defensive_Coding-C-Globals">1.1.4. Global variables</a></span></dt></dl></dd><dt><span class="section"><a href="#sect-Defensive_Coding-C-Libc">1.2. The C standard l
ibrary</a></span></dt><dd><dl><dt><span class="section"><a href="#sect-Defensive_Coding-C-Absolutely-Banned">1.2.1. Absolutely banned interfaces</a></span></dt><dt><span class="section"><a href="#sect-Defensive_Coding-C-Avoid">1.2.2. Functions to avoid</a></span></dt><dt><span class="section"><a href="#sect-Defensive_Coding-C-String-Functions-Length">1.2.3. String Functions With Explicit Length Arguments</a></span></dt></dl></dd><dt><span class="section"><a href="#sect-Defensive_Coding-C-Allocators">1.3. Memory allocators</a></span></dt><dd><dl><dt><span class="section"><a href="#idm225450178096">1.3.1. <code class="function">malloc</code> and related functions</a></span></dt><dt><span class="section"><a href="#sect-Defensive_Coding-C-Allocators-alloca">1.3.2. <code class="function">alloca</code> and other forms of stack-based allocation</a></span></dt><dt><span class="section"><a href="#sect-Defensive_Coding-C-Allocators-Arrays">1.3.3. Array allocation</a></span></dt><dt><s
pan class="section"><a href="#sect-Defensive_Coding-C-Allocators-Custom">1.3.4. Custom memory allocators</a></span></dt><dt><span class="section"><a href="#idm225434627312">1.3.5. Conservative garbage collection</a></span></dt></dl></dd><dt><span class="section"><a href="#sect-Defensive_Coding-C-Other">1.4. Other C-related topics</a></span></dt><dd><dl><dt><span class="section"><a href="#sect-Defensive_Coding-C-Wrapper-Functions">1.4.1. Wrapper functions</a></span></dt></dl></dd></dl></dd><dt><span class="chapter"><a href="#chap-Defensive_Coding-CXX">2. The C++ Programming Language</a></span></dt><dd><dl><dt><span class="section"><a href="#sect-Defensive_Coding-CXX-Language">2.1. The core language</a></span></dt><dd><dl><dt><span class="section"><a href="#idm225489138080">2.1.1. Array allocation with <code class="literal">operator new[]</code></a></span></dt><dt><span class="section"><a href="#idm225496547824">2.1.2. Overloading</a></span></dt><dt><span class="section"><a hr
ef="#idm225489139440">2.1.3. ABI compatibility and preparing for security updates</a></span></dt><dt><span class="section"><a href="#sect-Defensive_Coding-CXX-Language-CXX11">2.1.4. C++0X and C++11 support</a></span></dt></dl></dd><dt><span class="section"><a href="#sect-Defensive_Coding-CXX-Std">2.2. The C++ standard library</a></span></dt><dd><dl><dt><span class="section"><a href="#sect-Defensive_Coding-CXX-Std-Functions">2.2.1. Functions that are difficult to use</a></span></dt><dt><span class="section"><a href="#sect-Defensive_Coding-CXX-Std-String">2.2.2. String handling with <code class="literal">std::string</code></a></span></dt><dt><span class="section"><a href="#sect-Defensive_Coding-CXX-Std-Subscript">2.2.3. Containers and <code class="literal">operator[]</code></a></span></dt><dt><span class="section"><a href="#sect-Defensive_Coding-CXX-Std-Iterators">2.2.4. Iterators</a></span></dt></dl></dd></dl></dd><dt><span class="chapter"><a href="#chap-Defensive_Coding-Java
">3. The Java Programming Language</a></span></dt><dd><dl><dt><span class="section"><a href="#sect-Defensive_Coding-Java-Language">3.1. The core language</a></span></dt><dd><dl><dt><span class="section"><a href="#sect-Defensive_Coding-Java-Language-ReadArray">3.1.1. Inceasing robustness when reading arrays</a></span></dt><dt><span class="section"><a href="#sect-Defensive_Coding-Java-Language-Resources">3.1.2. Resource management</a></span></dt><dt><span class="section"><a href="#sect-Defensive_Coding-Java-Language-Finalizers">3.1.3. Finalizers</a></span></dt><dt><span class="section"><a href="#sect-Defensive_Coding-Java-Language-Exceptions">3.1.4. Recovering from exceptions and errors</a></span></dt></dl></dd><dt><span class="section"><a href="#sect-Defensive_Coding-Java-LowLevel">3.2. Low-level features of the virtual machine</a></span></dt><dd><dl><dt><span class="section"><a href="#sect-Defensive_Coding-Java-Reflection">3.2.1. <code class="literal">Reflection and private
parts</code></a></span></dt><dt><span class="section"><a href="#sect-Defensive_Coding-Java-JNI">3.2.2. Java Native Interface (JNI)</a></span></dt><dt><span class="section"><a href="#sect-Defensive_Coding-Java-MiscUnsafe">3.2.3. <code class="literal">sun.misc.Unsafe</code></a></span></dt></dl></dd><dt><span class="section"><a href="#sect-Defensive_Coding-Java-SecurityManager">3.3. Interacting with the security manager</a></span></dt><dd><dl><dt><span class="section"><a href="#sect-Defensive_Coding-Java-SecurityManager-Compatible">3.3.1. Security manager compatibility</a></span></dt><dt><span class="section"><a href="#sect-Defensive_Coding-Java-SecurityManager-Activate">3.3.2. Activating the security manager</a></span></dt><dt><span class="section"><a href="#sect-Defensive_Coding-Java-SecurityManager-Unprivileged">3.3.3. Reducing trust in code</a></span></dt><dt><span class="section"><a href="#sect-Defensive_Coding-Java-SecurityManager-Privileged">3.3.4. Re-gaining privileges<
/a></span></dt></dl></dd></dl></dd><dt><span class="chapter"><a href="#chap-Defensive_Coding-Python">4. The Python Programming Language</a></span></dt><dd><dl><dt><span class="section"><a href="#idm225462965424">4.1. Dangerous standard library features</a></span></dt><dt><span class="section"><a href="#idm225437846320">4.2. Run-time compilation and code generation</a></span></dt><dt><span class="section"><a href="#idm225452013312">4.3. Sandboxing</a></span></dt></dl></dd><dt><span class="chapter"><a href="#chap-Defensive_Coding-Go">5. The Go Programming Language</a></span></dt><dd><dl><dt><span class="section"><a href="#chap-Defensive_Coding-Go-Memory_Safety">5.1. Memory safety</a></span></dt><dt><span class="section"><a href="#chap-Defensive_Coding-Go-Error_Handling">5.2. Error handling</a></span></dt><dt><span class="section"><a href="#chap-Defensive_Coding-Go-Garbage_Collector">5.3. Garbage Collector</a></span></dt></dl></dd><dt><span class="chapter"><a href="#chap-Defens
ive_Coding-Vala">6. The Vala Programming Language</a></span></dt></dl></dd><dt><span class="part"><a href="#idm225446782352">II. Specific Programming Tasks</a></span></dt><dd><dl><dt><span class="chapter"><a href="#chap-Defensive_Coding-Tasks-Library_Design">7. Library Design</a></span></dt><dd><dl><dt><span class="section"><a href="#idm225461550096">7.1. State management</a></span></dt><dd><dl><dt><span class="section"><a href="#idm225456220368">7.1.1. Global state</a></span></dt><dt><span class="section"><a href="#idm225456360144">7.1.2. Handles</a></span></dt></dl></dd><dt><span class="section"><a href="#idm225362028336">7.2. Object orientation</a></span></dt><dt><span class="section"><a href="#sect-Defensive_Coding-Tasks-Library_Design-Callbacks">7.3. Callbacks</a></span></dt><dt><span class="section"><a href="#idm225458031568">7.4. Process attributes</a></span></dt></dl></dd><dt><span class="chapter"><a href="#sect-Defensive_Coding-Tasks-Descriptors">8. File Descriptor
Management</a></span></dt><dd><dl><dt><span class="section"><a href="#idm225463482160">8.1. Closing descriptors</a></span></dt><dd><dl><dt><span class="section"><a href="#idm225452445568">8.1.1. Error handling during descriptor close</a></span></dt><dt><span class="section"><a href="#idm225452860400">8.1.2. Closing descriptors and race conditions</a></span></dt><dt><span class="section"><a href="#idm225442407552">8.1.3. Lingering state after close</a></span></dt></dl></dd><dt><span class="section"><a href="#sect-Defensive_Coding-Tasks-Descriptors-Child_Processes">8.2. Preventing file descriptor leaks to child processes</a></span></dt><dt><span class="section"><a href="#sect-Defensive_Coding-Tasks-Descriptors-Limit">8.3. Dealing with the <code class="function">select</code> limit</a></span></dt></dl></dd><dt><span class="chapter"><a href="#chap-Defensive_Coding-Tasks-File_System">9. File system manipulation</a></span></dt><dd><dl><dt><span class="section"><a href="#sect-Defen
sive_Coding-Tasks-File_System-Unowned">9.1. Working with files and directories owned by other users</a></span></dt><dt><span class="section"><a href="#sect-Defensive_Coding-Tasks-File_System-Foreign">9.2. Accessing the file system as a different user</a></span></dt><dt><span class="section"><a href="#sect-Defensive_Coding-Tasks-File_System-Limits">9.3. File system limits</a></span></dt><dt><span class="section"><a href="#sect-Defensive_Coding-Tasks-File_System-Features">9.4. File system features</a></span></dt><dt><span class="section"><a href="#sect-Defensive_Coding-Tasks-File_System-Free_Space">9.5. Checking free space</a></span></dt></dl></dd><dt><span class="chapter"><a href="#chap-Defensive_Coding-Tasks-Temporary_Files">10. Temporary files</a></span></dt><dd><dl><dt><span class="section"><a href="#chap-Defensive_Coding-Tasks-Temporary_Files-Location">10.1. Obtaining the location of temporary directory</a></span></dt><dt><span class="section"><a href="#idm225440111200">1
0.2. Named temporary files</a></span></dt><dt><span class="section"><a href="#idm225471949376">10.3. Temporary files without names</a></span></dt><dt><span class="section"><a href="#chap-Defensive_Coding-Tasks-Temporary_Directory">10.4. Temporary directories</a></span></dt><dt><span class="section"><a href="#idm225466685888">10.5. Compensating for unsafe file creation</a></span></dt></dl></dd><dt><span class="chapter"><a href="#sect-Defensive_Coding-Tasks-Processes">11. Processes</a></span></dt><dd><dl><dt><span class="section"><a href="#sect-Defensive_Coding-Tasks-Processes-Creation">11.1. Safe process creation</a></span></dt><dd><dl><dt><span class="section"><a href="#idm225451489136">11.1.1. Obtaining the program path and the command line template</a></span></dt><dt><span class="section"><a href="#sect-Defensive_Coding-Tasks-Processes-execve">11.1.2. Bypassing the shell</a></span></dt><dt><span class="section"><a href="#sect-Defensive_Coding-Tasks-Processes-environ">11.1.
3. Specifying the process environment</a></span></dt><dt><span class="section"><a href="#idm225449401040">11.1.4. Robust argument list processing</a></span></dt><dt><span class="section"><a href="#sect-Defensive_Coding-Tasks-Processes-Command_Line_Visibility">11.1.5. Passing secrets to subprocesses</a></span></dt></dl></dd><dt><span class="section"><a href="#idm225441023584">11.2. Handling child process termination</a></span></dt><dt><span class="section"><a href="#idm225456597984">11.3. <code class="literal">SUID</code>/<code class="literal">SGID</code> processes</a></span></dt><dd><dl><dt><span class="section"><a href="#sect-Defensive_Coding-Tasks-secure_getenv">11.3.1. Accessing environment variables</a></span></dt></dl></dd><dt><span class="section"><a href="#sect-Defensive_Coding-Tasks-Processes-Daemons">11.4. Daemons</a></span></dt><dt><span class="section"><a href="#idm225410763344">11.5. Semantics of command line arguments</a></span></dt><dt><span class="section"><a
href="#sect-Defensive_Coding-Tasks-Processes-Fork-Parallel">11.6. <code class="function">fork</code> as a primitive for parallelism</a></span></dt></dl></dd><dt><span class="chapter"><a href="#chap-Defensive_Coding-Tasks-Serialization">12. Serialization and Deserialization</a></span></dt><dd><dl><dt><span class="section"><a href="#sect-Defensive_Coding-Tasks-Serialization-Decoders">12.1. Recommendations for manually written decoders</a></span></dt><dt><span class="section"><a href="#idm225454526272">12.2. Protocol design</a></span></dt><dt><span class="section"><a href="#sect-Defensive_Coding-Tasks-Serialization-Fragmentation">12.3. Fragmentation</a></span></dt><dd><dl><dt><span class="section"><a href="#sect-Defensive_Coding-Tasks-Serialization-Fragmentation-ID">12.3.1. Fragment IDs</a></span></dt></dl></dd><dt><span class="section"><a href="#idm225453976880">12.4. Library support for deserialization</a></span></dt><dt><span class="section"><a href="#sect-Defensive_Coding-T
asks-Serialization-XML">12.5. XML serialization</a></span></dt><dd><dl><dt><span class="section"><a href="#sect-Defensive_Coding-Tasks-Serialization-XML-External">12.5.1. External references</a></span></dt><dt><span class="section"><a href="#sect-Defensive_Coding-Tasks-Serialization-XML-Entities">12.5.2. Entity expansion</a></span></dt><dt><span class="section"><a href="#sect-Defensive_Coding-Tasks-Serialization-XML-XInclude">12.5.3. XInclude processing</a></span></dt><dt><span class="section"><a href="#sect-Defensive_Coding-Tasks-Serialization-XML-Validation">12.5.4. Algorithmic complexity of XML validation</a></span></dt><dt><span class="section"><a href="#sect-Defensive_Coding-Tasks-Serialization-XML-Expat">12.5.5. Using Expat for XML parsing</a></span></dt><dt><span class="section"><a href="#sect-Defensive_Coding-Tasks-Serialization-Qt">12.5.6. Using Qt for XML parsing</a></span></dt><dt><span class="section"><a href="#sect-Defensive_Coding-Tasks-Serialization-XML-OpenJD
K_Parse">12.5.7. Using OpenJDK for XML parsing and validation</a></span></dt></dl></dd><dt><span class="section"><a href="#idm225461438784">12.6. Protocol Encoders</a></span></dt></dl></dd><dt><span class="chapter"><a href="#chap-Defensive_Coding-Tasks-Cryptography">13. Cryptography</a></span></dt><dd><dl><dt><span class="section"><a href="#idm225439624448">13.1. Primitives</a></span></dt><dt><span class="section"><a href="#idm225469447536">13.2. Randomness</a></span></dt></dl></dd><dt><span class="chapter"><a href="#chap-Defensive_Coding-Tasks-Packaging">14. RPM packaging</a></span></dt><dd><dl><dt><span class="section"><a href="#sect-Defensive_Coding-Tasks-Packaging-Certificates">14.1. Generating X.509 self-signed certificates during installation</a></span></dt><dt><span class="section"><a href="#sect-Defensive_Coding-Tasks-Packaging-Certificates-Service">14.2. Generating X.509 self-signed certificates before service start</a></span></dt></dl></dd></dl></dd><dt><span class
="part"><a href="#idm225439368352">III. Implementing Security Features</a></span></dt><dd><dl><dt><span class="chapter"><a href="#chap-Defensive_Coding-Authentication">15. Authentication and Authorization</a></span></dt><dd><dl><dt><span class="section"><a href="#sect-Defensive_Coding-Authentication-Server">15.1. Authenticating servers</a></span></dt><dt><span class="section"><a href="#sect-Defensive_Coding-Authentication-Host_based">15.2. Host-based authentication</a></span></dt><dt><span class="section"><a href="#sect-Defensive_Coding-Authentication-UNIX_Domain">15.3. UNIX domain socket authentication</a></span></dt><dt><span class="section"><a href="#sect-Defensive_Coding-Authentication-Netlink">15.4. <code class="literal">AF_NETLINK</code> authentication of origin</a></span></dt></dl></dd><dt><span class="chapter"><a href="#chap-Defensive_Coding-TLS">16. Transport Layer Security</a></span></dt><dd><dl><dt><span class="section"><a href="#sect-Defensive_Coding-TLS-Pitfalls
">16.1. Common Pitfalls</a></span></dt><dd><dl><dt><span class="section"><a href="#sect-Defensive_Coding-TLS-OpenSSL">16.1.1. OpenSSL Pitfalls</a></span></dt><dt><span class="section"><a href="#sect-Defensive_Coding-TLS-Pitfalls-GNUTLS">16.1.2. GNUTLS Pitfalls</a></span></dt><dt><span class="section"><a href="#sect-Defensive_Coding-TLS-Pitfalls-OpenJDK">16.1.3. OpenJDK Pitfalls</a></span></dt><dt><span class="section"><a href="#sect-Defensive_Coding-TLS-Pitfalls-NSS">16.1.4. NSS Pitfalls</a></span></dt></dl></dd><dt><span class="section"><a href="#sect-Defensive_Coding-TLS-Client">16.2. TLS Clients</a></span></dt><dd><dl><dt><span class="section"><a href="#idm225459421792">16.2.1. Implementation TLS Clients With OpenSSL</a></span></dt><dt><span class="section"><a href="#sect-Defensive_Coding-TLS-Client-GNUTLS">16.2.2. Implementation TLS Clients With GNUTLS</a></span></dt><dt><span class="section"><a href="#sect-Defensive_Coding-TLS-Client-OpenJDK">16.2.3. Implementing TLS Cl
ients With OpenJDK</a></span></dt><dt><span class="section"><a href="#sect-Defensive_Coding-TLS-Client-NSS">16.2.4. Implementing TLS Clients With NSS</a></span></dt><dt><span class="section"><a href="#sect-Defensive_Coding-TLS-Client-Python">16.2.5. Implementing TLS Clients With Python</a></span></dt></dl></dd></dl></dd></dl></dd><dt><span class="appendix"><a href="#appe-Defensive_Coding-Revision_History">A. Revision History</a></span></dt></dl></div><div class="part" id="idm225447251568"><div class="titlepage"><div><div text-align="center"><h1 class="title">Part I. Programming Languages</h1></div></div></div><div class="toc"><p><strong>Table of Contents</strong></p><dl class="toc"><dt><span class="chapter"><a href="#chap-Defensive_Coding-C">1. The C Programming Language</a></span></dt><dd><dl><dt><span class="section"><a href="#sect-Defensive_Coding-C-Language">1.1. The core language</a></span></dt><dd><dl><dt><span class="section"><a href="#sect-Defensive_Coding-C-Undefi
ned">1.1.1. Undefined behavior</a></span></dt><dt><span class="section"><a href="#sect-Defensive_Coding-C-Pointers">1.1.2. Recommendations for pointers and array handling</a></span></dt><dt><span class="section"><a href="#sect-Defensive_Coding-C-Arithmetic">1.1.3. Recommendations for integer arithmetic</a></span></dt><dt><span class="section"><a href="#sect-Defensive_Coding-C-Globals">1.1.4. Global variables</a></span></dt></dl></dd><dt><span class="section"><a href="#sect-Defensive_Coding-C-Libc">1.2. The C standard library</a></span></dt><dd><dl><dt><span class="section"><a href="#sect-Defensive_Coding-C-Absolutely-Banned">1.2.1. Absolutely banned interfaces</a></span></dt><dt><span class="section"><a href="#sect-Defensive_Coding-C-Avoid">1.2.2. Functions to avoid</a></span></dt><dt><span class="section"><a href="#sect-Defensive_Coding-C-String-Functions-Length">1.2.3. String Functions With Explicit Length Arguments</a></span></dt></dl></dd><dt><span class="section"><a hre
f="#sect-Defensive_Coding-C-Allocators">1.3. Memory allocators</a></span></dt><dd><dl><dt><span class="section"><a href="#idm225450178096">1.3.1. <code class="function">malloc</code> and related functions</a></span></dt><dt><span class="section"><a href="#sect-Defensive_Coding-C-Allocators-alloca">1.3.2. <code class="function">alloca</code> and other forms of stack-based allocation</a></span></dt><dt><span class="section"><a href="#sect-Defensive_Coding-C-Allocators-Arrays">1.3.3. Array allocation</a></span></dt><dt><span class="section"><a href="#sect-Defensive_Coding-C-Allocators-Custom">1.3.4. Custom memory allocators</a></span></dt><dt><span class="section"><a href="#idm225434627312">1.3.5. Conservative garbage collection</a></span></dt></dl></dd><dt><span class="section"><a href="#sect-Defensive_Coding-C-Other">1.4. Other C-related topics</a></span></dt><dd><dl><dt><span class="section"><a href="#sect-Defensive_Coding-C-Wrapper-Functions">1.4.1. Wrapper functions</a></s
pan></dt></dl></dd></dl></dd><dt><span class="chapter"><a href="#chap-Defensive_Coding-CXX">2. The C++ Programming Language</a></span></dt><dd><dl><dt><span class="section"><a href="#sect-Defensive_Coding-CXX-Language">2.1. The core language</a></span></dt><dd><dl><dt><span class="section"><a href="#idm225489138080">2.1.1. Array allocation with <code class="literal">operator new[]</code></a></span></dt><dt><span class="section"><a href="#idm225496547824">2.1.2. Overloading</a></span></dt><dt><span class="section"><a href="#idm225489139440">2.1.3. ABI compatibility and preparing for security updates</a></span></dt><dt><span class="section"><a href="#sect-Defensive_Coding-CXX-Language-CXX11">2.1.4. C++0X and C++11 support</a></span></dt></dl></dd><dt><span class="section"><a href="#sect-Defensive_Coding-CXX-Std">2.2. The C++ standard library</a></span></dt><dd><dl><dt><span class="section"><a href="#sect-Defensive_Coding-CXX-Std-Functions">2.2.1. Functions that are difficult t
o use</a></span></dt><dt><span class="section"><a href="#sect-Defensive_Coding-CXX-Std-String">2.2.2. String handling with <code class="literal">std::string</code></a></span></dt><dt><span class="section"><a href="#sect-Defensive_Coding-CXX-Std-Subscript">2.2.3. Containers and <code class="literal">operator[]</code></a></span></dt><dt><span class="section"><a href="#sect-Defensive_Coding-CXX-Std-Iterators">2.2.4. Iterators</a></span></dt></dl></dd></dl></dd><dt><span class="chapter"><a href="#chap-Defensive_Coding-Java">3. The Java Programming Language</a></span></dt><dd><dl><dt><span class="section"><a href="#sect-Defensive_Coding-Java-Language">3.1. The core language</a></span></dt><dd><dl><dt><span class="section"><a href="#sect-Defensive_Coding-Java-Language-ReadArray">3.1.1. Inceasing robustness when reading arrays</a></span></dt><dt><span class="section"><a href="#sect-Defensive_Coding-Java-Language-Resources">3.1.2. Resource management</a></span></dt><dt><span class="
section"><a href="#sect-Defensive_Coding-Java-Language-Finalizers">3.1.3. Finalizers</a></span></dt><dt><span class="section"><a href="#sect-Defensive_Coding-Java-Language-Exceptions">3.1.4. Recovering from exceptions and errors</a></span></dt></dl></dd><dt><span class="section"><a href="#sect-Defensive_Coding-Java-LowLevel">3.2. Low-level features of the virtual machine</a></span></dt><dd><dl><dt><span class="section"><a href="#sect-Defensive_Coding-Java-Reflection">3.2.1. <code class="literal">Reflection and private parts</code></a></span></dt><dt><span class="section"><a href="#sect-Defensive_Coding-Java-JNI">3.2.2. Java Native Interface (JNI)</a></span></dt><dt><span class="section"><a href="#sect-Defensive_Coding-Java-MiscUnsafe">3.2.3. <code class="literal">sun.misc.Unsafe</code></a></span></dt></dl></dd><dt><span class="section"><a href="#sect-Defensive_Coding-Java-SecurityManager">3.3. Interacting with the security manager</a></span></dt><dd><dl><dt><span class="sect
ion"><a href="#sect-Defensive_Coding-Java-SecurityManager-Compatible">3.3.1. Security manager compatibility</a></span></dt><dt><span class="section"><a href="#sect-Defensive_Coding-Java-SecurityManager-Activate">3.3.2. Activating the security manager</a></span></dt><dt><span class="section"><a href="#sect-Defensive_Coding-Java-SecurityManager-Unprivileged">3.3.3. Reducing trust in code</a></span></dt><dt><span class="section"><a href="#sect-Defensive_Coding-Java-SecurityManager-Privileged">3.3.4. Re-gaining privileges</a></span></dt></dl></dd></dl></dd><dt><span class="chapter"><a href="#chap-Defensive_Coding-Python">4. The Python Programming Language</a></span></dt><dd><dl><dt><span class="section"><a href="#idm225462965424">4.1. Dangerous standard library features</a></span></dt><dt><span class="section"><a href="#idm225437846320">4.2. Run-time compilation and code generation</a></span></dt><dt><span class="section"><a href="#idm225452013312">4.3. Sandboxing</a></span></dt
></dl></dd><dt><span class="chapter"><a href="#chap-Defensive_Coding-Go">5. The Go Programming Language</a></span></dt><dd><dl><dt><span class="section"><a href="#chap-Defensive_Coding-Go-Memory_Safety">5.1. Memory safety</a></span></dt><dt><span class="section"><a href="#chap-Defensive_Coding-Go-Error_Handling">5.2. Error handling</a></span></dt><dt><span class="section"><a href="#chap-Defensive_Coding-Go-Garbage_Collector">5.3. Garbage Collector</a></span></dt></dl></dd><dt><span class="chapter"><a href="#chap-Defensive_Coding-Vala">6. The Vala Programming Language</a></span></dt></dl></div><div xml:lang="en-US" class="chapter" id="chap-Defensive_Coding-C" lang="en-US"><div class="titlepage"><div><div><h2 class="title">Chapter 1. The C Programming Language</h2></div></div></div><div class="toc"><dl class="toc"><dt><span class="section"><a href="#sect-Defensive_Coding-C-Language">1.1. The core language</a></span></dt><dd><dl><dt><span class="section"><a href="#sect-Defens
ive_Coding-C-Undefined">1.1.1. Undefined behavior</a></span></dt><dt><span class="section"><a href="#sect-Defensive_Coding-C-Pointers">1.1.2. Recommendations for pointers and array handling</a></span></dt><dt><span class="section"><a href="#sect-Defensive_Coding-C-Arithmetic">1.1.3. Recommendations for integer arithmetic</a></span></dt><dt><span class="section"><a href="#sect-Defensive_Coding-C-Globals">1.1.4. Global variables</a></span></dt></dl></dd><dt><span class="section"><a href="#sect-Defensive_Coding-C-Libc">1.2. The C standard library</a></span></dt><dd><dl><dt><span class="section"><a href="#sect-Defensive_Coding-C-Absolutely-Banned">1.2.1. Absolutely banned interfaces</a></span></dt><dt><span class="section"><a href="#sect-Defensive_Coding-C-Avoid">1.2.2. Functions to avoid</a></span></dt><dt><span class="section"><a href="#sect-Defensive_Coding-C-String-Functions-Length">1.2.3. String Functions With Explicit Length Arguments</a></span></dt></dl></dd><dt><span cla
ss="section"><a href="#sect-Defensive_Coding-C-Allocators">1.3. Memory allocators</a></span></dt><dd><dl><dt><span class="section"><a href="#idm225450178096">1.3.1. <code class="function">malloc</code> and related functions</a></span></dt><dt><span class="section"><a href="#sect-Defensive_Coding-C-Allocators-alloca">1.3.2. <code class="function">alloca</code> and other forms of stack-based allocation</a></span></dt><dt><span class="section"><a href="#sect-Defensive_Coding-C-Allocators-Arrays">1.3.3. Array allocation</a></span></dt><dt><span class="section"><a href="#sect-Defensive_Coding-C-Allocators-Custom">1.3.4. Custom memory allocators</a></span></dt><dt><span class="section"><a href="#idm225434627312">1.3.5. Conservative garbage collection</a></span></dt></dl></dd><dt><span class="section"><a href="#sect-Defensive_Coding-C-Other">1.4. Other C-related topics</a></span></dt><dd><dl><dt><span class="section"><a href="#sect-Defensive_Coding-C-Wrapper-Functions">1.4.1. Wrapp
er functions</a></span></dt></dl></dd></dl></div><div xml:lang="en-US" class="section" id="sect-Defensive_Coding-C-Language" lang="en-US"><div class="titlepage"><div><div keep-together.within-column="always"><h2 class="title">1.1. The core language</h2></div></div></div><div class="para">
C provides no memory safety. Most recommendations in this section deal with this aspect of the language.
</div><div class="section" id="sect-Defensive_Coding-C-Undefined"><div class="titlepage"><div><div keep-together.within-column="always"><h3 class="title">1.1.1. Undefined behavior</h3></div></div></div><div class="para">
Some C constructs are defined to be undefined by the C standard. This does not only mean that the standard does not describe what happens when the construct is executed. It also allows optimizing compilers such as GCC to assume that this particular construct is never reached. In some cases, this has caused GCC to optimize security checks away. (This is not a flaw in GCC or the C language. But C certainly has some areas which are more difficult to use than others.)
@@ -116,10 +116,22 @@ add(<span class="perl_DataType">int</span> a, <span class="perl_DataType">int</s
</div><div class="itemizedlist"><ul><li class="listitem"><div class="para">
Use a wider type to perform the calculation, check that the result is within bounds, and convert the result to the original type. All intermediate results must be checked in this way.
</div></li><li class="listitem"><div class="para">
- Perform the calculation in the corresponding unsigned type and use bit fiddling to detect the overflow.
- </div></li><li class="listitem"><div class="para">
- Compute bounds for acceptable input values which are known to avoid overflow, and reject other values. This is the preferred way for overflow checking on multiplications, see <a class="xref" href="#ex-Defensive_Coding-C-Arithmetic-mult">Example 1.3, “Overflow checking for unsigned multiplication”</a>.
- </div></li></ul></div><div class="example" id="ex-Defensive_Coding-C-Arithmetic-mult"><h6>Example 1.3. Overflow checking for unsigned multiplication</h6><div class="example-contents"><pre xml:lang="en-US" class="programlisting" lang="en-US">
+ Perform the calculation in the corresponding unsigned type and use bit fiddling to detect the overflow. <a class="xref" href="#ex-Defensive_Coding-C-Arithmetic-add_unsigned">Example 1.3, “Overflow checking for unsigned addition”</a> shows how to perform an overflow check for unsigned integer addition. For three or more terms, all the intermediate additions have to be checked in this way.
+ </div></li></ul></div><div class="example" id="ex-Defensive_Coding-C-Arithmetic-add_unsigned"><h6>Example 1.3. Overflow checking for unsigned addition</h6><div class="example-contents"><pre xml:lang="en-US" class="programlisting" lang="en-US">
+<span class="perl_DataType">void</span> report_overflow(<span class="perl_DataType">void</span>);
+
+<span class="perl_DataType">unsigned</span>
+add_unsigned(<span class="perl_DataType">unsigned</span> a, <span class="perl_DataType">unsigned</span> b)
+{
+ <span class="perl_DataType">unsigned</span> sum = a + b;
+ <span class="perl_Keyword">if</span> (sum < a) { <span class="perl_Comment">// or sum < b</span><span class="perl_Comment"></span>
+<span class="perl_Comment"></span> report_overflow();
+ }
+ <span class="perl_Keyword">return</span> sum;
+}
+</pre></div></div><br class="example-break" /><div class="itemizedlist"><ul><li class="listitem"><div class="para">
+ Compute bounds for acceptable input values which are known to avoid overflow, and reject other values. This is the preferred way for overflow checking on multiplications, see <a class="xref" href="#ex-Defensive_Coding-C-Arithmetic-mult">Example 1.4, “Overflow checking for unsigned multiplication”</a>.
+ </div></li></ul></div><div class="example" id="ex-Defensive_Coding-C-Arithmetic-mult"><h6>Example 1.4. Overflow checking for unsigned multiplication</h6><div class="example-contents"><pre xml:lang="en-US" class="programlisting" lang="en-US">
<span class="perl_DataType">unsigned</span>
mul(<span class="perl_DataType">unsigned</span> a, <span class="perl_DataType">unsigned</span> b)
{
@@ -129,11 +141,28 @@ mul(<span class="perl_DataType">unsigned</span> a, <span class="perl_DataType">u
<span class="perl_Keyword">return</span> a * b;
}
</pre></div></div><br class="example-break" /><div class="para">
- Basic arithmetic operations a commutative, so for bounds checks, there are two different but mathematically equivalent expressions. Sometimes, one of the expressions results in better code because parts of it can be reduced to a constant. This applies to overflow checks for multiplication <code class="literal">a * b</code> involving a constant <code class="literal">a</code>, where the expression is reduced to <code class="literal">b > C</code> for some constant <code class="literal">C</code> determined at compile time. The other expression, <code class="literal">b && a > ((unsigned)-1) / b</code>, is more difficult to optimize at compile time.
+ Basic arithmetic operations are commutative, so for bounds checks, there are two different but mathematically equivalent expressions. Sometimes, one of the expressions results in better code because parts of it can be reduced to a constant. This applies to overflow checks for multiplication <code class="literal">a * b</code> involving a constant <code class="literal">a</code>, where the expression is reduced to <code class="literal">b > C</code> for some constant <code class="literal">C</code> determined at compile time. The other expression, <code class="literal">b && a > ((unsigned)-1) / b</code>, is more difficult to optimize at compile time.
</div><div class="para">
When a value is converted to a signed integer, GCC always chooses the result based on 2's complement arithmetic. This GCC extension (which is also implemented by other compilers) helps a lot when implementing overflow checks.
</div><div class="para">
+ Sometimes, it is necessary to compare unsigned and signed integer variables. This results in a compiler warning, <span class="emphasis"><em>comparison between signed and unsigned integer expressions</em></span>, because the comparison often gives unexpected results for negative values. When adding a cast, make sure that negative values are covered properly. If the bound is unsigned and the checked quantity is signed, you should cast the checked quantity to an unsigned type as least as wide as either operand type. As a result, negative values will fail the bounds check. (You can still check for negative values separately for clarity, and the compiler will optimize away this redundant check.)
+ </div><div class="para">
Legacy code should be compiled with the <code class="option">-fwrapv</code> GCC option. As a result, GCC will provide 2's complement semantics for integer arithmetic, including defined behavior on integer overflow.
+ </div></div><div class="section" id="sect-Defensive_Coding-C-Globals"><div class="titlepage"><div><div keep-together.within-column="always"><h3 class="title">1.1.4. Global variables</h3></div></div></div><div class="para">
+ Global variables should be avoided because they usually lead to thread safety hazards. In any case, they should be declared <code class="literal">static</code>, so that access is restricted to a single translation unit.
+ </div><div class="para">
+ Global constants are not a problem, but declaring them can be tricky. <a class="xref" href="#ex-Defensive_Coding-C-Globals-String_Array">Example 1.5, “Declaring a constant array of constant strings”</a> shows how to declare a constant array of constant strings. The second <code class="literal">const</code> is needed to make the array constant, and not just the strings. It must be placed after the <code class="literal">*</code>, and not before it.
+ </div><div class="example" id="ex-Defensive_Coding-C-Globals-String_Array"><h6>Example 1.5. Declaring a constant array of constant strings</h6><div class="example-contents"><pre xml:lang="en-US" class="programlisting" lang="en-US">
+<span class="perl_DataType">static</span> <span class="perl_DataType">const</span> <span class="perl_DataType">char</span> *<span class="perl_DataType">const</span> string_list[] = {
+ <span class="perl_String">"first"</span>,
+ <span class="perl_String">"second"</span>,
+ <span class="perl_String">"third"</span>,
+ NULL
+};
+</pre></div></div><br class="example-break" /><div class="para">
+ Sometimes, static variables local to functions are used as a replacement for proper memory management. Unlike non-static local variables, it is possible to return a pointer to static local variables to the caller. But such variables are well-hidden, but effectively global (just as static variables at file scope). It is difficult to add thread safety afterwards if such interfaces are used. Merely dropping the <code class="literal">static</code> keyword in such cases leads to undefined behavior.
+ </div><div class="para">
+ Another source for static local variables is a desire to reduce stack space usage on embedded platforms, where the stack may span only a few hundred bytes. If this is the only reason why the <code class="literal">static</code> keyword is used, it can just be dropped, unless the object is very large (larger than 128 kilobytes on 32 bit platforms). In the latter case, it is recommended to allocate the object using <code class="literal">malloc</code>, to obtain proper array checking, for the same reasons outlined in <a class="xref" href="#sect-Defensive_Coding-C-Allocators-alloca">Section 1.3.2, “<code class="function">alloca</code> and other forms of stack-based allocation”</a>.
</div></div></div><div xml:lang="en-US" class="section" id="sect-Defensive_Coding-C-Libc" lang="en-US"><div class="titlepage"><div><div keep-together.within-column="always"><h2 class="title">1.2. The C standard library</h2></div></div></div><div class="para">
Parts of the C standard library (and the UNIX and GNU extensions) are difficult to use, so you shoud avoid them.
</div><div class="para">
@@ -177,17 +206,17 @@ mul(<span class="perl_DataType">unsigned</span> a, <span class="perl_DataType">u
</div><div class="itemizedlist"><ul><li class="listitem"><div class="para">
<code class="function">alloca</code> ⟶ <code class="function">malloc</code> and <code class="function">free</code> (see <a class="xref" href="#sect-Defensive_Coding-C-Allocators-alloca">Section 1.3.2, “<code class="function">alloca</code> and other forms of stack-based allocation”</a>)
</div></li><li class="listitem"><div class="para">
- <code class="function">putenv</code> ⟶ explicit <code class="varname">envp</code> argument in process creation (see <a class="xref" href="#sect-Defensive_Coding-Tasks-Processes-environ">Section 9.1.3, “Specifying the process environment”</a>)
+ <code class="function">putenv</code> ⟶ explicit <code class="varname">envp</code> argument in process creation (see <a class="xref" href="#sect-Defensive_Coding-Tasks-Processes-environ">Section 11.1.3, “Specifying the process environment”</a>)
</div></li><li class="listitem"><div class="para">
- <code class="function">setenv</code> ⟶ explicit <code class="varname">envp</code> argument in process creation (see <a class="xref" href="#sect-Defensive_Coding-Tasks-Processes-environ">Section 9.1.3, “Specifying the process environment”</a>)
+ <code class="function">setenv</code> ⟶ explicit <code class="varname">envp</code> argument in process creation (see <a class="xref" href="#sect-Defensive_Coding-Tasks-Processes-environ">Section 11.1.3, “Specifying the process environment”</a>)
</div></li><li class="listitem"><div class="para">
<code class="function">strdupa</code> ⟶ <code class="function">strdup</code> and <code class="function">free</code> (see <a class="xref" href="#sect-Defensive_Coding-C-Allocators-alloca">Section 1.3.2, “<code class="function">alloca</code> and other forms of stack-based allocation”</a>)
</div></li><li class="listitem"><div class="para">
<code class="function">strndupa</code> ⟶ <code class="function">strndup</code> and <code class="function">free</code> (see <a class="xref" href="#sect-Defensive_Coding-C-Allocators-alloca">Section 1.3.2, “<code class="function">alloca</code> and other forms of stack-based allocation”</a>)
</div></li><li class="listitem"><div class="para">
- <code class="function">system</code> ⟶ <code class="function">posix_spawn</code> or <code class="function">fork</code>/<code class="function">execve</code>/ (see <a class="xref" href="#sect-Defensive_Coding-Tasks-Processes-execve">Section 9.1.2, “Bypassing the shell”</a>)
+ <code class="function">system</code> ⟶ <code class="function">posix_spawn</code> or <code class="function">fork</code>/<code class="function">execve</code>/ (see <a class="xref" href="#sect-Defensive_Coding-Tasks-Processes-execve">Section 11.1.2, “Bypassing the shell”</a>)
</div></li><li class="listitem"><div class="para">
- <code class="function">unsetenv</code> ⟶ explicit <code class="varname">envp</code> argument in process creation (see <a class="xref" href="#sect-Defensive_Coding-Tasks-Processes-environ">Section 9.1.3, “Specifying the process environment”</a>)
+ <code class="function">unsetenv</code> ⟶ explicit <code class="varname">envp</code> argument in process creation (see <a class="xref" href="#sect-Defensive_Coding-Tasks-Processes-environ">Section 11.1.3, “Specifying the process environment”</a>)
</div></li></ul></div></div><div class="section" id="sect-Defensive_Coding-C-String-Functions-Length"><div class="titlepage"><div><div keep-together.within-column="always"><h3 class="title">1.2.3. String Functions With Explicit Length Arguments</h3></div></div></div><div class="para">
The C run-time library provides string manipulation functions which not just look for NUL characters for string termination, but also honor explicit lengths provided by the caller. However, these functions evolved over a long period of time, and the lengths mean different things depending on the function.
</div><div class="section" id="sect-Defensive_Coding-C-Libc-snprintf"><div class="titlepage"><div><div keep-together.within-column="always"><h4 class="title">1.2.3.1. <code class="literal">snprintf</code></h4></div></div></div><div class="para">
@@ -198,8 +227,8 @@ snprintf(fraction, <span class="perl_Keyword">sizeof</span>(fraction), <span cla
</pre></div><div class="para">
The second argument to the <code class="function">snprintf</code> call should always be the size of the buffer in the first argument (which should be a character array). Elaborate pointer and length arithmetic can introduce errors and nullify the security benefits of <code class="function">snprintf</code>.
</div><div class="para">
- In particular, <code class="literal">snprintf</code> is not well-suited to constructing a string iteratively, by appending to an existing buffer. <code class="function">snprintf</code> returns one of two values, <code class="literal">-1</code> on errors, or the number of characters which <span class="emphasis"><em>would have been written to the buffer if the buffer were large enough</em></span>. This means that adding the result of <code class="function">snprintf</code> to the buffer pointer to skip over the characters just written is incorrect and risky. However, as long as the length argument is not zero, the buffer will remain NUL-terminated. <a class="xref" href="#ex-Defensive_Coding-C-String-Functions-snprintf-incremental">Example 1.4, “Repeatedly writing to a buffer using <code class="function">snprintf</code>”</a> works because <code class="literal">end -current > 0</code> is a loop invariant. After the loop, the result string is in the <code class="varnam
e">buf</code> variable.
- </div><div class="example" id="ex-Defensive_Coding-C-String-Functions-snprintf-incremental"><h6>Example 1.4. Repeatedly writing to a buffer using <code class="function">snprintf</code></h6><div class="example-contents"><pre xml:lang="en-US" class="programlisting" lang="en-US">
+ In particular, <code class="literal">snprintf</code> is not well-suited to constructing a string iteratively, by appending to an existing buffer. <code class="function">snprintf</code> returns one of two values, <code class="literal">-1</code> on errors, or the number of characters which <span class="emphasis"><em>would have been written to the buffer if the buffer were large enough</em></span>. This means that adding the result of <code class="function">snprintf</code> to the buffer pointer to skip over the characters just written is incorrect and risky. However, as long as the length argument is not zero, the buffer will remain NUL-terminated. <a class="xref" href="#ex-Defensive_Coding-C-String-Functions-snprintf-incremental">Example 1.6, “Repeatedly writing to a buffer using <code class="function">snprintf</code>”</a> works because <code class="literal">end -current > 0</code> is a loop invariant. After the loop, the result string is in the <code class="varnam
e">buf</code> variable.
+ </div><div class="example" id="ex-Defensive_Coding-C-String-Functions-snprintf-incremental"><h6>Example 1.6. Repeatedly writing to a buffer using <code class="function">snprintf</code></h6><div class="example-contents"><pre xml:lang="en-US" class="programlisting" lang="en-US">
<span class="perl_DataType">char</span> buf[<span class="perl_Float">512</span>];
<span class="perl_DataType">char</span> *current = buf;
<span class="perl_DataType">const</span> <span class="perl_DataType">char</span> *<span class="perl_DataType">const</span> end = buf + <span class="perl_Keyword">sizeof</span>(buf);
@@ -213,8 +242,8 @@ snprintf(fraction, <span class="perl_Keyword">sizeof</span>(fraction), <span cla
</div><div class="para">
Note that it is not permitted to use the same buffer both as the destination and as a source argument.
</div></div><div class="section" id="sect-Defensive_Coding-C-Libc-vsnprintf"><div class="titlepage"><div><div keep-together.within-column="always"><h4 class="title">1.2.3.2. <code class="literal">vsnprintf</code> and format strings</h4></div></div></div><div class="para">
- If you use <code class="function">vsnprintf</code> (or <code class="function">vasprintf</code> or even <code class="function">snprintf</code>) with a format string which is not a constant, but a function argument, it is important to annotate the function with a <code class="literal">format</code> function attribute, so that GCC can warn about misuse of your function (see <a class="xref" href="#ex-Defensive_Coding-C-String-Functions-format-Attribute">Example 1.5, “The <code class="literal">format</code> function attribute”</a>).
- </div><div class="example" id="ex-Defensive_Coding-C-String-Functions-format-Attribute"><h6>Example 1.5. The <code class="literal">format</code> function attribute</h6><div class="example-contents"><pre xml:lang="en-US" class="programlisting" lang="en-US">
+ If you use <code class="function">vsnprintf</code> (or <code class="function">vasprintf</code> or even <code class="function">snprintf</code>) with a format string which is not a constant, but a function argument, it is important to annotate the function with a <code class="literal">format</code> function attribute, so that GCC can warn about misuse of your function (see <a class="xref" href="#ex-Defensive_Coding-C-String-Functions-format-Attribute">Example 1.7, “The <code class="literal">format</code> function attribute”</a>).
+ </div><div class="example" id="ex-Defensive_Coding-C-String-Functions-format-Attribute"><h6>Example 1.7. The <code class="literal">format</code> function attribute</h6><div class="example-contents"><pre xml:lang="en-US" class="programlisting" lang="en-US">
<span class="perl_DataType">void</span> log_format(<span class="perl_DataType">const</span> <span class="perl_DataType">char</span> *format, ...) __attribute__((format(printf, <span class="perl_Float">1</span>, <span class="perl_Float">2</span>)));
<span class="perl_DataType">void</span>
@@ -237,11 +266,11 @@ buf[<span class="perl_Keyword">sizeof</span>(buf) - <span class="perl_Float">1</
Another approach uses the <code class="function">strncat</code> function for this purpose:
</div><div class="informalexample"><pre xml:lang="en-US" class="programlisting" lang="en-US">
buf[0] = '\0';
-strncpy(buf, data, <span class="perl_Keyword">sizeof</span>(buf) - <span class="perl_Float">1</span>);
+strncat(buf, data, <span class="perl_Keyword">sizeof</span>(buf) - <span class="perl_Float">1</span>);
</pre></div></div><div class="section" id="sect-Defensive_Coding-C-Libc-strncat"><div class="titlepage"><div><div keep-together.within-column="always"><h4 class="title">1.2.3.4. <code class="function">strncat</code></h4></div></div></div><div class="para">
The length argument of the <code class="function">strncat</code> function specifies the maximum number of characters copied from the source buffer, excluding the terminating NUL character. This means that the required number of bytes in the destination buffer is the length of the original string, plus the length argument in the <code class="function">strncat</code> call, plus one. Consequently, this function is rarely appropriate for performing a length-checked string operation, with the notable exception of the <code class="function">strcpy</code> emulation described in <a class="xref" href="#sect-Defensive_Coding-C-Libc-strncpy">Section 1.2.3.3, “<code class="function">strncpy</code>”</a>.
</div><div class="para">
- To implement a length-checked string append, you can use an approach similar to <a class="xref" href="#ex-Defensive_Coding-C-String-Functions-snprintf-incremental">Example 1.4, “Repeatedly writing to a buffer using <code class="function">snprintf</code>”</a>:
+ To implement a length-checked string append, you can use an approach similar to <a class="xref" href="#ex-Defensive_Coding-C-String-Functions-snprintf-incremental">Example 1.6, “Repeatedly writing to a buffer using <code class="function">snprintf</code>”</a>:
</div><div class="informalexample"><pre xml:lang="en-US" class="programlisting" lang="en-US">
<span class="perl_DataType">char</span> buf[<span class="perl_Float">10</span>];
snprintf(buf, <span class="perl_Keyword">sizeof</span>(buf), <span class="perl_String">"%s"</span>, prefix);
@@ -254,28 +283,28 @@ snprintf(buf, <span class="perl_Keyword">sizeof</span>(buf), <span class="perl_S
But you should must not dynamically construct format strings to avoid concatenation because this would prevent GCC from type-checking the argument lists.
</div><div class="para">
It is not possible to use format strings like <code class="literal">"%s%s"</code> to implement concatenation, unless you use separate buffers. <code class="function">snprintf</code> does not support overlapping source and target strings.
- </div></div><div class="section" id="idm217628835072"><div class="titlepage"><div><div keep-together.within-column="always"><h4 class="title" id="idm217628835072">1.2.3.5. <code class="function">strlcpy</code> and <code class="function">strlcat</code></h4></div></div></div><div class="para">
+ </div></div><div class="section" id="idm225470486352"><div class="titlepage"><div><div keep-together.within-column="always"><h4 class="title" id="idm225470486352">1.2.3.5. <code class="function">strlcpy</code> and <code class="function">strlcat</code></h4></div></div></div><div class="para">
Some systems support <code class="function">strlcpy</code> and <code class="function">strlcat</code> functions which behave this way, but these functions are not part of GNU libc. <code class="function">strlcpy</code> is often replaced with <code class="function">snprintf</code> with a <code class="literal">"%s"</code> format string. See <a class="xref" href="#sect-Defensive_Coding-C-Libc-strncpy">Section 1.2.3.3, “<code class="function">strncpy</code>”</a> for a caveat related to the <code class="function">snprintf</code> return value.
</div><div class="para">
To emulate <code class="function">strlcat</code>, use the approach described in <a class="xref" href="#sect-Defensive_Coding-C-Libc-strncat">Section 1.2.3.4, “<code class="function">strncat</code>”</a>.
- </div></div><div class="section" id="idm217610329968"><div class="titlepage"><div><div keep-together.within-column="always"><h4 class="title" id="idm217610329968">1.2.3.6. ISO C11 Annex K *<code class="function">_s</code> functions</h4></div></div></div><div class="para">
+ </div></div><div class="section" id="idm225473154784"><div class="titlepage"><div><div keep-together.within-column="always"><h4 class="title" id="idm225473154784">1.2.3.6. ISO C11 Annex K *<code class="function">_s</code> functions</h4></div></div></div><div class="para">
ISO C11 adds another set of length-checking functions, but GNU libc currently does not implement them.
- </div></div><div class="section" id="idm217617179776"><div class="titlepage"><div><div keep-together.within-column="always"><h4 class="title" id="idm217617179776">1.2.3.7. Other <code class="function">strn</code>* and <code class="function">stpn</code>* functions</h4></div></div></div><div class="para">
+ </div></div><div class="section" id="idm225464812288"><div class="titlepage"><div><div keep-together.within-column="always"><h4 class="title" id="idm225464812288">1.2.3.7. Other <code class="function">strn</code>* and <code class="function">stpn</code>* functions</h4></div></div></div><div class="para">
GNU libc contains additional functions with different variants of length checking. Consult the documentation before using them to find out what the length actually means.
- </div></div></div></div><div xml:lang="en-US" class="section" id="sect-Defensive_Coding-C-Allocators" lang="en-US"><div class="titlepage"><div><div keep-together.within-column="always"><h2 class="title">1.3. Memory allocators</h2></div></div></div><div class="section" id="idm217607479392"><div class="titlepage"><div><div keep-together.within-column="always"><h3 class="title" id="idm217607479392">1.3.1. <code class="function">malloc</code> and related functions</h3></div></div></div><div class="para">
+ </div></div></div></div><div xml:lang="en-US" class="section" id="sect-Defensive_Coding-C-Allocators" lang="en-US"><div class="titlepage"><div><div keep-together.within-column="always"><h2 class="title">1.3. Memory allocators</h2></div></div></div><div class="section" id="idm225450178096"><div class="titlepage"><div><div keep-together.within-column="always"><h3 class="title" id="idm225450178096">1.3.1. <code class="function">malloc</code> and related functions</h3></div></div></div><div class="para">
The C library interfaces for memory allocation are provided by <code class="function">malloc</code>, <code class="function">free</code> and <code class="function">realloc</code>, and the <code class="function">calloc</code> function. In addition to these generic functions, there are derived functions such as <code class="function">strdup</code> which perform allocation using <code class="function">malloc</code> internally, but do not return untyped heap memory (which could be used for any object).
</div><div class="para">
The C compiler knows about these functions and can use their expected behavior for optimizations. For instance, the compiler assumes that an existing pointer (or a pointer derived from an existing pointer by arithmetic) will not point into the memory area returned by <code class="function">malloc</code>.
</div><div class="para">
If the allocation fails, <code class="function">realloc</code> does not free the old pointer. Therefore, the idiom <code class="literal">ptr = realloc(ptr, size);</code> is wrong because the memory pointed to by <code class="literal">ptr</code> leaks in case of an error.
- </div><div class="section" id="idm217609990192"><div class="titlepage"><div><div keep-together.within-column="always"><h4 class="title" id="idm217609990192">1.3.1.1. Use-after-free errors</h4></div></div></div><div class="para">
+ </div><div class="section" id="sect-Defensive_Coding-C-Use-After-Free"><div class="titlepage"><div><div keep-together.within-column="always"><h4 class="title">1.3.1.1. Use-after-free errors</h4></div></div></div><div class="para">
After <code class="function">free</code>, the pointer is invalid. Further pointer dereferences are not allowed (and are usually detected by <span class="application"><strong>valgrind</strong></span>). Less obvious is that any <span class="emphasis"><em>use</em></span> of the old pointer value is not allowed, either. In particular, comparisons with any other pointer (or the null pointer) are undefined according to the C standard.
</div><div class="para">
The same rules apply to <code class="function">realloc</code> if the memory area cannot be enlarged in-place. For instance, the compiler may assume that a comparison between the old and new pointer will always return false, so it is impossible to detect movement this way.
- </div></div><div class="section" id="idm217619561600"><div class="titlepage"><div><div keep-together.within-column="always"><h4 class="title" id="idm217619561600">1.3.1.2. Handling memory allocation errors</h4></div></div></div><div class="para">
+ </div></div><div class="section" id="idm225462453888"><div class="titlepage"><div><div keep-together.within-column="always"><h4 class="title" id="idm225462453888">1.3.1.2. Handling memory allocation errors</h4></div></div></div><div class="para">
Recovering from out-of-memory errors is often difficult or even impossible. In these cases, <code class="function">malloc</code> and other allocation functions return a null pointer. Dereferencing this pointer lead to a crash. Such dereferences can even be exploitable for code execution if the dereference is combined with an array subscript.
</div><div class="para">
- In general, if you cannot check all allocation calls and handle failure, you should abort the program on allocation failure, and not rely on the null pointer dereference to terminate the process. See <a class="xref" href="#sect-Defensive_Coding-Tasks-Serialization-Decoders">Section 10.1, “Recommendations for manually written decoders”</a> for related memory allocation concerns.
+ In general, if you cannot check all allocation calls and handle failure, you should abort the program on allocation failure, and not rely on the null pointer dereference to terminate the process. See <a class="xref" href="#sect-Defensive_Coding-Tasks-Serialization-Decoders">Section 12.1, “Recommendations for manually written decoders”</a> for related memory allocation concerns.
</div></div></div><div class="section" id="sect-Defensive_Coding-C-Allocators-alloca"><div class="titlepage"><div><div keep-together.within-column="always"><h3 class="title">1.3.2. <code class="function">alloca</code> and other forms of stack-based allocation</h3></div></div></div><div class="para">
Allocation on the stack is risky because stack overflow checking is implicit. There is a guard page at the end of the memory area reserved for the stack. If the program attempts to read from or write to this guard page, a <code class="literal">SIGSEGV</code> signal is generated and the program typically terminates.
</div><div class="para">
@@ -291,8 +320,8 @@ snprintf(buf, <span class="perl_Keyword">sizeof</span>(buf), <span class="perl_S
</div></div><div class="section" id="sect-Defensive_Coding-C-Allocators-Arrays"><div class="titlepage"><div><div keep-together.within-column="always"><h3 class="title">1.3.3. Array allocation</h3></div></div></div><div class="para">
When allocating arrays, it is important to check for overflows. The <code class="function">calloc</code> function performs such checks.
</div><div class="para">
- If <code class="function">malloc</code> or <code class="function">realloc</code> is used, the size check must be written manually. For instance, to allocate an array of <code class="literal">n</code> elements of type <code class="literal">T</code>, check that the requested size is not greater than <code class="literal">n / sizeof(T)</code>. See <a class="xref" href="#sect-Defensive_Coding-C-Arithmetic">Section 1.1.3, “Recommendations for integer arithmetic”</a>.
- </div></div><div class="section" id="idm217620118944"><div class="titlepage"><div><div keep-together.within-column="always"><h3 class="title" id="idm217620118944">1.3.4. Custom memory allocators</h3></div></div></div><div class="para">
+ If <code class="function">malloc</code> or <code class="function">realloc</code> is used, the size check must be written manually. For instance, to allocate an array of <code class="literal">n</code> elements of type <code class="literal">T</code>, check that the requested size is not greater than <code class="literal">((size_t) -1) / sizeof(T)</code>. See <a class="xref" href="#sect-Defensive_Coding-C-Arithmetic">Section 1.1.3, “Recommendations for integer arithmetic”</a>.
+ </div></div><div class="section" id="sect-Defensive_Coding-C-Allocators-Custom"><div class="titlepage"><div><div keep-together.within-column="always"><h3 class="title">1.3.4. Custom memory allocators</h3></div></div></div><div class="para">
Custom memory allocates come in two forms: replacements for <code class="function">malloc</code>, and completely different interfaces for memory management. Both approaches can reduce the effectiveness of <span class="application"><strong>valgrind</strong></span> and similar tools, and the heap corruption detection provided by GNU libc, so they should be avoided.
</div><div class="para">
Memory allocators are difficult to write and contain many performance and security pitfalls.
@@ -301,8 +330,8 @@ snprintf(buf, <span class="perl_Keyword">sizeof</span>(buf), <span class="perl_S
</div></li><li class="listitem"><div class="para">
Size computations for array allocations need overflow checking. See <a class="xref" href="#sect-Defensive_Coding-C-Allocators-Arrays">Section 1.3.3, “Array allocation”</a>.
</div></li><li class="listitem"><div class="para">
- It can be difficult to beat well-tuned general-purpose allocators. In micro-benchmarks, pool allocators can show huge wins, and size-specific pools can reduce internal fragmentation. But often, utilization of individual pools is poor, and
- </div></li></ul></div></div><div class="section" id="idm217613303056"><div class="titlepage"><div><div keep-together.within-column="always"><h3 class="title" id="idm217613303056">1.3.5. Conservative garbage collection</h3></div></div></div><div class="para">
+ It can be difficult to beat well-tuned general-purpose allocators. In micro-benchmarks, pool allocators can show huge wins, and size-specific pools can reduce internal fragmentation. But often, utilization of individual pools is poor, and external fragmentation increases the overall memory usage.
+ </div></li></ul></div></div><div class="section" id="idm225434627312"><div class="titlepage"><div><div keep-together.within-column="always"><h3 class="title" id="idm225434627312">1.3.5. Conservative garbage collection</h3></div></div></div><div class="para">
Garbage collection can be an alternative to explicit memory management using <code class="function">malloc</code> and <code class="function">free</code>. The Boehm-Dehmers-Weiser allocator can be used from C programs, with minimal type annotations. Performance is competitive with <code class="function">malloc</code> on 64-bit architectures, especially for multi-threaded programs. The stop-the-world pauses may be problematic for some real-time applications, though.
</div><div class="para">
However, using a conservative garbage collector may reduce opertunities for code reduce because once one library in a program uses garbage collection, the whole process memory needs to be subject to it, so that no pointers are missed. The Boehm-Dehmers-Weiser collector also reserves certain signals for internal use, so it is not fully transparent to the rest of the program.
@@ -313,28 +342,28 @@ snprintf(buf, <span class="perl_Keyword">sizeof</span>(buf), <span class="perl_S
</div><div class="para">
At the minimum, you should apply these attributes:
</div><div class="itemizedlist"><ul><li class="listitem"><div class="para">
- If you wrap function which accepts are GCC-recognized format string (for example, a <code class="function">printf</code>-style function used for logging), you should add a suitable <code class="literal">format</code> attribute, as in <a class="xref" href="#ex-Defensive_Coding-C-String-Functions-format-Attribute">Example 1.5, “The <code class="literal">format</code> function attribute”</a>.
+ If you wrap function which accepts are GCC-recognized format string (for example, a <code class="function">printf</code>-style function used for logging), you should add a suitable <code class="literal">format</code> attribute, as in <a class="xref" href="#ex-Defensive_Coding-C-String-Functions-format-Attribute">Example 1.7, “The <code class="literal">format</code> function attribute”</a>.
</div></li><li class="listitem"><div class="para">
If you wrap a function which carries a <code class="literal">warn_unused_result</code> attribute and you propagate its return value, your wrapper should be declared with <code class="literal">warn_unused_result</code> as well.
</div></li><li class="listitem"><div class="para">
Duplicating the buffer length checks based on the <code class="function">__builtin_object_size</code> GCC builtin is desirable if the wrapper processes arrays. (This functionality is used by the <code class="literal">-D_FORTIFY_SOURCE=2</code> checks to guard against static buffer overflows.) However, designing appropriate interfaces and implementing the checks may not be entirely straightforward.
</div></li></ul></div><div class="para">
For other attributes (such as <code class="literal">malloc</code>), careful analysis and comparison with the compiler documentation is required to check if propagating the attribute is appropriate. Incorrectly applied attributes can result in undesired behavioral changes in the compiled code.
- </div></div></div></div><div xml:lang="en-US" class="chapter" id="chap-Defensive_Coding-CXX" lang="en-US"><div class="titlepage"><div><div><h2 class="title">Chapter 2. The C++ Programming Language</h2></div></div></div><div class="toc"><dl class="toc"><dt><span class="section"><a href="#sect-Defensive_Coding-CXX-Language">2.1. The core language</a></span></dt><dd><dl><dt><span class="section"><a href="#idm217621747072">2.1.1. Array allocation with <code class="literal">operator new[]</code></a></span></dt><dt><span class="section"><a href="#idm217616218752">2.1.2. Overloading</a></span></dt><dt><span class="section"><a href="#idm217523870384">2.1.3. ABI compatibility and preparing for security updates</a></span></dt><dt><span class="section"><a href="#sect-Defensive_Coding-CXX-Language-CXX11">2.1.4. C++0X and C++11 support</a></span></dt></dl></dd><dt><span class="section"><a href="#sect-Defensive_Coding-CXX-Std">2.2. The C++ standard library</a></span></dt><dd><dl><dt><
span class="section"><a href="#idm217612409584">2.2.1. Containers and <code class="literal">operator[]</code></a></span></dt></dl></dd></dl></div><div xml:lang="en-US" class="section" id="sect-Defensive_Coding-CXX-Language" lang="en-US"><div class="titlepage"><div><div keep-together.within-column="always"><h2 class="title">2.1. The core language</h2></div></div></div><div class="para">
+ </div></div></div></div><div xml:lang="en-US" class="chapter" id="chap-Defensive_Coding-CXX" lang="en-US"><div class="titlepage"><div><div><h2 class="title">Chapter 2. The C++ Programming Language</h2></div></div></div><div class="toc"><dl class="toc"><dt><span class="section"><a href="#sect-Defensive_Coding-CXX-Language">2.1. The core language</a></span></dt><dd><dl><dt><span class="section"><a href="#idm225489138080">2.1.1. Array allocation with <code class="literal">operator new[]</code></a></span></dt><dt><span class="section"><a href="#idm225496547824">2.1.2. Overloading</a></span></dt><dt><span class="section"><a href="#idm225489139440">2.1.3. ABI compatibility and preparing for security updates</a></span></dt><dt><span class="section"><a href="#sect-Defensive_Coding-CXX-Language-CXX11">2.1.4. C++0X and C++11 support</a></span></dt></dl></dd><dt><span class="section"><a href="#sect-Defensive_Coding-CXX-Std">2.2. The C++ standard library</a></span></dt><dd><dl><dt><
span class="section"><a href="#sect-Defensive_Coding-CXX-Std-Functions">2.2.1. Functions that are difficult to use</a></span></dt><dt><span class="section"><a href="#sect-Defensive_Coding-CXX-Std-String">2.2.2. String handling with <code class="literal">std::string</code></a></span></dt><dt><span class="section"><a href="#sect-Defensive_Coding-CXX-Std-Subscript">2.2.3. Containers and <code class="literal">operator[]</code></a></span></dt><dt><span class="section"><a href="#sect-Defensive_Coding-CXX-Std-Iterators">2.2.4. Iterators</a></span></dt></dl></dd></dl></div><div xml:lang="en-US" class="section" id="sect-Defensive_Coding-CXX-Language" lang="en-US"><div class="titlepage"><div><div keep-together.within-column="always"><h2 class="title">2.1. The core language</h2></div></div></div><div class="para">
C++ includes a large subset of the C language. As far as the C subset is used, the recommendations in <a class="xref" href="#chap-Defensive_Coding-C">Chapter 1, <em>The C Programming Language</em></a> apply.
- </div><div class="section" id="idm217621747072"><div class="titlepage"><div><div keep-together.within-column="always"><h3 class="title" id="idm217621747072">2.1.1. Array allocation with <code class="literal">operator new[]</code></h3></div></div></div><div class="para">
- For very large values of <code class="literal">n</code>, an expression like <code class="literal">new T[n]</code> can return a pointer to a heap region which is too small. In other words, not all array elements are actually backed with heap memory reserved to the array. Current GCC versions generate code that performs a computation of the form <code class="literal">sizeof(T) * size_t(n) + cookie_size</code>, where <code class="literal">cookie_size</code> is currently at most 8. This computation can overflow, and GCC-generated code does not detect this.
+ </div><div class="section" id="idm225489138080"><div class="titlepage"><div><div keep-together.within-column="always"><h3 class="title" id="idm225489138080">2.1.1. Array allocation with <code class="literal">operator new[]</code></h3></div></div></div><div class="para">
+ For very large values of <code class="literal">n</code>, an expression like <code class="literal">new T[n]</code> can return a pointer to a heap region which is too small. In other words, not all array elements are actually backed with heap memory reserved to the array. Current GCC versions generate code that performs a computation of the form <code class="literal">sizeof(T) * size_t(n) + cookie_size</code>, where <code class="literal">cookie_size</code> is currently at most 8. This computation can overflow, and GCC versions prior to 4.8 generated code which did not detect this. (Fedora 18 was the first release which fixed this in GCC.)
</div><div class="para">
The <code class="literal">std::vector</code> template can be used instead an explicit array allocation. (The GCC implementation detects overflow internally.)
</div><div class="para">
- If there is no alternative to <code class="literal">operator new[]</code>, code which allocates arrays with a variable length must check for overflow manually. For the <code class="literal">new T[n]</code> example, the size check could be <code class="literal">n || (n > 0 && n > (size_t(-1) - 8) / sizeof(T))</code>. (See <a class="xref" href="#sect-Defensive_Coding-C-Arithmetic">Section 1.1.3, “Recommendations for integer arithmetic”</a>.) If there are additional dimensions (which must be constants according to the C++ standard), these should be included as factors in the divisor.
+ If there is no alternative to <code class="literal">operator new[]</code> and the sources will be compiled with older GCC versions, code which allocates arrays with a variable length must check for overflow manually. For the <code class="literal">new T[n]</code> example, the size check could be <code class="literal">n || (n > 0 && n > (size_t(-1) - 8) / sizeof(T))</code>. (See <a class="xref" href="#sect-Defensive_Coding-C-Arithmetic">Section 1.1.3, “Recommendations for integer arithmetic”</a>.) If there are additional dimensions (which must be constants according to the C++ standard), these should be included as factors in the divisor.
</div><div class="para">
- These countermeasures prevent out-of-bounds writes and potential code execution. Very large memory allocations can still lead to a denial of service. <a class="xref" href="#sect-Defensive_Coding-Tasks-Serialization-Decoders">Section 10.1, “Recommendations for manually written decoders”</a> contains suggestions for mitigating this problem when processing untrusted data.
+ These countermeasures prevent out-of-bounds writes and potential code execution. Very large memory allocations can still lead to a denial of service. <a class="xref" href="#sect-Defensive_Coding-Tasks-Serialization-Decoders">Section 12.1, “Recommendations for manually written decoders”</a> contains suggestions for mitigating this problem when processing untrusted data.
</div><div class="para">
See <a class="xref" href="#sect-Defensive_Coding-C-Allocators-Arrays">Section 1.3.3, “Array allocation”</a> for array allocation advice for C-style memory allocation.
- </div></div><div class="section" id="idm217616218752"><div class="titlepage"><div><div keep-together.within-column="always"><h3 class="title" id="idm217616218752">2.1.2. Overloading</h3></div></div></div><div class="para">
+ </div></div><div class="section" id="idm225496547824"><div class="titlepage"><div><div keep-together.within-column="always"><h3 class="title" id="idm225496547824">2.1.2. Overloading</h3></div></div></div><div class="para">
Do not overload functions with versions that have different security characteristics. For instance, do not implement a function <code class="function">strcat</code> which works on <span class="type">std::string</span> arguments. Similarly, do not name methods after such functions.
- </div></div><div class="section" id="idm217523870384"><div class="titlepage"><div><div keep-together.within-column="always"><h3 class="title" id="idm217523870384">2.1.3. ABI compatibility and preparing for security updates</h3></div></div></div><div class="para">
+ </div></div><div class="section" id="idm225489139440"><div class="titlepage"><div><div keep-together.within-column="always"><h3 class="title" id="idm225489139440">2.1.3. ABI compatibility and preparing for security updates</h3></div></div></div><div class="para">
A stable binary interface (ABI) is vastly preferred for security updates. Without a stable ABI, all reverse dependencies need recompiling, which can be a lot of work and could even be impossible in some cases. Ideally, a security update only updates a single dynamic shared object, and is picked up automatically after restarting affected processes.
</div><div class="para">
Outside of extremely performance-critical code, you should ensure that a wide range of changes is possible without breaking ABI. Some very basic guidelines are:
@@ -368,10 +397,72 @@ snprintf(buf, <span class="perl_Keyword">sizeof</span>(buf), <span class="perl_S
Some C++11 features (or approximations thereof) are available with TR1 support, that is, with <code class="option">-std=c++03</code> or <code class="option">-std=gnu++03</code> and in the <code class="literal"><tr1/*></code> header files. This includes <code class="literal">std::tr1::shared_ptr</code> (from <code class="literal"><tr1/memory></code>) and <code class="literal">std::tr1::function</code> (from <code class="literal"><tr1/functional></code>). For other C++11 features, the Boost C++ library contains replacements.
</div></div></div><div xml:lang="en-US" class="section" id="sect-Defensive_Coding-CXX-Std" lang="en-US"><div class="titlepage"><div><div keep-together.within-column="always"><h2 class="title">2.2. The C++ standard library</h2></div></div></div><div class="para">
The C++ standard library includes most of its C counterpart by reference, see <a class="xref" href="#sect-Defensive_Coding-C-Libc">Section 1.2, “The C standard library”</a>.
- </div><div class="section" id="idm217612409584"><div class="titlepage"><div><div keep-together.within-column="always"><h3 class="title" id="idm217612409584">2.2.1. Containers and <code class="literal">operator[]</code></h3></div></div></div><div class="para">
- Many containers similar to <code class="literal">std::vector</code> provide both <code class="literal">operator[](size_type)</code> and a member function <code class="literal">at(size_type)</code>. This applies to <code class="literal">std::vector</code> itself, <code class="literal">std::array</code>, <code class="literal">std::string</code> and other instances of <code class="literal">std::basic_string</code>.
+ </div><div class="section" id="sect-Defensive_Coding-CXX-Std-Functions"><div class="titlepage"><div><div keep-together.within-column="always"><h3 class="title">2.2.1. Functions that are difficult to use</h3></div></div></div><div class="para">
+ This section collects functions and function templates which are part of the standard library and are difficult to use.
+ </div><div class="section" id="sect-Defensive_Coding-CXX-Std-Functions-Unpaired_Iterators"><div class="titlepage"><div><div keep-together.within-column="always"><h4 class="title">2.2.1.1. Unpaired iterators</h4></div></div></div><div class="para">
+ Functions which use output operators or iterators which do not come in pairs (denoting ranges) cannot perform iterator range checking. (See <a class="xref" href="#sect-Defensive_Coding-CXX-Std-Iterators">Section 2.2.4, “Iterators”</a>) Function templates which involve output iterators are particularly dangerous:
+ </div><div class="itemizedlist"><ul><li class="listitem"><div class="para">
+ <code class="function">std::copy</code>
+ </div></li><li class="listitem"><div class="para">
+ <code class="function">std::copy_backward</code>
+ </div></li><li class="listitem"><div class="para">
+ <code class="function">std::copy_if</code>
+ </div></li><li class="listitem"><div class="para">
+ <code class="function">std::move</code> (three-argument variant)
+ </div></li><li class="listitem"><div class="para">
+ <code class="function">std::move_backward</code>
+ </div></li><li class="listitem"><div class="para">
+ <code class="function">std::partition_copy_if</code>
+ </div></li><li class="listitem"><div class="para">
+ <code class="function">std::remove_copy</code>
+ </div></li><li class="listitem"><div class="para">
+ <code class="function">std::remove_copy_if</code>
+ </div></li><li class="listitem"><div class="para">
+ <code class="function">std::replace_copy</code>
+ </div></li><li class="listitem"><div class="para">
+ <code class="function">std::replace_copy_if</code>
+ </div></li><li class="listitem"><div class="para">
+ <code class="function">std::swap_ranges</code>
+ </div></li><li class="listitem"><div class="para">
+ <code class="function">std::transform</code>
+ </div></li></ul></div><div class="para">
+ In addition, <code class="function">std::copy_n</code>, <code class="function">std::fill_n</code> and <code class="function">std::generate_n</code> do not perform iterator checking, either, but there is an explicit count which has to be supplied by the caller, as opposed to an implicit length indicator in the form of a pair of forward iterators.
+ </div><div class="para">
+ These output-iterator-expecting functions should only be used with unlimited-range output iterators, such as iterators obtained with the <code class="function">std::back_inserter</code> function.
+ </div><div class="para">
+ Other functions use single input or forward iterators, which can read beyond the end of the input range if the caller is not careful:
+ </div><div class="itemizedlist"><ul><li class="listitem"><div class="para">
+ <code class="function">std::equal</code>
+ </div></li><li class="listitem"><div class="para">
+ <code class="function">std::is_permutation</code>
+ </div></li><li class="listitem"><div class="para">
+ <code class="function">std::mismatch</code>
+ </div></li></ul></div></div></div><div class="section" id="sect-Defensive_Coding-CXX-Std-String"><div class="titlepage"><div><div keep-together.within-column="always"><h3 class="title">2.2.2. String handling with <code class="literal">std::string</code></h3></div></div></div><div class="para">
+ The <code class="literal">std::string</code> class provides a convenient way to handle strings. Unlike C strings, <code class="literal">std::string</code> objects have an explicit length (and can contain embedded NUL characters), and storage for its characters is managed automatically. This section discusses <code class="literal">std::string</code>, but these observations also apply to other instances of the <code class="literal">std::basic_string</code> template.
+ </div><div class="para">
+ The pointer returned by the <code class="function">data()</code> member function does not necessarily point to a NUL-terminated string. To obtain a C-compatible string pointer, use <code class="function">c_str()</code> instead, which adds the NUL terminator.
+ </div><div class="para">
+ The pointers returned by the <code class="function">data()</code> and <code class="function">c_str()</code> functions and iterators are only valid until certain events happen. It is required that the exact <code class="literal">std::string</code> object still exists (even if it was initially created as a copy of another string object). Pointers and iterators are also invalidated when non-const member functions are called, or functions with a non-const reference parameter. The behavior of the GCC implementation deviates from that required by the C++ standard if multiple threads are present. In general, only the first call to a non-const member function after a structural modification of the string (such as appending a character) is invalidating, but this also applies to member function such as the non-const version of <code class="function">begin()</code>, in violation of the C++ standard.
+ </div><div class="para">
+ Particular care is necessary when invoking the <code class="function">c_str()</code> member function on a temporary object. This is convenient for calling C functions, but the pointer will turn invalid as soon as the temporary object is destroyed, which generally happens when the outermost expression enclosing the expression on which <code class="function">c_str()</code> is called completes evaluation. Passing the result of <code class="function">c_str()</code> to a function which does not store or otherwise leak that pointer is safe, though.
+ </div><div class="para">
+ Like with <code class="literal">std::vector</code> and <code class="literal">std::array</code>, subscribing with <code class="literal">operator[]</code> does not perform bounds checks. Use the <code class="function">at(size_type)</code> member function instead. See <a class="xref" href="#sect-Defensive_Coding-CXX-Std-Subscript">Section 2.2.3, “Containers and <code class="literal">operator[]</code>”</a>. Furthermore, accessing the terminating NUL character using <code class="literal">operator[]</code> is not possible. (In some implementations, the <code class="literal">c_str()</code> member function writes the NUL character on demand.)
+ </div><div class="para">
+ Never write to the pointers returned by <code class="function">data()</code> or <code class="function">c_str()</code> after casting away <code class="literal">const</code>. If you need a C-style writable string, use a <code class="literal">std::vector<char></code> object and its <code class="function">data()</code> member function. In this case, you have to explicitly add the terminating NUL character.
+ </div><div class="para">
+ GCC's implementation of <code class="literal">std::string</code> is currently based on reference counting. It is expected that a future version will remove the reference counting, due to performance and conformance issues. As a result, code that implicitly assumes sharing by holding to pointers or iterators for too long will break, resulting in run-time crashes or worse. On the other hand, non-const iterator-returning functions will no longer give other threads an opportunity for invalidating existing iterators and pointers because iterator invalidation does not depend on sharing of the internal character array object anymore.
+ </div></div><div class="section" id="sect-Defensive_Coding-CXX-Std-Subscript"><div class="titlepage"><div><div keep-together.within-column="always"><h3 class="title">2.2.3. Containers and <code class="literal">operator[]</code></h3></div></div></div><div class="para">
+ Many sequence containers similar to <code class="literal">std::vector</code> provide both <code class="literal">operator[](size_type)</code> and a member function <code class="literal">at(size_type)</code>. This applies to <code class="literal">std::vector</code> itself, <code class="literal">std::array</code>, <code class="literal">std::string</code> and other instances of <code class="literal">std::basic_string</code>.
</div><div class="para">
<code class="literal">operator[](size_type)</code> is not required by the standard to perform bounds checking (and the implementation in GCC does not). In contrast, <code class="literal">at(size_type)</code> must perform such a check. Therefore, in code which is not performance-critical, you should prefer <code class="literal">at(size_type)</code> over <code class="literal">operator[](size_type)</code>, even though it is slightly more verbose.
+ </div><div class="para">
+ The <code class="literal">front()</code> and <code class="literal">back()</code> member functions are undefined if a vector object is empty. You can use <code class="literal">vec.at(0)</code> and <code class="literal">vec.at(vec.size() - 1)</code> as checked replacements. For an empty vector, <code class="literal">data()</code> is defined; it returns an arbitrary pointer, but not necessarily the NULL pointer.
+ </div></div><div class="section" id="sect-Defensive_Coding-CXX-Std-Iterators"><div class="titlepage"><div><div keep-together.within-column="always"><h3 class="title">2.2.4. Iterators</h3></div></div></div><div class="para">
+ Iterators do not perform any bounds checking. Therefore, all functions that work on iterators should accept them in pairs, denoting a range, and make sure that iterators are not moved outside that range. For forward iterators and bidirectional iterators, you need to check for equality before moving the first or last iterator in the range. For random-access iterators, you need to compute the difference before adding or subtracting an offset. It is not possible to perform the operation and check for an invalid operator afterwards.
+ </div><div class="para">
+ Output iterators cannot be compared for equality. Therefore, it is impossible to write code that detects that it has been supplied an output area that is too small, and their use should be avoided.
+ </div><div class="para">
+ These issues make some of the standard library functions difficult to use correctly, see <a class="xref" href="#sect-Defensive_Coding-CXX-Std-Functions-Unpaired_Iterators">Section 2.2.1.1, “Unpaired iterators”</a>.
</div></div></div></div><div xml:lang="en-US" class="chapter" id="chap-Defensive_Coding-Java" lang="en-US"><div class="titlepage"><div><div><h2 class="title">Chapter 3. The Java Programming Language</h2></div></div></div><div class="toc"><dl class="toc"><dt><span class="section"><a href="#sect-Defensive_Coding-Java-Language">3.1. The core language</a></span></dt><dd><dl><dt><span class="section"><a href="#sect-Defensive_Coding-Java-Language-ReadArray">3.1.1. Inceasing robustness when reading arrays</a></span></dt><dt><span class="section"><a href="#sect-Defensive_Coding-Java-Language-Resources">3.1.2. Resource management</a></span></dt><dt><span class="section"><a href="#sect-Defensive_Coding-Java-Language-Finalizers">3.1.3. Finalizers</a></span></dt><dt><span class="section"><a href="#sect-Defensive_Coding-Java-Language-Exceptions">3.1.4. Recovering from exceptions and errors</a></span></dt></dl></dd><dt><span class="section"><a href="#sect-Defensive_Coding-Java-LowLeve
l">3.2. Low-level features of the virtual machine</a></span></dt><dd><dl><dt><span class="section"><a href="#sect-Defensive_Coding-Java-Reflection">3.2.1. <code class="literal">Reflection and private parts</code></a></span></dt><dt><span class="section"><a href="#sect-Defensive_Coding-Java-JNI">3.2.2. Java Native Interface (JNI)</a></span></dt><dt><span class="section"><a href="#sect-Defensive_Coding-Java-MiscUnsafe">3.2.3. <code class="literal">sun.misc.Unsafe</code></a></span></dt></dl></dd><dt><span class="section"><a href="#sect-Defensive_Coding-Java-SecurityManager">3.3. Interacting with the security manager</a></span></dt><dd><dl><dt><span class="section"><a href="#sect-Defensive_Coding-Java-SecurityManager-Compatible">3.3.1. Security manager compatibility</a></span></dt><dt><span class="section"><a href="#sect-Defensive_Coding-Java-SecurityManager-Activate">3.3.2. Activating the security manager</a></span></dt><dt><span class="section"><a href="#sect-Defensive_Coding-
Java-SecurityManager-Unprivileged">3.3.3. Reducing trust in code</a></span></dt><dt><span class="section"><a href="#sect-Defensive_Coding-Java-SecurityManager-Privileged">3.3.4. Re-gaining privileges</a></span></dt></dl></dd></dl></div><div xml:lang="en-US" class="section" id="sect-Defensive_Coding-Java-Language" lang="en-US"><div class="titlepage"><div><div keep-together.within-column="always"><h2 class="title">3.1. The core language</h2></div></div></div><div class="para">
Implementations of the Java programming language provide strong memory safety, even in the presence of data races in concurrent code. This prevents a large range of security vulnerabilities from occurring, unless certain low-level features are used; see <a class="xref" href="#sect-Defensive_Coding-Java-LowLevel">Section 3.2, “Low-level features of the virtual machine”</a>.
</div><div class="section" id="sect-Defensive_Coding-Java-Language-ReadArray"><div class="titlepage"><div><div keep-together.within-column="always"><h3 class="title">3.1.1. Inceasing robustness when reading arrays</h3></div></div></div><div class="para">
@@ -685,21 +776,21 @@ AccessController.<span class="perl_Function">doPrivileged</span>(<span class="pe
});
}
}
-</pre></div></div><br class="example-break" /></div></div></div><div xml:lang="en-US" class="chapter" id="chap-Defensive_Coding-Python" lang="en-US"><div class="titlepage"><div><div><h2 class="title">Chapter 4. The Python Programming Language</h2></div></div></div><div class="toc"><dl class="toc"><dt><span class="section"><a href="#idm217608326608">4.1. Dangerous standard library features</a></span></dt><dt><span class="section"><a href="#idm217606502144">4.2. Run-time compilation and code generation</a></span></dt><dt><span class="section"><a href="#idm217628816768">4.3. Sandboxing</a></span></dt></dl></div><div class="para">
+</pre></div></div><br class="example-break" /></div></div></div><div xml:lang="en-US" class="chapter" id="chap-Defensive_Coding-Python" lang="en-US"><div class="titlepage"><div><div><h2 class="title">Chapter 4. The Python Programming Language</h2></div></div></div><div class="toc"><dl class="toc"><dt><span class="section"><a href="#idm225462965424">4.1. Dangerous standard library features</a></span></dt><dt><span class="section"><a href="#idm225437846320">4.2. Run-time compilation and code generation</a></span></dt><dt><span class="section"><a href="#idm225452013312">4.3. Sandboxing</a></span></dt></dl></div><div class="para">
Python provides memory safety by default, so low-level security vulnerabilities are rare and typically needs fixing the Python interpreter or standard library itself.
</div><div class="para">
Other sections with Python-specific advice include:
</div><div class="itemizedlist"><ul><li class="listitem"><div class="para">
- <a class="xref" href="#chap-Defensive_Coding-Tasks-Temporary_Files">Chapter 8, <em>Temporary files</em></a>
+ <a class="xref" href="#chap-Defensive_Coding-Tasks-Temporary_Files">Chapter 10, <em>Temporary files</em></a>
</div></li><li class="listitem"><div class="para">
- <a class="xref" href="#sect-Defensive_Coding-Tasks-Processes-Creation">Section 9.1, “Safe process creation”</a>
+ <a class="xref" href="#sect-Defensive_Coding-Tasks-Processes-Creation">Section 11.1, “Safe process creation”</a>
</div></li><li class="listitem"><div class="para">
- <a class="xref" href="#chap-Defensive_Coding-Tasks-Serialization">Chapter 10, <em>Serialization and Deserialization</em></a>, in particular <a class="xref" href="#sect-Defensive_Coding-Tasks-Serialization-Library">Section 10.3, “Library support for deserialization”</a>
+ <a class="xref" href="#chap-Defensive_Coding-Tasks-Serialization">Chapter 12, <em>Serialization and Deserialization</em></a>, in particular <a class="xref" href="#sect-Defensive_Coding-Tasks-Serialization-Library">Section 12.4, “Library support for deserialization”</a>
</div></li><li class="listitem"><div class="para">
- <a class="xref" href="#sect-Defensive_Coding-Tasks-Cryptography-Randomness">Section 11.2, “Randomness”</a>
- </div></li></ul></div><div class="section" id="idm217608326608"><div class="titlepage"><div><div keep-together.within-column="always"><h2 class="title" id="idm217608326608">4.1. Dangerous standard library features</h2></div></div></div><div class="para">
+ <a class="xref" href="#sect-Defensive_Coding-Tasks-Cryptography-Randomness">Section 13.2, “Randomness”</a>
+ </div></li></ul></div><div class="section" id="idm225462965424"><div class="titlepage"><div><div keep-together.within-column="always"><h2 class="title" id="idm225462965424">4.1. Dangerous standard library features</h2></div></div></div><div class="para">
Some areas of the standard library, notably the <code class="literal">ctypes</code> module, do not provide memory safety guarantees comparable to the rest of Python. If such functionality is used, the advice in <a class="xref" href="#sect-Defensive_Coding-C-Language">Section 1.1, “The core language”</a> should be followed.
- </div></div><div class="section" id="idm217606502144"><div class="titlepage"><div><div keep-together.within-column="always"><h2 class="title" id="idm217606502144">4.2. Run-time compilation and code generation</h2></div></div></div><div class="para">
+ </div></div><div class="section" id="idm225437846320"><div class="titlepage"><div><div keep-together.within-column="always"><h2 class="title" id="idm225437846320">4.2. Run-time compilation and code generation</h2></div></div></div><div class="para">
The following Python functions and statements related to code execution should be avoided:
</div><div class="itemizedlist"><ul><li class="listitem"><div class="para">
<code class="function">compile</code>
@@ -711,13 +802,81 @@ AccessController.<span class="perl_Function">doPrivileged</span>(<span class="pe
<code class="function">execfile</code>
</div></li></ul></div><div class="para">
If you need to parse integers or floating point values, use the <code class="function">int</code> and <code class="function">float</code> functions instead of <code class="function">eval</code>. Sandboxing untrusted Python code does not work reliably.
- </div></div><div class="section" id="idm217628816768"><div class="titlepage"><div><div keep-together.within-column="always"><h2 class="title" id="idm217628816768">4.3. Sandboxing</h2></div></div></div><div class="para">
+ </div></div><div class="section" id="idm225452013312"><div class="titlepage"><div><div keep-together.within-column="always"><h2 class="title" id="idm225452013312">4.3. Sandboxing</h2></div></div></div><div class="para">
The <code class="literal">rexec</code> Python module cannot safely sandbox untrusted code and should not be used. The standard CPython implementation is not suitable for sandboxing.
- </div></div></div></div><div class="part" id="idm217603864128"><div class="titlepage"><div><div text-align="center"><h1 class="title">Part II. Specific Programming Tasks</h1></div></div></div><div class="toc"><p><strong>Table of Contents</strong></p><dl class="toc"><dt><span class="chapter"><a href="#chap-Defensive_Coding-Tasks-Library_Design">5. Library Design</a></span></dt><dd><dl><dt><span class="section"><a href="#idm217647310832">5.1. State management</a></span></dt><dd><dl><dt><span class="section"><a href="#idm217628244928">5.1.1. Global state</a></span></dt><dt><span class="section"><a href="#idm217649075984">5.1.2. Handles</a></span></dt></dl></dd><dt><span class="section"><a href="#idm217618443168">5.2. Object orientation</a></span></dt><dt><span class="section"><a href="#sect-Defensive_Coding-Tasks-Library_Design-Callbacks">5.3. Callbacks</a></span></dt><dt><span class="section"><a href="#idm217608062976">5.4. Process attributes</a></span></dt></dl></dd><dt><
span class="chapter"><a href="#sect-Defensive_Coding-Tasks-Descriptors">6. File Descriptor Management</a></span></dt><dd><dl><dt><span class="section"><a href="#idm217616949440">6.1. Closing descriptors</a></span></dt><dd><dl><dt><span class="section"><a href="#idm217564313984">6.1.1. Error handling during descriptor close</a></span></dt><dt><span class="section"><a href="#idm217619823472">6.1.2. Closing descriptors and race conditions</a></span></dt><dt><span class="section"><a href="#idm217652421088">6.1.3. Lingering state after close</a></span></dt></dl></dd><dt><span class="section"><a href="#sect-Defensive_Coding-Tasks-Descriptors-Child_Processes">6.2. Preventing file descriptor leaks to child processes</a></span></dt><dt><span class="section"><a href="#sect-Defensive_Coding-Tasks-Descriptors-Limit">6.3. Dealing with the <code class="function">select</code> limit</a></span></dt></dl></dd><dt><span class="chapter"><a href="#chap-Defensive_Coding-Tasks-File_System">7. Fil
e system manipulation</a></span></dt><dd><dl><dt><span class="section"><a href="#sect-Defensive_Coding-Tasks-File_System-Unowned">7.1. Working with files and directories owned by other users</a></span></dt><dt><span class="section"><a href="#sect-Defensive_Coding-Tasks-File_System-Foreign">7.2. Accessing the file system as a different user</a></span></dt><dt><span class="section"><a href="#sect-Defensive_Coding-Tasks-File_System-Limits">7.3. File system limits</a></span></dt><dt><span class="section"><a href="#sect-Defensive_Coding-Tasks-File_System-Features">7.4. File system features</a></span></dt><dt><span class="section"><a href="#sect-Defensive_Coding-Tasks-File_System-Free_Space">7.5. Checking free space</a></span></dt></dl></dd><dt><span class="chapter"><a href="#chap-Defensive_Coding-Tasks-Temporary_Files">8. Temporary files</a></span></dt><dd><dl><dt><span class="section"><a href="#chap-Defensive_Coding-Tasks-Temporary_Files-Location">8.1. Obtaining the location of
temporary directory</a></span></dt><dt><span class="section"><a href="#idm217623690400">8.2. Named temporary files</a></span></dt><dt><span class="section"><a href="#idm217564767056">8.3. Temporary files without names</a></span></dt><dt><span class="section"><a href="#chap-Defensive_Coding-Tasks-Temporary_Directory">8.4. Temporary directories</a></span></dt><dt><span class="section"><a href="#idm217628443664">8.5. Compensating for unsafe file creation</a></span></dt></dl></dd><dt><span class="chapter"><a href="#sect-Defensive_Coding-Tasks-Processes">9. Processes</a></span></dt><dd><dl><dt><span class="section"><a href="#sect-Defensive_Coding-Tasks-Processes-Creation">9.1. Safe process creation</a></span></dt><dd><dl><dt><span class="section"><a href="#idm217628802256">9.1.1. Obtaining the program path and the command line template</a></span></dt><dt><span class="section"><a href="#sect-Defensive_Coding-Tasks-Processes-execve">9.1.2. Bypassing the shell</a></span></dt><dt><sp
an class="section"><a href="#sect-Defensive_Coding-Tasks-Processes-environ">9.1.3. Specifying the process environment</a></span></dt><dt><span class="section"><a href="#idm217619964880">9.1.4. Robust argument list processing</a></span></dt><dt><span class="section"><a href="#sect-Defensive_Coding-Tasks-Processes-Command_Line_Visibility">9.1.5. Passing secrets to subprocesses</a></span></dt></dl></dd><dt><span class="section"><a href="#idm217622868752">9.2. Handling child process termination</a></span></dt><dt><span class="section"><a href="#idm217625586384">9.3. <code class="literal">SUID</code>/<code class="literal">SGID</code> processes</a></span></dt><dd><dl><dt><span class="section"><a href="#sect-Defensive_Coding-Tasks-secure_getenv">9.3.1. Accessing environment variables</a></span></dt></dl></dd><dt><span class="section"><a href="#sect-Defensive_Coding-Tasks-Processes-Daemons">9.4. Daemons</a></span></dt><dt><span class="section"><a href="#idm217626109008">9.5. Semanti
cs of command line arguments</a></span></dt><dt><span class="section"><a href="#sect-Defensive_Coding-Tasks-Processes-Fork-Parallel">9.6. <code class="function">fork</code> as a primitive for parallelism</a></span></dt></dl></dd><dt><span class="chapter"><a href="#chap-Defensive_Coding-Tasks-Serialization">10. Serialization and Deserialization</a></span></dt><dd><dl><dt><span class="section"><a href="#sect-Defensive_Coding-Tasks-Serialization-Decoders">10.1. Recommendations for manually written decoders</a></span></dt><dt><span class="section"><a href="#idm217619956912">10.2. Protocol design</a></span></dt><dt><span class="section"><a href="#idm217645053984">10.3. Library support for deserialization</a></span></dt><dt><span class="section"><a href="#sect-Defensive_Coding-Tasks-Serialization-XML">10.4. XML serialization</a></span></dt><dd><dl><dt><span class="section"><a href="#sect-Defensive_Coding-Tasks-Serialization-XML-External">10.4.1. External references</a></span></dt>
<dt><span class="section"><a href="#sect-Defensive_Coding-Tasks-Serialization-XML-Entities">10.4.2. Entity expansion</a></span></dt><dt><span class="section"><a href="#sect-Defensive_Coding-Tasks-Serialization-XML-XInclude">10.4.3. XInclude processing</a></span></dt><dt><span class="section"><a href="#sect-Defensive_Coding-Tasks-Serialization-XML-Validation">10.4.4. Algorithmic complexity of XML validation</a></span></dt><dt><span class="section"><a href="#sect-Defensive_Coding-Tasks-Serialization-XML-Expat">10.4.5. Using Expat for XML parsing</a></span></dt><dt><span class="section"><a href="#sect-Defensive_Coding-Tasks-Serialization-Qt">10.4.6. Using Qt for XML parsing</a></span></dt><dt><span class="section"><a href="#sect-Defensive_Coding-Tasks-Serialization-XML-OpenJDK_Parse">10.4.7. Using OpenJDK for XML parsing and validation</a></span></dt></dl></dd><dt><span class="section"><a href="#idm217614300256">10.5. Protocol Encoders</a></span></dt></dl></dd><dt><span class="
chapter"><a href="#chap-Defensive_Coding-Tasks-Cryptography">11. Cryptography</a></span></dt><dd><dl><dt><span class="section"><a href="#idm217608525920">11.1. Primitives</a></span></dt><dt><span class="section"><a href="#idm217628358944">11.2. Randomness</a></span></dt></dl></dd></dl></div><div xml:lang="en-US" class="chapter" id="chap-Defensive_Coding-Tasks-Library_Design" lang="en-US"><div class="titlepage"><div><div><h2 class="title">Chapter 5. Library Design</h2></div></div></div><div class="toc"><dl class="toc"><dt><span class="section"><a href="#idm217647310832">5.1. State management</a></span></dt><dd><dl><dt><span class="section"><a href="#idm217628244928">5.1.1. Global state</a></span></dt><dt><span class="section"><a href="#idm217649075984">5.1.2. Handles</a></span></dt></dl></dd><dt><span class="section"><a href="#idm217618443168">5.2. Object orientation</a></span></dt><dt><span class="section"><a href="#sect-Defensive_Coding-Tasks-Library_Design-Callbacks">5.3
. Callbacks</a></span></dt><dt><span class="section"><a href="#idm217608062976">5.4. Process attributes</a></span></dt></dl></div><div class="para">
+ </div></div></div><div xml:lang="en-US" class="chapter" id="chap-Defensive_Coding-Go" lang="en-US"><div class="titlepage"><div><div><h2 class="title">Chapter 5. The Go Programming Language</h2></div></div></div><div class="toc"><dl class="toc"><dt><span class="section"><a href="#chap-Defensive_Coding-Go-Memory_Safety">5.1. Memory safety</a></span></dt><dt><span class="section"><a href="#chap-Defensive_Coding-Go-Error_Handling">5.2. Error handling</a></span></dt><dt><span class="section"><a href="#chap-Defensive_Coding-Go-Garbage_Collector">5.3. Garbage Collector</a></span></dt></dl></div><div class="para">
+ This chapter contains language-specific recommendations for Go.
+ </div><div class="section" id="chap-Defensive_Coding-Go-Memory_Safety"><div class="titlepage"><div><div keep-together.within-column="always"><h2 class="title">5.1. Memory safety</h2></div></div></div><div class="para">
+ Go provides memory safety, but only if the program is not executed in parallel (that is, <code class="envar">GOMAXPROCS</code> is not larger than <code class="literal">1</code>). The reason is that interface values and slices consist of multiple words are not updated atomically. Another thread of execution can observe an inconsistent pairing between type information and stored value (for interfaces) or pointer and length (for slices), and such inconsistency can lead to a memory safety violation.
+ </div><div class="para">
+ Code which does not run in parallel and does not use the <code class="literal">unsafe</code> package (or other packages which expose unsafe constructs) is memory-safe. For example, invalid casts and out-of-range subscripting cause panics and run time.
+ </div><div class="para">
+ Keep in mind that finalization can introduce parallelism because finalizers are executed concurrently, potentially interleaved with the rest of the program.
+ </div></div><div class="section" id="chap-Defensive_Coding-Go-Error_Handling"><div class="titlepage"><div><div keep-together.within-column="always"><h2 class="title">5.2. Error handling</h2></div></div></div><div class="para">
+ Only a few common operations (such as pointer dereference, integer division, array subscripting) trigger exceptions in Go, called <span class="emphasis"><em>panics</em></span>. Most interfaces in the standard library use a separate return value of type <code class="literal">error</code> to signal error.
+ </div><div class="para">
+ Not checking error return values can lead to incorrect operation and data loss (especially in the case of writes, using interfaces such as <code class="literal">io.Writer</code>).
+ </div><div class="para">
+ The correct way to check error return values depends on the function or method being called. In the majority of cases, the first step after calling a function should be an error check against the <code class="literal">nil</code> value, handling any encountered error. See <a class="xref" href="#ex-Defensive_Coding-Go-Error_Handling-Regular">Example 5.1, “Regular error handling in Go”</a> for details.
+ </div><div class="example" id="ex-Defensive_Coding-Go-Error_Handling-Regular"><h6>Example 5.1. Regular error handling in Go</h6><div class="example-contents"><pre xml:lang="en-US" class="programlisting" lang="en-US">
+type Processor interface {
+ Process(buf []byte) (message string, err error)
+}
+
+type ErrorHandler interface {
+ Handle(err error)
+}
+
+func RegularError(buf []byte, processor Processor,
+ handler ErrorHandler) (message string, err error) {
+ message, err = processor.Process(buf)
+ <span class="perl_Keyword">if</span> err != nil {
+ handler.Handle(err)
+ <span class="perl_Keyword">return</span> <span class="perl_String">""</span>, err
+ }
+ <span class="perl_Keyword">return</span>
+}
+</pre></div></div><br class="example-break" /><div class="para">
+ However, with <code class="literal">io.Reader</code>, <code class="literal">io.ReaderAt</code> and related interfaces, it is necessary to check for a non-zero number of read bytes first, as shown in <a class="xref" href="#ex-Defensive_Coding-Go-Error_Handling-IO">Example 5.2, “Read error handling in Go”</a>. If this pattern is not followed, data loss may occur. This is due to the fact that the <code class="literal">io.Reader</code> interface permits returning both data and an error at the same time.
+ </div><div class="example" id="ex-Defensive_Coding-Go-Error_Handling-IO"><h6>Example 5.2. Read error handling in Go</h6><div class="example-contents"><pre xml:lang="en-US" class="programlisting" lang="en-US">
+func IOError(r io.Reader, buf []byte, processor Processor,
+ handler ErrorHandler) (message string, err error) {
+ n, err := r.Read(buf)
+ <span class="perl_Comment">// First check for available data.</span><span class="perl_Comment"></span>
+<span class="perl_Comment"></span> <span class="perl_Keyword">if</span> n > 0 {
+ message, err = processor.Process(buf[0:n])
+ <span class="perl_Comment">// Regular error handling.</span><span class="perl_Comment"></span>
+<span class="perl_Comment"></span> <span class="perl_Keyword">if</span> err != nil {
+ handler.Handle(err)
+ <span class="perl_Keyword">return</span> <span class="perl_String">""</span>, err
+ }
+ }
+ <span class="perl_Comment">// Then handle any error.</span><span class="perl_Comment"></span>
+<span class="perl_Comment"></span> <span class="perl_Keyword">if</span> err != nil {
+ handler.Handle(err)
+ <span class="perl_Keyword">return</span> <span class="perl_String">""</span>, err
+ }
+ <span class="perl_Keyword">return</span>
+}
+</pre></div></div><br class="example-break" /></div><div class="section" id="chap-Defensive_Coding-Go-Garbage_Collector"><div class="titlepage"><div><div keep-together.within-column="always"><h2 class="title">5.3. Garbage Collector</h2></div></div></div><div class="para">
+ Older Go releases (before Go 1.3) use a conservative garbage collector without blacklisting. This means that data blobs can cause retention of unrelated data structures because the data is conservatively interpreted as pointers. This phenomenon can be triggered accidentally on 32-bit architectures and is more likely to occur if the heap grows larger. On 64-bit architectures, it may be possible to trigger it deliberately—it is unlikely to occur spontaneously.
+ </div></div></div><div xml:lang="en-US" class="chapter" id="chap-Defensive_Coding-Vala" lang="en-US"><div class="titlepage"><div><div><h2 class="title">Chapter 6. The Vala Programming Language</h2></div></div></div><div class="para">
+ Vala is a programming language mainly targeted at GNOME developers.
+ </div><div class="para">
+ Its syntax is inspired by C# (and thus, indirectly, by Java). But unlike C# and Java, Vala does not attempt to provide memory safety: Vala is compiled to C, and the C code is compiled with GCC using typical compiler flags. Basic operations like integer arithmetic are directly mapped to C constructs. As a results, the recommendations in <a class="xref" href="#chap-Defensive_Coding-C">Chapter 1, <em>The C Programming Language</em></a> apply.
+ </div><div class="para">
+ In particular, the following Vala language constructs can result in undefined behavior at run time:
+ </div><div class="itemizedlist"><ul><li class="listitem"><div class="para">
+ Integer arithmetic, as described in <a class="xref" href="#sect-Defensive_Coding-C-Arithmetic">Section 1.1.3, “Recommendations for integer arithmetic”</a>.
+ </div></li><li class="listitem"><div class="para">
+ Pointer arithmetic, string subscripting and the <code class="literal">substring</code> method on strings (the <code class="literal">string</code> class in the <code class="literal">glib-2.0</code> package) are not range-checked. It is the responsibility of the calling code to ensure that the arguments being passed are valid. This applies even to cases (like <code class="literal">substring</code>) where the implementation would have range information to check the validity of indexes. See <a class="xref" href="#sect-Defensive_Coding-C-Pointers">Section 1.1.2, “Recommendations for pointers and array handling”</a>.
+ </div></li><li class="listitem"><div class="para">
+ Similarly, Vala only performs garbage collection (through reference counting) for <code class="literal">GObject</code> values. For plain C pointers (such as strings), the programmer has to ensure that storage is deallocated once it is no longer needed (to avoid memory leaks), and that storage is not being deallocated while it is still being used (see <a class="xref" href="#sect-Defensive_Coding-C-Use-After-Free">Section 1.3.1.1, “Use-after-free errors”</a>).
+ </div></li></ul></div></div></div><div class="part" id="idm225446782352"><div class="titlepage"><div><div text-align="center"><h1 class="title">Part II. Specific Programming Tasks</h1></div></div></div><div class="toc"><p><strong>Table of Contents</strong></p><dl class="toc"><dt><span class="chapter"><a href="#chap-Defensive_Coding-Tasks-Library_Design">7. Library Design</a></span></dt><dd><dl><dt><span class="section"><a href="#idm225461550096">7.1. State management</a></span></dt><dd><dl><dt><span class="section"><a href="#idm225456220368">7.1.1. Global state</a></span></dt><dt><span class="section"><a href="#idm225456360144">7.1.2. Handles</a></span></dt></dl></dd><dt><span class="section"><a href="#idm225362028336">7.2. Object orientation</a></span></dt><dt><span class="section"><a href="#sect-Defensive_Coding-Tasks-Library_Design-Callbacks">7.3. Callbacks</a></span></dt><dt><span class="section"><a href="#idm225458031568">7.4. Process attributes</a></span></dt></dl
></dd><dt><span class="chapter"><a href="#sect-Defensive_Coding-Tasks-Descriptors">8. File Descriptor Management</a></span></dt><dd><dl><dt><span class="section"><a href="#idm225463482160">8.1. Closing descriptors</a></span></dt><dd><dl><dt><span class="section"><a href="#idm225452445568">8.1.1. Error handling during descriptor close</a></span></dt><dt><span class="section"><a href="#idm225452860400">8.1.2. Closing descriptors and race conditions</a></span></dt><dt><span class="section"><a href="#idm225442407552">8.1.3. Lingering state after close</a></span></dt></dl></dd><dt><span class="section"><a href="#sect-Defensive_Coding-Tasks-Descriptors-Child_Processes">8.2. Preventing file descriptor leaks to child processes</a></span></dt><dt><span class="section"><a href="#sect-Defensive_Coding-Tasks-Descriptors-Limit">8.3. Dealing with the <code class="function">select</code> limit</a></span></dt></dl></dd><dt><span class="chapter"><a href="#chap-Defensive_Coding-Tasks-File_Sys
tem">9. File system manipulation</a></span></dt><dd><dl><dt><span class="section"><a href="#sect-Defensive_Coding-Tasks-File_System-Unowned">9.1. Working with files and directories owned by other users</a></span></dt><dt><span class="section"><a href="#sect-Defensive_Coding-Tasks-File_System-Foreign">9.2. Accessing the file system as a different user</a></span></dt><dt><span class="section"><a href="#sect-Defensive_Coding-Tasks-File_System-Limits">9.3. File system limits</a></span></dt><dt><span class="section"><a href="#sect-Defensive_Coding-Tasks-File_System-Features">9.4. File system features</a></span></dt><dt><span class="section"><a href="#sect-Defensive_Coding-Tasks-File_System-Free_Space">9.5. Checking free space</a></span></dt></dl></dd><dt><span class="chapter"><a href="#chap-Defensive_Coding-Tasks-Temporary_Files">10. Temporary files</a></span></dt><dd><dl><dt><span class="section"><a href="#chap-Defensive_Coding-Tasks-Temporary_Files-Location">10.1. Obtaining the
location of temporary directory</a></span></dt><dt><span class="section"><a href="#idm225440111200">10.2. Named temporary files</a></span></dt><dt><span class="section"><a href="#idm225471949376">10.3. Temporary files without names</a></span></dt><dt><span class="section"><a href="#chap-Defensive_Coding-Tasks-Temporary_Directory">10.4. Temporary directories</a></span></dt><dt><span class="section"><a href="#idm225466685888">10.5. Compensating for unsafe file creation</a></span></dt></dl></dd><dt><span class="chapter"><a href="#sect-Defensive_Coding-Tasks-Processes">11. Processes</a></span></dt><dd><dl><dt><span class="section"><a href="#sect-Defensive_Coding-Tasks-Processes-Creation">11.1. Safe process creation</a></span></dt><dd><dl><dt><span class="section"><a href="#idm225451489136">11.1.1. Obtaining the program path and the command line template</a></span></dt><dt><span class="section"><a href="#sect-Defensive_Coding-Tasks-Processes-execve">11.1.2. Bypassing the shell</
a></span></dt><dt><span class="section"><a href="#sect-Defensive_Coding-Tasks-Processes-environ">11.1.3. Specifying the process environment</a></span></dt><dt><span class="section"><a href="#idm225449401040">11.1.4. Robust argument list processing</a></span></dt><dt><span class="section"><a href="#sect-Defensive_Coding-Tasks-Processes-Command_Line_Visibility">11.1.5. Passing secrets to subprocesses</a></span></dt></dl></dd><dt><span class="section"><a href="#idm225441023584">11.2. Handling child process termination</a></span></dt><dt><span class="section"><a href="#idm225456597984">11.3. <code class="literal">SUID</code>/<code class="literal">SGID</code> processes</a></span></dt><dd><dl><dt><span class="section"><a href="#sect-Defensive_Coding-Tasks-secure_getenv">11.3.1. Accessing environment variables</a></span></dt></dl></dd><dt><span class="section"><a href="#sect-Defensive_Coding-Tasks-Processes-Daemons">11.4. Daemons</a></span></dt><dt><span class="section"><a href="#i
dm225410763344">11.5. Semantics of command line arguments</a></span></dt><dt><span class="section"><a href="#sect-Defensive_Coding-Tasks-Processes-Fork-Parallel">11.6. <code class="function">fork</code> as a primitive for parallelism</a></span></dt></dl></dd><dt><span class="chapter"><a href="#chap-Defensive_Coding-Tasks-Serialization">12. Serialization and Deserialization</a></span></dt><dd><dl><dt><span class="section"><a href="#sect-Defensive_Coding-Tasks-Serialization-Decoders">12.1. Recommendations for manually written decoders</a></span></dt><dt><span class="section"><a href="#idm225454526272">12.2. Protocol design</a></span></dt><dt><span class="section"><a href="#sect-Defensive_Coding-Tasks-Serialization-Fragmentation">12.3. Fragmentation</a></span></dt><dd><dl><dt><span class="section"><a href="#sect-Defensive_Coding-Tasks-Serialization-Fragmentation-ID">12.3.1. Fragment IDs</a></span></dt></dl></dd><dt><span class="section"><a href="#idm225453976880">12.4. Library
support for deserialization</a></span></dt><dt><span class="section"><a href="#sect-Defensive_Coding-Tasks-Serialization-XML">12.5. XML serialization</a></span></dt><dd><dl><dt><span class="section"><a href="#sect-Defensive_Coding-Tasks-Serialization-XML-External">12.5.1. External references</a></span></dt><dt><span class="section"><a href="#sect-Defensive_Coding-Tasks-Serialization-XML-Entities">12.5.2. Entity expansion</a></span></dt><dt><span class="section"><a href="#sect-Defensive_Coding-Tasks-Serialization-XML-XInclude">12.5.3. XInclude processing</a></span></dt><dt><span class="section"><a href="#sect-Defensive_Coding-Tasks-Serialization-XML-Validation">12.5.4. Algorithmic complexity of XML validation</a></span></dt><dt><span class="section"><a href="#sect-Defensive_Coding-Tasks-Serialization-XML-Expat">12.5.5. Using Expat for XML parsing</a></span></dt><dt><span class="section"><a href="#sect-Defensive_Coding-Tasks-Serialization-Qt">12.5.6. Using Qt for XML parsing</
a></span></dt><dt><span class="section"><a href="#sect-Defensive_Coding-Tasks-Serialization-XML-OpenJDK_Parse">12.5.7. Using OpenJDK for XML parsing and validation</a></span></dt></dl></dd><dt><span class="section"><a href="#idm225461438784">12.6. Protocol Encoders</a></span></dt></dl></dd><dt><span class="chapter"><a href="#chap-Defensive_Coding-Tasks-Cryptography">13. Cryptography</a></span></dt><dd><dl><dt><span class="section"><a href="#idm225439624448">13.1. Primitives</a></span></dt><dt><span class="section"><a href="#idm225469447536">13.2. Randomness</a></span></dt></dl></dd><dt><span class="chapter"><a href="#chap-Defensive_Coding-Tasks-Packaging">14. RPM packaging</a></span></dt><dd><dl><dt><span class="section"><a href="#sect-Defensive_Coding-Tasks-Packaging-Certificates">14.1. Generating X.509 self-signed certificates during installation</a></span></dt><dt><span class="section"><a href="#sect-Defensive_Coding-Tasks-Packaging-Certificates-Service">14.2. Generating
X.509 self-signed certificates before service start</a></span></dt></dl></dd></dl></div><div xml:lang="en-US" class="chapter" id="chap-Defensive_Coding-Tasks-Library_Design" lang="en-US"><div class="titlepage"><div><div><h2 class="title">Chapter 7. Library Design</h2></div></div></div><div class="toc"><dl class="toc"><dt><span class="section"><a href="#idm225461550096">7.1. State management</a></span></dt><dd><dl><dt><span class="section"><a href="#idm225456220368">7.1.1. Global state</a></span></dt><dt><span class="section"><a href="#idm225456360144">7.1.2. Handles</a></span></dt></dl></dd><dt><span class="section"><a href="#idm225362028336">7.2. Object orientation</a></span></dt><dt><span class="section"><a href="#sect-Defensive_Coding-Tasks-Library_Design-Callbacks">7.3. Callbacks</a></span></dt><dt><span class="section"><a href="#idm225458031568">7.4. Process attributes</a></span></dt></dl></div><div class="para">
Throught this section, the term <span class="emphasis"><em>client code</em></span> refers to applications and other libraries using the library.
- </div><div class="section" id="idm217647310832"><div class="titlepage"><div><div keep-together.within-column="always"><h2 class="title" id="idm217647310832">5.1. State management</h2></div></div></div><div class="para">
+ </div><div class="section" id="idm225461550096"><div class="titlepage"><div><div keep-together.within-column="always"><h2 class="title" id="idm225461550096">7.1. State management</h2></div></div></div><div class="para">
- </div><div class="section" id="idm217628244928"><div class="titlepage"><div><div keep-together.within-column="always"><h3 class="title" id="idm217628244928">5.1.1. Global state</h3></div></div></div><div class="para">
+ </div><div class="section" id="idm225456220368"><div class="titlepage"><div><div keep-together.within-column="always"><h3 class="title" id="idm225456220368">7.1.1. Global state</h3></div></div></div><div class="para">
Global state should be avoided.
</div><div class="para">
If this is impossible, the global state must be protected with a lock. For C/C++, you can use the <code class="function">pthread_mutex_lock</code> and <code class="function">pthread_mutex_unlock</code> functions without linking against <code class="literal">-lpthread</code> because the system provides stubs for non-threaded processes.
@@ -725,7 +884,7 @@ AccessController.<span class="perl_Function">doPrivileged</span>(<span class="pe
For compatibility with <code class="function">fork</code>, these locks should be acquired and released in helpers registered with <code class="function">pthread_atfork</code>. This function is not available without <code class="literal">-lpthread</code>, so you need to use <code class="function">dlsym</code> or a weak symbol to obtain its address.
</div><div class="para">
If you need <code class="function">fork</code> protection for other reasons, you should store the process ID and compare it to the value returned by <code class="function">getpid</code> each time you access the global state. (<code class="function">getpid</code> is not implemented as a system call and is fast.) If the value changes, you know that you have to re-create the state object. (This needs to be combined with locking, of course.)
- </div></div><div class="section" id="idm217649075984"><div class="titlepage"><div><div keep-together.within-column="always"><h3 class="title" id="idm217649075984">5.1.2. Handles</h3></div></div></div><div class="para">
+ </div></div><div class="section" id="idm225456360144"><div class="titlepage"><div><div keep-together.within-column="always"><h3 class="title" id="idm225456360144">7.1.2. Handles</h3></div></div></div><div class="para">
Library state should be kept behind a curtain. Client code should receive only a handle. In C, the handle can be a pointer to an incomplete <code class="literal">struct</code>. In C++, the handle can be a pointer to an abstract base class, or it can be hidden using the pointer-to-implementation idiom.
</div><div class="para">
The library should provide functions for creating and destroying handles. (In C++, it is possible to use virtual destructors for the latter.) Consistency between creation and destruction of handles is strongly recommended: If the client code created a handle, it is the responsibility of the client code to destroy it. (This is not always possible or convenient, so sometimes, a transfer of ownership has to happen.)
@@ -733,11 +892,11 @@ AccessController.<span class="perl_Function">doPrivileged</span>(<span class="pe
Using handles ensures that it is possible to change the way the library represents state in a way that is transparent to client code. This is important to facilitate security updates and many other code changes.
</div><div class="para">
It is not always necessary to protect state behind a handle with a lock. This depends on the level of thread safety the library provides.
- </div></div></div><div class="section" id="idm217618443168"><div class="titlepage"><div><div keep-together.within-column="always"><h2 class="title" id="idm217618443168">5.2. Object orientation</h2></div></div></div><div class="para">
+ </div></div></div><div class="section" id="idm225362028336"><div class="titlepage"><div><div keep-together.within-column="always"><h2 class="title" id="idm225362028336">7.2. Object orientation</h2></div></div></div><div class="para">
Classes should be either designed as base classes, or it should be impossible to use them as base classes (like <code class="literal">final</code> classes in Java). Classes which are not designed for inheritance and are used as base classes nevertheless create potential maintenance hazards because it is difficult to predict how client code will react when calls to virtual methods are added, reordered or removed.
</div><div class="para">
- Virtual member functions can be used as callbacks. See <a class="xref" href="#sect-Defensive_Coding-Tasks-Library_Design-Callbacks">Section 5.3, “Callbacks”</a> for some of the challenges involved.
- </div></div><div class="section" id="sect-Defensive_Coding-Tasks-Library_Design-Callbacks"><div class="titlepage"><div><div keep-together.within-column="always"><h2 class="title">5.3. Callbacks</h2></div></div></div><div class="para">
+ Virtual member functions can be used as callbacks. See <a class="xref" href="#sect-Defensive_Coding-Tasks-Library_Design-Callbacks">Section 7.3, “Callbacks”</a> for some of the challenges involved.
+ </div></div><div class="section" id="sect-Defensive_Coding-Tasks-Library_Design-Callbacks"><div class="titlepage"><div><div keep-together.within-column="always"><h2 class="title">7.3. Callbacks</h2></div></div></div><div class="para">
Higher-order code is difficult to analyze for humans and computers alike, so it should be avoided. Often, an iterator-based interface (a library function which is called repeatedly by client code and returns a stream of events) leads to a better design which is easier to document and use.
</div><div class="para">
If callbacks are unavoidable, some guidelines for them follow.
@@ -749,10 +908,10 @@ AccessController.<span class="perl_Function">doPrivileged</span>(<span class="pe
Callbacks can throw exceptions or call <code class="function">longjmp</code>. If possible, all library objects should remain in a valid state. (All further operations on them can fail, but it should be possible to deallocate them without causing resource leaks.)
</div><div class="para">
The presence of callbacks raises the question if functions provided by the library are <span class="emphasis"><em>reentrant</em></span>. Unless a library was designed for such use, bad things will happen if a callback function uses functions in the same library (particularly if they are invoked on the same objects and manipulate the same state). When the callback is invoked, the library can be in an inconsistent state. Reentrant functions are more difficult to write than thread-safe functions (by definition, simple locking would immediately lead to deadlocks). It is also difficult to decide what to do when destruction of an object which is currently processing a callback is requested.
- </div></div><div class="section" id="idm217608062976"><div class="titlepage"><div><div keep-together.within-column="always"><h2 class="title" id="idm217608062976">5.4. Process attributes</h2></div></div></div><div class="para">
+ </div></div><div class="section" id="idm225458031568"><div class="titlepage"><div><div keep-together.within-column="always"><h2 class="title" id="idm225458031568">7.4. Process attributes</h2></div></div></div><div class="para">
Several attributes are global and affect all code in the process, not just the library that manipulates them.
</div><div class="itemizedlist"><ul><li class="listitem"><div class="para">
- environment variables (see <a class="xref" href="#sect-Defensive_Coding-Tasks-secure_getenv">Section 9.3.1, “Accessing environment variables”</a>)
+ environment variables (see <a class="xref" href="#sect-Defensive_Coding-Tasks-secure_getenv">Section 11.3.1, “Accessing environment variables”</a>)
</div></li><li class="listitem"><div class="para">
umask
</div></li><li class="listitem"><div class="para">
@@ -767,15 +926,15 @@ AccessController.<span class="perl_Function">doPrivileged</span>(<span class="pe
Library code should avoid manipulating these global process attributes. It should not rely on environment variables, umask, the current working directory and signal masks because these attributes can be inherted from an untrusted source.
</div><div class="para">
In addition, there are obvious process-wide aspects such as the virtual memory layout, the set of open files and dynamic shared objects, but with the exception of shared objects, these can be manipulated in a relatively isolated way.
- </div></div></div><div xml:lang="en-US" class="chapter" id="sect-Defensive_Coding-Tasks-Descriptors" lang="en-US"><div class="titlepage"><div><div><h2 class="title">Chapter 6. File Descriptor Management</h2></div></div></div><div class="toc"><dl class="toc"><dt><span class="section"><a href="#idm217616949440">6.1. Closing descriptors</a></span></dt><dd><dl><dt><span class="section"><a href="#idm217564313984">6.1.1. Error handling during descriptor close</a></span></dt><dt><span class="section"><a href="#idm217619823472">6.1.2. Closing descriptors and race conditions</a></span></dt><dt><span class="section"><a href="#idm217652421088">6.1.3. Lingering state after close</a></span></dt></dl></dd><dt><span class="section"><a href="#sect-Defensive_Coding-Tasks-Descriptors-Child_Processes">6.2. Preventing file descriptor leaks to child processes</a></span></dt><dt><span class="section"><a href="#sect-Defensive_Coding-Tasks-Descriptors-Limit">6.3. Dealing with the <code class="f
unction">select</code> limit</a></span></dt></dl></div><div class="para">
+ </div></div></div><div xml:lang="en-US" class="chapter" id="sect-Defensive_Coding-Tasks-Descriptors" lang="en-US"><div class="titlepage"><div><div><h2 class="title">Chapter 8. File Descriptor Management</h2></div></div></div><div class="toc"><dl class="toc"><dt><span class="section"><a href="#idm225463482160">8.1. Closing descriptors</a></span></dt><dd><dl><dt><span class="section"><a href="#idm225452445568">8.1.1. Error handling during descriptor close</a></span></dt><dt><span class="section"><a href="#idm225452860400">8.1.2. Closing descriptors and race conditions</a></span></dt><dt><span class="section"><a href="#idm225442407552">8.1.3. Lingering state after close</a></span></dt></dl></dd><dt><span class="section"><a href="#sect-Defensive_Coding-Tasks-Descriptors-Child_Processes">8.2. Preventing file descriptor leaks to child processes</a></span></dt><dt><span class="section"><a href="#sect-Defensive_Coding-Tasks-Descriptors-Limit">8.3. Dealing with the <code class="f
unction">select</code> limit</a></span></dt></dl></div><div class="para">
File descriptors underlie all input/output mechanisms offered by the system. They are used to implementation the <code class="literal">FILE *</code>-based functions found in <code class="literal"><stdio.h></code>, and all the file and network communication facilities provided by the Python and Java environments are eventually implemented in them.
</div><div class="para">
File descriptors are small, non-negative integers in userspace, and are backed on the kernel side with complicated data structures which can sometimes grow very large.
- </div><div class="section" id="idm217616949440"><div class="titlepage"><div><div keep-together.within-column="always"><h2 class="title" id="idm217616949440">6.1. Closing descriptors</h2></div></div></div><div class="para">
- If a descriptor is no longer used by a program and is not closed explicitly, its number cannot be reused (which is problematic in itself, see <a class="xref" href="#sect-Defensive_Coding-Tasks-Descriptors-Limit">Section 6.3, “Dealing with the <code class="function">select</code> limit”</a>), and the kernel resources are not freed. Therefore, it is important to close all descriptors at the earlierst point in time possible, but not earlier.
- </div><div class="section" id="idm217564313984"><div class="titlepage"><div><div keep-together.within-column="always"><h3 class="title" id="idm217564313984">6.1.1. Error handling during descriptor close</h3></div></div></div><div class="para">
+ </div><div class="section" id="idm225463482160"><div class="titlepage"><div><div keep-together.within-column="always"><h2 class="title" id="idm225463482160">8.1. Closing descriptors</h2></div></div></div><div class="para">
+ If a descriptor is no longer used by a program and is not closed explicitly, its number cannot be reused (which is problematic in itself, see <a class="xref" href="#sect-Defensive_Coding-Tasks-Descriptors-Limit">Section 8.3, “Dealing with the <code class="function">select</code> limit”</a>), and the kernel resources are not freed. Therefore, it is important to close all descriptors at the earlierst point in time possible, but not earlier.
+ </div><div class="section" id="idm225452445568"><div class="titlepage"><div><div keep-together.within-column="always"><h3 class="title" id="idm225452445568">8.1.1. Error handling during descriptor close</h3></div></div></div><div class="para">
The <code class="function">close</code> system call is always successful in the sense that the passed file descriptor is never valid after the function has been called. However, <code class="function">close</code> still can return an error, for example if there was a file system failure. But this error is not very useful because the absence of an error does not mean that all caches have been emptied and previous writes have been made durable. Programs which need such guarantees must open files with <code class="literal">O_SYNC</code> or use <code class="literal">fsync</code> or <code class="literal">fdatasync</code>, and may also have to <code class="literal">fsync</code> the directory containing the file.
- </div></div><div class="section" id="idm217619823472"><div class="titlepage"><div><div keep-together.within-column="always"><h3 class="title" id="idm217619823472">6.1.2. Closing descriptors and race conditions</h3></div></div></div><div class="para">
+ </div></div><div class="section" id="idm225452860400"><div class="titlepage"><div><div keep-together.within-column="always"><h3 class="title" id="idm225452860400">8.1.2. Closing descriptors and race conditions</h3></div></div></div><div class="para">
Unlike process IDs, which are recycle only gradually, the kernel always allocates the lowest unused file descriptor when a new descriptor is created. This means that in a multi-threaded program which constantly opens and closes file descriptors, descriptors are reused very quickly. Unless descriptor closing and other operations on the same file descriptor are synchronized (typically, using a mutex), there will be race coniditons and I/O operations will be applied to the wrong file descriptor.
</div><div class="para">
Sometimes, it is necessary to close a file descriptor concurrently, while another thread might be about to use it in a system call. In order to support this, a program needs to create a single special file descriptor, one on which all I/O operations fail. One way to achieve this is to use <code class="function">socketpair</code>, close one of the descriptors, and call <code class="literal">shutdown(fd, SHUTRDWR)</code> on the other.
@@ -783,7 +942,7 @@ AccessController.<span class="perl_Function">doPrivileged</span>(<span class="pe
When a descriptor is closed concurrently, the program does not call <code class="function">close</code> on the descriptor. Instead it program uses <code class="function">dup2</code> to replace the descriptor to be closed with the dummy descriptor created earlier. This way, the kernel will not reuse the descriptor, but it will carry out all other steps associated with calling a descriptor (for instance, if the descriptor refers to a stream socket, the peer will be notified).
</div><div class="para">
This is just a sketch, and many details are missing. Additional data structures are needed to determine when it is safe to really close the descriptor, and proper locking is required for that.
- </div></div><div class="section" id="idm217652421088"><div class="titlepage"><div><div keep-together.within-column="always"><h3 class="title" id="idm217652421088">6.1.3. Lingering state after close</h3></div></div></div><div class="para">
+ </div></div><div class="section" id="idm225442407552"><div class="titlepage"><div><div keep-together.within-column="always"><h3 class="title" id="idm225442407552">8.1.3. Lingering state after close</h3></div></div></div><div class="para">
By default, closing a stream socket returns immediately, and the kernel will try to send the data in the background. This means that it is impossible to implement accurate accounting of network-related resource utilization from userspace.
</div><div class="para">
The <code class="literal">SO_LINGER</code> socket option alters the behavior of <code class="function">close</code>, so that it will return only after the lingering data has been processed, either by sending it to the peer successfully, or by discarding it after the configured timeout. However, there is no interface which could perform this operation in the background, so a separate userspace thread is needed for each <code class="function">close</code> call, causing scalability issues.
@@ -791,7 +950,7 @@ AccessController.<span class="perl_Function">doPrivileged</span>(<span class="pe
Currently, there is no application-level countermeasure which applies universally. Mitigation is possible with <span class="application"><strong>iptables</strong></span> (the <code class="literal">connlimit</code> match type in particular) and specialized filtering devices for denial-of-service network traffic.
</div><div class="para">
These problems are not related to the <code class="literal">TIME_WAIT</code> state commonly seen in <span class="application"><strong>netstat</strong></span> output. The kernel automatically expires such sockets if necessary.
- </div></div></div><div class="section" id="sect-Defensive_Coding-Tasks-Descriptors-Child_Processes"><div class="titlepage"><div><div keep-together.within-column="always"><h2 class="title">6.2. Preventing file descriptor leaks to child processes</h2></div></div></div><div class="para">
+ </div></div></div><div class="section" id="sect-Defensive_Coding-Tasks-Descriptors-Child_Processes"><div class="titlepage"><div><div keep-together.within-column="always"><h2 class="title">8.2. Preventing file descriptor leaks to child processes</h2></div></div></div><div class="para">
Child processes created with <code class="function">fork</code> share the initial set of file descriptors with their parent process. By default, file descriptors are also preserved if a new process image is created with <code class="function">execve</code> (or any of the other functions such as <code class="function">system</code> or <code class="function">posix_spawn</code>).
</div><div class="para">
Usually, this behavior is not desirable. There are two ways to turn it off, that is, to prevent new process images from inheriting the file descriptors in the parent process:
@@ -804,10 +963,10 @@ AccessController.<span class="perl_Function">doPrivileged</span>(<span class="pe
</div></li><li class="listitem"><div class="para">
After calling <code class="function">fork</code>, but before creating a new process image with <code class="function">execve</code>, all file descriptors which the child process will not need are closed.
</div><div class="para">
- Traditionally, this was implemented as a loop over file descriptors ranging from <code class="literal">3</code> to <code class="literal">255</code> and later <code class="literal">1023</code>. But this is only an approximatio because it is possible to create file descriptors outside this range easily (see <a class="xref" href="#sect-Defensive_Coding-Tasks-Descriptors-Limit">Section 6.3, “Dealing with the <code class="function">select</code> limit”</a>). Another approach reads <code class="filename">/proc/self/fd</code> and closes the unexpected descriptors listed there, but this approach is much slower.
+ Traditionally, this was implemented as a loop over file descriptors ranging from <code class="literal">3</code> to <code class="literal">255</code> and later <code class="literal">1023</code>. But this is only an approximatio because it is possible to create file descriptors outside this range easily (see <a class="xref" href="#sect-Defensive_Coding-Tasks-Descriptors-Limit">Section 8.3, “Dealing with the <code class="function">select</code> limit”</a>). Another approach reads <code class="filename">/proc/self/fd</code> and closes the unexpected descriptors listed there, but this approach is much slower.
</div></li></ul></div><div class="para">
At present, environments which care about file descriptor leakage implement the second approach. OpenJDK 6 and 7 are among them.
- </div></div><div class="section" id="sect-Defensive_Coding-Tasks-Descriptors-Limit"><div class="titlepage"><div><div keep-together.within-column="always"><h2 class="title">6.3. Dealing with the <code class="function">select</code> limit</h2></div></div></div><div class="para">
+ </div></div><div class="section" id="sect-Defensive_Coding-Tasks-Descriptors-Limit"><div class="titlepage"><div><div keep-together.within-column="always"><h2 class="title">8.3. Dealing with the <code class="function">select</code> limit</h2></div></div></div><div class="para">
By default, a user is allowed to open only 1024 files in a single process, but the system administrator can easily change this limit (which is necessary for busy network servers). However, there is another restriction which is more difficult to overcome.
</div><div class="para">
The <code class="function">select</code> function only supports a maximum of <code class="literal">FD_SETSIZE</code> file descriptors (that is, the maximum permitted value for a file descriptor is <code class="literal">FD_SETSIZE - 1</code>, usually 1023.) If a process opens many files, descriptors may exceed such limits. It is impossible to query such descriptors using <code class="function">select</code>.
@@ -827,12 +986,12 @@ AccessController.<span class="perl_Function">doPrivileged</span>(<span class="pe
Close <code class="literal">fd</code> and continue to use <code class="literal">newfd</code>.
</div></li></ul></div><div class="para">
The new descriptor has been allocated above the <code class="literal">FD_SETSIZE</code>. Even though this algorithm is racy in the sense that the <code class="literal">FD_SETSIZE</code> first descriptors could fill up, a very high degree of physical parallelism is required before this becomes a problem.
- </div></div></div><div xml:lang="en-US" class="chapter" id="chap-Defensive_Coding-Tasks-File_System" lang="en-US"><div class="titlepage"><div><div><h2 class="title">Chapter 7. File system manipulation</h2></div></div></div><div class="toc"><dl class="toc"><dt><span class="section"><a href="#sect-Defensive_Coding-Tasks-File_System-Unowned">7.1. Working with files and directories owned by other users</a></span></dt><dt><span class="section"><a href="#sect-Defensive_Coding-Tasks-File_System-Foreign">7.2. Accessing the file system as a different user</a></span></dt><dt><span class="section"><a href="#sect-Defensive_Coding-Tasks-File_System-Limits">7.3. File system limits</a></span></dt><dt><span class="section"><a href="#sect-Defensive_Coding-Tasks-File_System-Features">7.4. File system features</a></span></dt><dt><span class="section"><a href="#sect-Defensive_Coding-Tasks-File_System-Free_Space">7.5. Checking free space</a></span></dt></dl></div><div class="para">
+ </div></div></div><div xml:lang="en-US" class="chapter" id="chap-Defensive_Coding-Tasks-File_System" lang="en-US"><div class="titlepage"><div><div><h2 class="title">Chapter 9. File system manipulation</h2></div></div></div><div class="toc"><dl class="toc"><dt><span class="section"><a href="#sect-Defensive_Coding-Tasks-File_System-Unowned">9.1. Working with files and directories owned by other users</a></span></dt><dt><span class="section"><a href="#sect-Defensive_Coding-Tasks-File_System-Foreign">9.2. Accessing the file system as a different user</a></span></dt><dt><span class="section"><a href="#sect-Defensive_Coding-Tasks-File_System-Limits">9.3. File system limits</a></span></dt><dt><span class="section"><a href="#sect-Defensive_Coding-Tasks-File_System-Features">9.4. File system features</a></span></dt><dt><span class="section"><a href="#sect-Defensive_Coding-Tasks-File_System-Free_Space">9.5. Checking free space</a></span></dt></dl></div><div class="para">
In this chapter, we discuss general file system manipulation, with a focus on access files and directories to which an other, potentially untrusted user has write access.
</div><div class="para">
- Temporary files are covered in their own chapter, <a class="xref" href="#chap-Defensive_Coding-Tasks-Temporary_Files">Chapter 8, <em>Temporary files</em></a>.
- </div><div class="section" id="sect-Defensive_Coding-Tasks-File_System-Unowned"><div class="titlepage"><div><div keep-together.within-column="always"><h2 class="title">7.1. Working with files and directories owned by other users</h2></div></div></div><div class="para">
- Sometimes, it is necessary to operate on files and directories owned by other (potentially untrusted) users. For example, a system administrator could remove the home directory of a user, or a package manager could update a file in a directory which is owned by an application-specific user. This differs from accessing the file system as a specific user; see <a class="xref" href="#sect-Defensive_Coding-Tasks-File_System-Foreign">Section 7.2, “Accessing the file system as a different user”</a>.
+ Temporary files are covered in their own chapter, <a class="xref" href="#chap-Defensive_Coding-Tasks-Temporary_Files">Chapter 10, <em>Temporary files</em></a>.
+ </div><div class="section" id="sect-Defensive_Coding-Tasks-File_System-Unowned"><div class="titlepage"><div><div keep-together.within-column="always"><h2 class="title">9.1. Working with files and directories owned by other users</h2></div></div></div><div class="para">
+ Sometimes, it is necessary to operate on files and directories owned by other (potentially untrusted) users. For example, a system administrator could remove the home directory of a user, or a package manager could update a file in a directory which is owned by an application-specific user. This differs from accessing the file system as a specific user; see <a class="xref" href="#sect-Defensive_Coding-Tasks-File_System-Foreign">Section 9.2, “Accessing the file system as a different user”</a>.
</div><div class="para">
Accessing files across trust boundaries faces several challenges, particularly if an entire directory tree is being traversed:
</div><div class="orderedlist"><ol><li class="listitem"><div class="para">
@@ -859,19 +1018,19 @@ AccessController.<span class="perl_Function">doPrivileged</span>(<span class="pe
There is no workaround against the instability of the file list returned by <code class="function">readdir</code>. Concurrent modification of the directory can result in a list of files being returned which never actually existed on disk.
</div><div class="para">
Hard links and symbolic links can be safely deleted using <code class="function">unlinkat</code> without further checks because deletion only affects the name within the directory tree being processed.
- </div></div><div class="section" id="sect-Defensive_Coding-Tasks-File_System-Foreign"><div class="titlepage"><div><div keep-together.within-column="always"><h2 class="title">7.2. Accessing the file system as a different user</h2></div></div></div><div class="para">
- This section deals with access to the file system as a specific user. This is different from accessing files and directories owned by a different, potentially untrusted user; see <a class="xref" href="#sect-Defensive_Coding-Tasks-File_System-Foreign">Section 7.2, “Accessing the file system as a different user”</a>.
+ </div></div><div class="section" id="sect-Defensive_Coding-Tasks-File_System-Foreign"><div class="titlepage"><div><div keep-together.within-column="always"><h2 class="title">9.2. Accessing the file system as a different user</h2></div></div></div><div class="para">
+ This section deals with access to the file system as a specific user. This is different from accessing files and directories owned by a different, potentially untrusted user; see <a class="xref" href="#sect-Defensive_Coding-Tasks-File_System-Foreign">Section 9.2, “Accessing the file system as a different user”</a>.
</div><div class="para">
One approach is to spawn a child process which runs under the target user and group IDs (both effective and real IDs). Note that this child process can block indefinitely, even when processing regular files only. For example, a special FUSE file system could cause the process to hang in uninterruptible sleep inside a <code class="function">stat</code> system call.
</div><div class="para">
An existing process could change its user and group ID using <code class="function">setfsuid</code> and <code class="function">setfsgid</code>. (These functions are preferred over <code class="function">seteuid</code> and <code class="function">setegid</code> because they do not allow the impersonated user to send signals to the process.) These functions are not thread safe. In multi-threaded processes, these operations need to be performed in a single-threaded child process. Unexpected blocking may occur as well.
</div><div class="para">
It is not recommended to try to reimplement the kernel permission checks in user space because the required checks are complex. It is also very difficult to avoid race conditions during path name resolution.
- </div></div><div class="section" id="sect-Defensive_Coding-Tasks-File_System-Limits"><div class="titlepage"><div><div keep-together.within-column="always"><h2 class="title">7.3. File system limits</h2></div></div></div><div class="para">
+ </div></div><div class="section" id="sect-Defensive_Coding-Tasks-File_System-Limits"><div class="titlepage"><div><div keep-together.within-column="always"><h2 class="title">9.3. File system limits</h2></div></div></div><div class="para">
For historical reasons, there are preprocessor constants such as <code class="literal">PATH_MAX</code>, <code class="literal">NAME_MAX</code>. However, on most systems, the length of canonical path names (absolute path names with all symbolic links resolved, as returned by <code class="function">realpath</code> or <code class="function">canonicalize_file_name</code>) can exceed <code class="literal">PATH_MAX</code> bytes, and individual file name components can be longer than <code class="literal">NAME_MAX</code>. This is also true of the <code class="literal">_PC_PATH_MAX</code> and <code class="literal">_PC_NAME_MAX</code> values returned by <code class="function">pathconf</code>, and the <code class="literal">f_namemax</code> member of <code class="literal">struct statvfs</code>. Therefore, these constants should not be used. This is also reason why the <code class="function">readdir_r</code> should never be used (instead, use <code class="function">readdir</code>).
</div><div class="para">
You should not write code in a way that assumes that there is an upper limit on the number of subdirectories of a directory, the number of regular files in a directory, or the link count of an inode.
- </div></div><div class="section" id="sect-Defensive_Coding-Tasks-File_System-Features"><div class="titlepage"><div><div keep-together.within-column="always"><h2 class="title">7.4. File system features</h2></div></div></div><div class="para">
+ </div></div><div class="section" id="sect-Defensive_Coding-Tasks-File_System-Features"><div class="titlepage"><div><div keep-together.within-column="always"><h2 class="title">9.4. File system features</h2></div></div></div><div class="para">
Not all file systems support all features. This makes it very difficult to write general-purpose tools for copying files. For example, a copy operation intending to preserve file permissions will generally fail when copying to a FAT file system.
</div><div class="itemizedlist"><ul><li class="listitem"><div class="para">
Some file systems are case-insensitive. Most should be case-preserving, though.
@@ -897,14 +1056,14 @@ AccessController.<span class="perl_Function">doPrivileged</span>(<span class="pe
Locking semantics vary among file systems. This affects advisory and mandatory locks. For example, some network file systems do not allow deleting files which are opened by any process.
</div></li><li class="listitem"><div class="para">
Resolution of time stamps varies from two seconds to nanoseconds. Not all time stamps are available on all file systems. File creation time (<span class="emphasis"><em>birth time</em></span>) is not exposed over the <code class="function">stat</code>/<code class="function">fstat</code> interface, even if stored by the file system.
- </div></li></ul></div></div><div class="section" id="sect-Defensive_Coding-Tasks-File_System-Free_Space"><div class="titlepage"><div><div keep-together.within-column="always"><h2 class="title">7.5. Checking free space</h2></div></div></div><div class="para">
+ </div></li></ul></div></div><div class="section" id="sect-Defensive_Coding-Tasks-File_System-Free_Space"><div class="titlepage"><div><div keep-together.within-column="always"><h2 class="title">9.5. Checking free space</h2></div></div></div><div class="para">
The <code class="function">statvfs</code> and <code class="function">fstatvfs</code> functions allow programs to examine the number of available blocks and inodes, through the members <code class="literal">f_bfree</code>, <code class="literal">f_bavail</code>, <code class="literal">f_ffree</code>, and <code class="literal">f_favail</code> of <code class="literal">struct statvfs</code>. Some file systems return fictional values in the <code class="literal">f_ffree</code> and <code class="literal">f_favail</code> fields, so the only reliable way to discover if the file system still has space for a file is to try to create it. The <code class="literal">f_bfree</code> field should be reasonably accurate, though.
- </div></div></div><div xml:lang="en-US" class="chapter" id="chap-Defensive_Coding-Tasks-Temporary_Files" lang="en-US"><div class="titlepage"><div><div><h2 class="title">Chapter 8. Temporary files</h2></div></div></div><div class="toc"><dl class="toc"><dt><span class="section"><a href="#chap-Defensive_Coding-Tasks-Temporary_Files-Location">8.1. Obtaining the location of temporary directory</a></span></dt><dt><span class="section"><a href="#idm217623690400">8.2. Named temporary files</a></span></dt><dt><span class="section"><a href="#idm217564767056">8.3. Temporary files without names</a></span></dt><dt><span class="section"><a href="#chap-Defensive_Coding-Tasks-Temporary_Directory">8.4. Temporary directories</a></span></dt><dt><span class="section"><a href="#idm217628443664">8.5. Compensating for unsafe file creation</a></span></dt></dl></div><div class="para">
- In this chapter, we describe how to create temporary files and directories, how to remove them, and how to work with programs which do not create files in ways that a safe with a shared directory for temporary files. General file system manipulation is treated in a separate chapter, <a class="xref" href="#chap-Defensive_Coding-Tasks-File_System">Chapter 7, <em>File system manipulation</em></a>.
+ </div></div></div><div xml:lang="en-US" class="chapter" id="chap-Defensive_Coding-Tasks-Temporary_Files" lang="en-US"><div class="titlepage"><div><div><h2 class="title">Chapter 10. Temporary files</h2></div></div></div><div class="toc"><dl class="toc"><dt><span class="section"><a href="#chap-Defensive_Coding-Tasks-Temporary_Files-Location">10.1. Obtaining the location of temporary directory</a></span></dt><dt><span class="section"><a href="#idm225440111200">10.2. Named temporary files</a></span></dt><dt><span class="section"><a href="#idm225471949376">10.3. Temporary files without names</a></span></dt><dt><span class="section"><a href="#chap-Defensive_Coding-Tasks-Temporary_Directory">10.4. Temporary directories</a></span></dt><dt><span class="section"><a href="#idm225466685888">10.5. Compensating for unsafe file creation</a></span></dt></dl></div><div class="para">
+ In this chapter, we describe how to create temporary files and directories, how to remove them, and how to work with programs which do not create files in ways that are safe with a shared directory for temporary files. General file system manipulation is treated in a separate chapter, <a class="xref" href="#chap-Defensive_Coding-Tasks-File_System">Chapter 9, <em>File system manipulation</em></a>.
</div><div class="para">
Secure creation of temporary files has four different aspects.
</div><div class="itemizedlist"><ul><li class="listitem"><div class="para">
- The location of the directory for temporary files must be obtained in a secure manner (that is, untrusted environment variables must be ignored, see <a class="xref" href="#sect-Defensive_Coding-Tasks-secure_getenv">Section 9.3.1, “Accessing environment variables”</a>).
+ The location of the directory for temporary files must be obtained in a secure manner (that is, untrusted environment variables must be ignored, see <a class="xref" href="#sect-Defensive_Coding-Tasks-secure_getenv">Section 11.3.1, “Accessing environment variables”</a>).
</div></li><li class="listitem"><div class="para">
A new file must be created. Reusing an existing file must be avoided (the <code class="filename">/tmp</code> race condition). This is tricky because traditionally, system-wide temporary directories shared by all users are used.
</div></li><li class="listitem"><div class="para">
@@ -915,7 +1074,7 @@ AccessController.<span class="perl_Function">doPrivileged</span>(<span class="pe
All functions mentioned below will take care of these aspects.
</div><div class="para">
Traditionally, temporary files are often used to reduce memory usage of programs. More and more systems use RAM-based file systems such as <code class="literal">tmpfs</code> for storing temporary files, to increase performance and decrease wear on Flash storage. As a result, spooling data to temporary files does not result in any memory savings, and the related complexity can be avoided if the data is kept in process memory.
- </div><div class="section" id="chap-Defensive_Coding-Tasks-Temporary_Files-Location"><div class="titlepage"><div><div keep-together.within-column="always"><h2 class="title">8.1. Obtaining the location of temporary directory</h2></div></div></div><div class="para">
+ </div><div class="section" id="chap-Defensive_Coding-Tasks-Temporary_Files-Location"><div class="titlepage"><div><div keep-together.within-column="always"><h2 class="title">10.1. Obtaining the location of temporary directory</h2></div></div></div><div class="para">
Some functions below need the location of a directory which stores temporary files. For C/C++ programs, use the following steps to obtain that directory:
</div><div class="itemizedlist"><ul><li class="listitem"><div class="para">
Use <code class="function">secure_getenv</code> to obtain the value of the <code class="literal">TMPDIR</code> environment variable. If it is set, convert the path to a fully-resolved absolute path, using <code class="literal">realpath(path, NULL)</code>. Check if the new path refers to a directory and is writeable. In this case, use it as the temporary directory.
@@ -925,15 +1084,15 @@ AccessController.<span class="perl_Function">doPrivileged</span>(<span class="pe
In Python, you can use the <code class="varname">tempfile.tempdir</code> variable.
</div><div class="para">
Java does not support SUID/SGID programs, so you can use the <code class="function">java.lang.System.getenv(String)</code> method to obtain the value of the <code class="literal">TMPDIR</code> environment variable, and follow the two steps described above. (Java's default directory selection does not honor <code class="literal">TMPDIR</code>.)
- </div></div><div class="section" id="idm217623690400"><div class="titlepage"><div><div keep-together.within-column="always"><h2 class="title" id="idm217623690400">8.2. Named temporary files</h2></div></div></div><div class="para">
- The <code class="function">mkostemp</code> function creates a named temporary file. You should specify the <code class="literal">O_CLOEXEC</code> flag to avoid file descriptor leaks to subprocesses. (Applications which do not use multiple threads can also use <code class="function">mkstemp</code>, but libraries should use <code class="function">mkostemp</code>.) For determining the directory part of the file name pattern, see <a class="xref" href="#chap-Defensive_Coding-Tasks-Temporary_Files-Location">Section 8.1, “Obtaining the location of temporary directory”</a>.
+ </div></div><div class="section" id="idm225440111200"><div class="titlepage"><div><div keep-together.within-column="always"><h2 class="title" id="idm225440111200">10.2. Named temporary files</h2></div></div></div><div class="para">
+ The <code class="function">mkostemp</code> function creates a named temporary file. You should specify the <code class="literal">O_CLOEXEC</code> flag to avoid file descriptor leaks to subprocesses. (Applications which do not use multiple threads can also use <code class="function">mkstemp</code>, but libraries should use <code class="function">mkostemp</code>.) For determining the directory part of the file name pattern, see <a class="xref" href="#chap-Defensive_Coding-Tasks-Temporary_Files-Location">Section 10.1, “Obtaining the location of temporary directory”</a>.
</div><div class="para">
The file is not removed automatically. It is not safe to rename or delete the file before processing, or transform the name in any way (for example, by adding a file extension). If you need multiple temporary files, call <code class="function">mkostemp</code> multiple times. Do not create additional file names derived from the name provided by a previous <code class="function">mkostemp</code> call. However, it is safe to close the descriptor returned by <code class="function">mkostemp</code> and reopen the file using the generated name.
</div><div class="para">
The Python class <code class="literal">tempfile.NamedTemporaryFile</code> provides similar functionality, except that the file is deleted automatically by default. Note that you may have to use the <code class="literal">file</code> attribute to obtain the actual file object because some programming interfaces cannot deal with file-like objects. The C function <code class="function">mkostemp</code> is also available as <code class="function">tempfile.mkstemp</code>.
</div><div class="para">
- In Java, you can use the <code class="function">java.io.File.createTempFile(String, String, File)</code> function, using the temporary file location determined according to <a class="xref" href="#chap-Defensive_Coding-Tasks-Temporary_Files-Location">Section 8.1, “Obtaining the location of temporary directory”</a>. Do not use <code class="function">java.io.File.deleteOnExit()</code> to delete temporary files, and do not register a shutdown hook for each temporary file you create. In both cases, the deletion hint cannot be removed from the system if you delete the temporary file prior to termination of the VM, causing a memory leak.
- </div></div><div class="section" id="idm217564767056"><div class="titlepage"><div><div keep-together.within-column="always"><h2 class="title" id="idm217564767056">8.3. Temporary files without names</h2></div></div></div><div class="para">
+ In Java, you can use the <code class="function">java.io.File.createTempFile(String, String, File)</code> function, using the temporary file location determined according to <a class="xref" href="#chap-Defensive_Coding-Tasks-Temporary_Files-Location">Section 10.1, “Obtaining the location of temporary directory”</a>. Do not use <code class="function">java.io.File.deleteOnExit()</code> to delete temporary files, and do not register a shutdown hook for each temporary file you create. In both cases, the deletion hint cannot be removed from the system if you delete the temporary file prior to termination of the VM, causing a memory leak.
+ </div></div><div class="section" id="idm225471949376"><div class="titlepage"><div><div keep-together.within-column="always"><h2 class="title" id="idm225471949376">10.3. Temporary files without names</h2></div></div></div><div class="para">
The <code class="function">tmpfile</code> function creates a temporary file and immediately deletes it, while keeping the file open. As a result, the file lacks a name and its space is deallocated as soon as the file descriptor is closed (including the implicit close when the process terminates). This avoids cluttering the temporary directory with orphaned files.
</div><div class="para">
Alternatively, if the maximum size of the temporary file is known beforehand, the <code class="function">fmemopen</code> function can be used to create a <code class="literal">FILE *</code> object which is backed by memory.
@@ -941,16 +1100,16 @@ AccessController.<span class="perl_Function">doPrivileged</span>(<span class="pe
In Python, unnamed temporary files are provided by the <code class="literal">tempfile.TemporaryFile</code> class, and the <code class="literal">tempfile.SpooledTemporaryFile</code> class provides a way to avoid creation of small temporary files.
</div><div class="para">
Java does not support unnamed temporary files.
- </div></div><div class="section" id="chap-Defensive_Coding-Tasks-Temporary_Directory"><div class="titlepage"><div><div keep-together.within-column="always"><h2 class="title">8.4. Temporary directories</h2></div></div></div><div class="para">
- The <code class="function">mkdtemp</code> function can be used to create a temporary directory. (For determining the directory part of the file name pattern, see <a class="xref" href="#chap-Defensive_Coding-Tasks-Temporary_Files-Location">Section 8.1, “Obtaining the location of temporary directory”</a>.) The directory is not automatically removed. In Python, this function is available as <code class="function">tempfile.mkdtemp</code>. In Java 7, temporary directories can be created using the <code class="function">java.nio.file.Files.createTempDirectory(Path, String, FileAttribute...)</code> function.
+ </div></div><div class="section" id="chap-Defensive_Coding-Tasks-Temporary_Directory"><div class="titlepage"><div><div keep-together.within-column="always"><h2 class="title">10.4. Temporary directories</h2></div></div></div><div class="para">
+ The <code class="function">mkdtemp</code> function can be used to create a temporary directory. (For determining the directory part of the file name pattern, see <a class="xref" href="#chap-Defensive_Coding-Tasks-Temporary_Files-Location">Section 10.1, “Obtaining the location of temporary directory”</a>.) The directory is not automatically removed. In Python, this function is available as <code class="function">tempfile.mkdtemp</code>. In Java 7, temporary directories can be created using the <code class="function">java.nio.file.Files.createTempDirectory(Path, String, FileAttribute...)</code> function.
</div><div class="para">
When creating files in the temporary directory, use automatically generated names, e.g., derived from a sequential counter. Files with externally provided names could be picked up in unexpected contexts, and crafted names could actually point outside of the tempoary directory (due to <span class="emphasis"><em>directory traversal</em></span>).
</div><div class="para">
Removing a directory tree in a completely safe manner is complicated. Unless there are overriding performance concerns, the <span class="application"><strong>rm</strong></span> program should be used, with the <code class="option">-rf</code> and <code class="option">--</code> options.
- </div></div><div class="section" id="idm217628443664"><div class="titlepage"><div><div keep-together.within-column="always"><h2 class="title" id="idm217628443664">8.5. Compensating for unsafe file creation</h2></div></div></div><div class="para">
- There are two ways to make a function or program which excepts a file name safe for use with temporary files. See <a class="xref" href="#sect-Defensive_Coding-Tasks-Processes-Creation">Section 9.1, “Safe process creation”</a>, for details on subprocess creation.
+ </div></div><div class="section" id="idm225466685888"><div class="titlepage"><div><div keep-together.within-column="always"><h2 class="title" id="idm225466685888">10.5. Compensating for unsafe file creation</h2></div></div></div><div class="para">
+ There are two ways to make a function or program which excepts a file name safe for use with temporary files. See <a class="xref" href="#sect-Defensive_Coding-Tasks-Processes-Creation">Section 11.1, “Safe process creation”</a>, for details on subprocess creation.
</div><div class="itemizedlist"><ul><li class="listitem"><div class="para">
- Create a temporary directory and place the file there. If possible, run the program in a subprocess which uses the temporary directory as its current directory, with a restricted environment. Use generated names for all files in that temporary directory. (See <a class="xref" href="#chap-Defensive_Coding-Tasks-Temporary_Directory">Section 8.4, “Temporary directories”</a>.)
+ Create a temporary directory and place the file there. If possible, run the program in a subprocess which uses the temporary directory as its current directory, with a restricted environment. Use generated names for all files in that temporary directory. (See <a class="xref" href="#chap-Defensive_Coding-Tasks-Temporary_Directory">Section 10.4, “Temporary directories”</a>.)
</div></li><li class="listitem"><div class="para">
Create the temporary file and pass the generated file name to the function or program. This only works if the function or program can cope with a zero-length existing file. It is safe only under additional assumptions:
</div><div class="itemizedlist"><ul><li class="listitem"><div class="para">
@@ -961,15 +1120,15 @@ AccessController.<span class="perl_Function">doPrivileged</span>(<span class="pe
It must not access any existing files in the same directory.
</div></li></ul></div><div class="para">
It is often difficult to check whether these additional assumptions are matched, therefore this approach is not recommended.
- </div></li></ul></div></div></div><div xml:lang="en-US" class="chapter" id="sect-Defensive_Coding-Tasks-Processes" lang="en-US"><div class="titlepage"><div><div><h2 class="title">Chapter 9. Processes</h2></div></div></div><div class="toc"><dl class="toc"><dt><span class="section"><a href="#sect-Defensive_Coding-Tasks-Processes-Creation">9.1. Safe process creation</a></span></dt><dd><dl><dt><span class="section"><a href="#idm217628802256">9.1.1. Obtaining the program path and the command line template</a></span></dt><dt><span class="section"><a href="#sect-Defensive_Coding-Tasks-Processes-execve">9.1.2. Bypassing the shell</a></span></dt><dt><span class="section"><a href="#sect-Defensive_Coding-Tasks-Processes-environ">9.1.3. Specifying the process environment</a></span></dt><dt><span class="section"><a href="#idm217619964880">9.1.4. Robust argument list processing</a></span></dt><dt><span class="section"><a href="#sect-Defensive_Coding-Tasks-Processes-Command_Line_Visi
bility">9.1.5. Passing secrets to subprocesses</a></span></dt></dl></dd><dt><span class="section"><a href="#idm217622868752">9.2. Handling child process termination</a></span></dt><dt><span class="section"><a href="#idm217625586384">9.3. <code class="literal">SUID</code>/<code class="literal">SGID</code> processes</a></span></dt><dd><dl><dt><span class="section"><a href="#sect-Defensive_Coding-Tasks-secure_getenv">9.3.1. Accessing environment variables</a></span></dt></dl></dd><dt><span class="section"><a href="#sect-Defensive_Coding-Tasks-Processes-Daemons">9.4. Daemons</a></span></dt><dt><span class="section"><a href="#idm217626109008">9.5. Semantics of command line arguments</a></span></dt><dt><span class="section"><a href="#sect-Defensive_Coding-Tasks-Processes-Fork-Parallel">9.6. <code class="function">fork</code> as a primitive for parallelism</a></span></dt></dl></div><div class="section" id="sect-Defensive_Coding-Tasks-Processes-Creation"><div class="titlepage"><div>
<div keep-together.within-column="always"><h2 class="title">9.1. Safe process creation</h2></div></div></div><div class="para">
- This section describes how to create new child processes in a safe manner. In addition to the concerns addressed below, there is the possibility of file descriptor leaks, see <a class="xref" href="#sect-Defensive_Coding-Tasks-Descriptors-Child_Processes">Section 6.2, “Preventing file descriptor leaks to child processes”</a>.
- </div><div class="section" id="idm217628802256"><div class="titlepage"><div><div keep-together.within-column="always"><h3 class="title" id="idm217628802256">9.1.1. Obtaining the program path and the command line template</h3></div></div></div><div class="para">
+ </div></li></ul></div></div></div><div xml:lang="en-US" class="chapter" id="sect-Defensive_Coding-Tasks-Processes" lang="en-US"><div class="titlepage"><div><div><h2 class="title">Chapter 11. Processes</h2></div></div></div><div class="toc"><dl class="toc"><dt><span class="section"><a href="#sect-Defensive_Coding-Tasks-Processes-Creation">11.1. Safe process creation</a></span></dt><dd><dl><dt><span class="section"><a href="#idm225451489136">11.1.1. Obtaining the program path and the command line template</a></span></dt><dt><span class="section"><a href="#sect-Defensive_Coding-Tasks-Processes-execve">11.1.2. Bypassing the shell</a></span></dt><dt><span class="section"><a href="#sect-Defensive_Coding-Tasks-Processes-environ">11.1.3. Specifying the process environment</a></span></dt><dt><span class="section"><a href="#idm225449401040">11.1.4. Robust argument list processing</a></span></dt><dt><span class="section"><a href="#sect-Defensive_Coding-Tasks-Processes-Command_Lin
e_Visibility">11.1.5. Passing secrets to subprocesses</a></span></dt></dl></dd><dt><span class="section"><a href="#idm225441023584">11.2. Handling child process termination</a></span></dt><dt><span class="section"><a href="#idm225456597984">11.3. <code class="literal">SUID</code>/<code class="literal">SGID</code> processes</a></span></dt><dd><dl><dt><span class="section"><a href="#sect-Defensive_Coding-Tasks-secure_getenv">11.3.1. Accessing environment variables</a></span></dt></dl></dd><dt><span class="section"><a href="#sect-Defensive_Coding-Tasks-Processes-Daemons">11.4. Daemons</a></span></dt><dt><span class="section"><a href="#idm225410763344">11.5. Semantics of command line arguments</a></span></dt><dt><span class="section"><a href="#sect-Defensive_Coding-Tasks-Processes-Fork-Parallel">11.6. <code class="function">fork</code> as a primitive for parallelism</a></span></dt></dl></div><div class="section" id="sect-Defensive_Coding-Tasks-Processes-Creation"><div class="tit
lepage"><div><div keep-together.within-column="always"><h2 class="title">11.1. Safe process creation</h2></div></div></div><div class="para">
+ This section describes how to create new child processes in a safe manner. In addition to the concerns addressed below, there is the possibility of file descriptor leaks, see <a class="xref" href="#sect-Defensive_Coding-Tasks-Descriptors-Child_Processes">Section 8.2, “Preventing file descriptor leaks to child processes”</a>.
+ </div><div class="section" id="idm225451489136"><div class="titlepage"><div><div keep-together.within-column="always"><h3 class="title" id="idm225451489136">11.1.1. Obtaining the program path and the command line template</h3></div></div></div><div class="para">
The name and path to the program being invoked should be hard-coded or controlled by a static configuration file stored at a fixed location (at an file system absolute path). The same applies to the template for generating the command line.
</div><div class="para">
- The configured program name should be an absolute path. If it is a relative path, the contents of the <code class="envar">PATH</code> must be obtained in s secure manner (see <a class="xref" href="#sect-Defensive_Coding-Tasks-secure_getenv">Section 9.3.1, “Accessing environment variables”</a>). If the <code class="envar">PATH</code> variable is not set or untrusted, the safe default <code class="literal">/bin:/usr/bin</code> must be used.
+ The configured program name should be an absolute path. If it is a relative path, the contents of the <code class="envar">PATH</code> must be obtained in a secure manner (see <a class="xref" href="#sect-Defensive_Coding-Tasks-secure_getenv">Section 11.3.1, “Accessing environment variables”</a>). If the <code class="envar">PATH</code> variable is not set or untrusted, the safe default <code class="literal">/bin:/usr/bin</code> must be used.
</div><div class="para">
If too much flexibility is provided here, it may allow invocation of arbitrary programs without proper authorization.
- </div></div><div class="section" id="sect-Defensive_Coding-Tasks-Processes-execve"><div class="titlepage"><div><div keep-together.within-column="always"><h3 class="title">9.1.2. Bypassing the shell</h3></div></div></div><div class="para">
+ </div></div><div class="section" id="sect-Defensive_Coding-Tasks-Processes-execve"><div class="titlepage"><div><div keep-together.within-column="always"><h3 class="title">11.1.2. Bypassing the shell</h3></div></div></div><div class="para">
Child processes should be created without involving the system shell.
</div><div class="para">
For C/C++, <code class="function">system</code> should not be used. The <code class="function">posix_spawn</code> function can be used instead, or a combination <code class="function">fork</code> and <code class="function">execve</code>. (In some cases, it may be preferable to use <code class="function">vfork</code> or the Linux-specific <code class="function">clone</code> system call instead of <code class="function">fork</code>.)
@@ -981,7 +1140,7 @@ AccessController.<span class="perl_Function">doPrivileged</span>(<span class="pe
On Windows, there is no argument vector, only a single argument string. Each application is responsible for parsing this string into an argument vector. There is considerable variance among the quoting style recognized by applications. Some of them expand shell wildcards, others do not. Extensive application-specific testing is required to make this secure.
</div></div></div><div class="para">
Note that some common applications (notably <span class="application"><strong>ssh</strong></span>) unconditionally introduce the use of a shell, even if invoked directly without a shell. It is difficult to use these applications in a secure manner. In this case, untrusted data should be supplied by other means. For example, standard input could be used, instead of the command line.
- </div></div><div class="section" id="sect-Defensive_Coding-Tasks-Processes-environ"><div class="titlepage"><div><div keep-together.within-column="always"><h3 class="title">9.1.3. Specifying the process environment</h3></div></div></div><div class="para">
+ </div></div><div class="section" id="sect-Defensive_Coding-Tasks-Processes-environ"><div class="titlepage"><div><div keep-together.within-column="always"><h3 class="title">11.1.3. Specifying the process environment</h3></div></div></div><div class="para">
Child processes should be created with a minimal set of environment variables. This is absolutely essential if there is a trust transition involved, either when the parent process was created, or during the creation of the child process.
</div><div class="para">
In C/C++, the environment should be constructed as an array of strings and passed as the <code class="varname">envp</code> argument to <code class="function">posix_spawn</code> or <code class="function">execve</code>. The functions <code class="function">setenv</code>, <code class="function">unsetenv</code> and <code class="function">putenv</code> should not be used. They are not thread-safe and suffer from memory leaks.
@@ -998,24 +1157,24 @@ AccessController.<span class="perl_Function">doPrivileged</span>(<span class="pe
</div></li><li class="listitem"><div class="para">
The location-related environment variables <code class="envar">LANG</code>, <code class="envar">LANGUAGE</code>, <code class="envar">LC_ADDRESS</code>, <code class="envar">LC_ALL</code>, <code class="envar">LC_COLLATE</code>, <code class="envar">LC_CTYPE</code>, <code class="envar">LC_IDENTIFICATION</code>, <code class="envar">LC_MEASUREMENT</code>, <code class="envar">LC_MESSAGES</code>, <code class="envar">LC_MONETARY</code>, <code class="envar">LC_NAME</code>, <code class="envar">LC_NUMERIC</code>, <code class="envar">LC_PAPER</code>, <code class="envar">LC_TELEPHONE</code> and <code class="envar">LC_TIME</code> can be passed to the subprocess if present.
</div></li><li class="listitem"><div class="para">
- The called process may need application-specific environment variables, for example for passing passwords. (See <a class="xref" href="#sect-Defensive_Coding-Tasks-Processes-Command_Line_Visibility">Section 9.1.5, “Passing secrets to subprocesses”</a>.)
+ The called process may need application-specific environment variables, for example for passing passwords. (See <a class="xref" href="#sect-Defensive_Coding-Tasks-Processes-Command_Line_Visibility">Section 11.1.5, “Passing secrets to subprocesses”</a>.)
</div></li><li class="listitem"><div class="para">
All other environment variables should be dropped. Names for new environment variables should not be accepted from untrusted sources.
- </div></li></ul></div></div><div class="section" id="idm217619964880"><div class="titlepage"><div><div keep-together.within-column="always"><h3 class="title" id="idm217619964880">9.1.4. Robust argument list processing</h3></div></div></div><div class="para">
- When invoking a program, it is sometimes necessary to include data from untrusted sources. Such data should be check against embedded <code class="literal">NUL</code> characters because the system APIs will sliently truncate argument strings at the first <code class="literal">NUL</code> character.
+ </div></li></ul></div></div><div class="section" id="idm225449401040"><div class="titlepage"><div><div keep-together.within-column="always"><h3 class="title" id="idm225449401040">11.1.4. Robust argument list processing</h3></div></div></div><div class="para">
+ When invoking a program, it is sometimes necessary to include data from untrusted sources. Such data should be checked against embedded <code class="literal">NUL</code> characters because the system APIs will silently truncate argument strings at the first <code class="literal">NUL</code> character.
</div><div class="para">
The following recommendations assume that the program being invoked uses GNU-style option processing using <code class="function">getopt_long</code>. This convention is widely used, but it is just that, and individual programs might interpret a command line in a different way.
</div><div class="para">
If the untrusted data has to go into an option, use the <code class="literal">--option-name=VALUE</code> syntax, placing the option and its value into the same command line argument. This avoids any potential confusion if the data starts with <code class="literal">-</code>.
</div><div class="para">
For positional arguments, terminate the option list with a single <code class="option">--</code> marker after the last option, and include the data at the right position. The <code class="option">--</code> marker terminates option processing, and the data will not be treated as an option even if it starts with a dash.
- </div></div><div class="section" id="sect-Defensive_Coding-Tasks-Processes-Command_Line_Visibility"><div class="titlepage"><div><div keep-together.within-column="always"><h3 class="title">9.1.5. Passing secrets to subprocesses</h3></div></div></div><div class="para">
- The command line (the name of the program and its argument) of a running process is traditionally available to all local users. The called program can overwrite this information, but only after it has run for a bit of time, during which the information may have been read by other processes. However, on Linux, the process environment is restricted to the user who runs the process. Therefore, if you need a convenient way to pass a password to a child process, use an environment variable, and not a command line argument. (See <a class="xref" href="#sect-Defensive_Coding-Tasks-Processes-environ">Section 9.1.3, “Specifying the process environment”</a>.)
+ </div></div><div class="section" id="sect-Defensive_Coding-Tasks-Processes-Command_Line_Visibility"><div class="titlepage"><div><div keep-together.within-column="always"><h3 class="title">11.1.5. Passing secrets to subprocesses</h3></div></div></div><div class="para">
+ The command line (the name of the program and its argument) of a running process is traditionally available to all local users. The called program can overwrite this information, but only after it has run for a bit of time, during which the information may have been read by other processes. However, on Linux, the process environment is restricted to the user who runs the process. Therefore, if you need a convenient way to pass a password to a child process, use an environment variable, and not a command line argument. (See <a class="xref" href="#sect-Defensive_Coding-Tasks-Processes-environ">Section 11.1.3, “Specifying the process environment”</a>.)
</div><div class="important"><div class="admonition_header"><h2>Portability notice</h2></div><div class="admonition"><div class="para">
On some UNIX-like systems (notably Solaris), environment variables can be read by any system user, just like command lines.
</div></div></div><div class="para">
If the environment-based approach cannot be used due to portability concerns, the data can be passed on standard input. Some programs (notably <span class="application"><strong>gpg</strong></span>) use special file descriptors whose numbers are specified on the command line. Temporary files are an option as well, but they might give digital forensics access to sensitive data (such as passphrases) because it is difficult to safely delete them in all cases.
- </div></div></div><div class="section" id="idm217622868752"><div class="titlepage"><div><div keep-together.within-column="always"><h2 class="title" id="idm217622868752">9.2. Handling child process termination</h2></div></div></div><div class="para">
+ </div></div></div><div class="section" id="idm225441023584"><div class="titlepage"><div><div keep-together.within-column="always"><h2 class="title" id="idm225441023584">11.2. Handling child process termination</h2></div></div></div><div class="para">
When child processes terminate, the parent process is signalled. A stub of the terminated processes (a <span class="emphasis"><em>zombie</em></span>, shown as <code class="literal"><defunct></code> by <span class="application"><strong>ps</strong></span>) is kept around until the status information is collected (<span class="emphasis"><em>reaped</em></span>) by the parent process. Over the years, several interfaces for this have been invented:
</div><div class="itemizedlist"><ul><li class="listitem"><div class="para">
The parent process calls <code class="function">wait</code>, <code class="function">waitpid</code>, <code class="function">waitid</code>, <code class="function">wait3</code> or <code class="function">wait4</code>, without specifying a process ID. This will deliver any matching process ID. This approach is typically used from within event loops.
@@ -1026,28 +1185,28 @@ AccessController.<span class="perl_Function">doPrivileged</span>(<span class="pe
</div></li></ul></div><div class="para">
None of these approaches can be used to wait for child process terminated in a completely thread-safe manner. The parent process might execute an event loop in another thread, which could pick up the termination signal. This means that libraries typically cannot make free use of child processes (for example, to run problematic code with reduced privileges in a separate address space).
</div><div class="para">
- At the moment, the parent process should explicitly wait for termination of the child process using <code class="function">waitpid</code> or <code class="function">waitpid</code>, and hope that the status is not collected by an event loop first.
- </div></div><div class="section" id="idm217625586384"><div class="titlepage"><div><div keep-together.within-column="always"><h2 class="title" id="idm217625586384">9.3. <code class="literal">SUID</code>/<code class="literal">SGID</code> processes</h2></div></div></div><div class="para">
+ At the moment, the parent process should explicitly wait for termination of the child process using <code class="function">waitpid</code> or <code class="function">waitid</code>, and hope that the status is not collected by an event loop first.
+ </div></div><div class="section" id="idm225456597984"><div class="titlepage"><div><div keep-together.within-column="always"><h2 class="title" id="idm225456597984">11.3. <code class="literal">SUID</code>/<code class="literal">SGID</code> processes</h2></div></div></div><div class="para">
Programs can be marked in the file system to indicate to the kernel that a trust transition should happen if the program is run. The <code class="literal">SUID</code> file permission bit indicates that an executable should run with the effective user ID equal to the owner of the executable file. Similarly, with the <code class="literal">SGID</code> bit, the effective group ID is set to the group of the executable file.
</div><div class="para">
Linux supports <span class="emphasis"><em>fscaps</em></span>, which can grant additional capabilities to a process in a finer-grained manner. Additional mechanisms can be provided by loadable security modules.
</div><div class="para">
When such a trust transition has happened, the process runs in a potentially hostile environment. Additional care is necessary not to rely on any untrusted information. These concerns also apply to libraries which can be linked into such processes.
- </div><div class="section" id="sect-Defensive_Coding-Tasks-secure_getenv"><div class="titlepage"><div><div keep-together.within-column="always"><h3 class="title">9.3.1. Accessing environment variables</h3></div></div></div><div class="para">
+ </div><div class="section" id="sect-Defensive_Coding-Tasks-secure_getenv"><div class="titlepage"><div><div keep-together.within-column="always"><h3 class="title">11.3.1. Accessing environment variables</h3></div></div></div><div class="para">
The following steps are required so that a program does not accidentally pick up untrusted data from environment variables.
</div><div class="itemizedlist"><ul><li class="listitem"><div class="para">
Compile your C/C++ sources with <code class="literal">-D_GNU_SOURCE</code>. The Autoconf macro <code class="literal">AC_GNU_SOURCE</code> ensures this.
</div></li><li class="listitem"><div class="para">
Check for the presence of the <code class="function">secure_getenv</code> and <code class="function">__secure_getenv</code> function. The Autoconf directive <code class="literal">AC_CHECK_FUNCS([__secure_getenv secure_getenv])</code> performs these checks.
</div></li><li class="listitem"><div class="para">
- Arrange for a proper definition of the <code class="function">secure_getenv</code> function. See <a class="xref" href="#ex-Defensive_Coding-Tasks-secure_getenv">Example 9.1, “Obtaining a definition for <code class="function">secure_getenv</code>”</a>.
+ Arrange for a proper definition of the <code class="function">secure_getenv</code> function. See <a class="xref" href="#ex-Defensive_Coding-Tasks-secure_getenv">Example 11.1, “Obtaining a definition for <code class="function">secure_getenv</code>”</a>.
</div></li><li class="listitem"><div class="para">
Use <code class="function">secure_getenv</code> instead of <code class="function">getenv</code> to obtain the value of critical environment variables. <code class="function">secure_getenv</code> will pretend the variable has not bee set if the process environment is not trusted.
</div></li></ul></div><div class="para">
Critical environment variables are debugging flags, configuration file locations, plug-in and log file locations, and anything else that might be used to bypass security restrictions or cause a privileged process to behave in an unexpected way.
</div><div class="para">
Either the <code class="function">secure_getenv</code> function or the <code class="function">__secure_getenv</code> is available from GNU libc.
- </div><div class="example" id="ex-Defensive_Coding-Tasks-secure_getenv"><h6>Example 9.1. Obtaining a definition for <code class="function">secure_getenv</code></h6><div class="example-contents"><pre class="programlisting">
+ </div><div class="example" id="ex-Defensive_Coding-Tasks-secure_getenv"><h6>Example 11.1. Obtaining a definition for <code class="function">secure_getenv</code></h6><div class="example-contents"><pre class="programlisting">
<span class="perl_Others">#include <stdlib.h></span><span class="perl_Others"></span>
<span class="perl_Others"></span>
@@ -1059,7 +1218,7 @@ AccessController.<span class="perl_Function">doPrivileged</span>(<span class="pe
<span class="perl_Others"></span><span class="perl_Others"># endif</span><span class="perl_Others"></span>
<span class="perl_Others"></span><span class="perl_Others">#endif</span><span class="perl_Others"></span>
<span class="perl_Others"></span>
-</pre></div></div><br class="example-break" /></div></div><div class="section" id="sect-Defensive_Coding-Tasks-Processes-Daemons"><div class="titlepage"><div><div keep-together.within-column="always"><h2 class="title">9.4. Daemons</h2></div></div></div><div class="para">
+</pre></div></div><br class="example-break" /></div></div><div class="section" id="sect-Defensive_Coding-Tasks-Processes-Daemons"><div class="titlepage"><div><div keep-together.within-column="always"><h2 class="title">11.4. Daemons</h2></div></div></div><div class="para">
Background processes providing system services (<span class="emphasis"><em>daemons</em></span>) need to decouple themselves from the controlling terminal and the parent process environment:
</div><div class="itemizedlist"><ul><li class="listitem"><div class="para">
Fork.
@@ -1075,28 +1234,54 @@ AccessController.<span class="perl_Function">doPrivileged</span>(<span class="pe
Other aspects of the process environment may have to changed as well (environment variables, signal handler disposition).
</div><div class="para">
It is increasingly common that server processes do not run as background processes, but as regular foreground process under a supervising master process (such as <span class="application"><strong>systemd</strong></span>). Server processes should offer a command line option which disables forking and replacement of the standard output and standard error streams. Such an option is also useful for debugging.
- </div></div><div class="section" id="idm217626109008"><div class="titlepage"><div><div keep-together.within-column="always"><h2 class="title" id="idm217626109008">9.5. Semantics of command line arguments</h2></div></div></div><div class="para">
+ </div></div><div class="section" id="idm225410763344"><div class="titlepage"><div><div keep-together.within-column="always"><h2 class="title" id="idm225410763344">11.5. Semantics of command line arguments</h2></div></div></div><div class="para">
After process creation and option processing, it is up to the child process to interpret the arguments. Arguments can be file names, host names, or URLs, and many other things. URLs can refer to the local network, some server on the Internet, or to the local file system. Some applications even accept arbitrary code in arguments (for example, <span class="application"><strong>python</strong></span> with the <code class="option">-c</code> option).
</div><div class="para">
Similar concerns apply to environment variables, the contents of the current directory and its subdirectories.
</div><div class="para">
Consequently, careful analysis is required if it is safe to pass untrusted data to another program.
- </div></div><div class="section" id="sect-Defensive_Coding-Tasks-Processes-Fork-Parallel"><div class="titlepage"><div><div keep-together.within-column="always"><h2 class="title">9.6. <code class="function">fork</code> as a primitive for parallelism</h2></div></div></div><div class="para">
+ </div></div><div class="section" id="sect-Defensive_Coding-Tasks-Processes-Fork-Parallel"><div class="titlepage"><div><div keep-together.within-column="always"><h2 class="title">11.6. <code class="function">fork</code> as a primitive for parallelism</h2></div></div></div><div class="para">
A call to <code class="function">fork</code> which is not immediately followed by a call to <code class="function">execve</code> (perhaps after rearranging and closing file descriptors) is typically unsafe, especially from a library which does not control the state of the entire process. Such use of <code class="function">fork</code> should be replaced with proper child processes or threads.
- </div></div></div><div xml:lang="en-US" class="chapter" id="chap-Defensive_Coding-Tasks-Serialization" lang="en-US"><div class="titlepage"><div><div><h2 class="title">Chapter 10. Serialization and Deserialization</h2></div></div></div><div class="toc"><dl class="toc"><dt><span class="section"><a href="#sect-Defensive_Coding-Tasks-Serialization-Decoders">10.1. Recommendations for manually written decoders</a></span></dt><dt><span class="section"><a href="#idm217619956912">10.2. Protocol design</a></span></dt><dt><span class="section"><a href="#idm217645053984">10.3. Library support for deserialization</a></span></dt><dt><span class="section"><a href="#sect-Defensive_Coding-Tasks-Serialization-XML">10.4. XML serialization</a></span></dt><dd><dl><dt><span class="section"><a href="#sect-Defensive_Coding-Tasks-Serialization-XML-External">10.4.1. External references</a></span></dt><dt><span class="section"><a href="#sect-Defensive_Coding-Tasks-Serialization-XML-Entities">10.4.
2. Entity expansion</a></span></dt><dt><span class="section"><a href="#sect-Defensive_Coding-Tasks-Serialization-XML-XInclude">10.4.3. XInclude processing</a></span></dt><dt><span class="section"><a href="#sect-Defensive_Coding-Tasks-Serialization-XML-Validation">10.4.4. Algorithmic complexity of XML validation</a></span></dt><dt><span class="section"><a href="#sect-Defensive_Coding-Tasks-Serialization-XML-Expat">10.4.5. Using Expat for XML parsing</a></span></dt><dt><span class="section"><a href="#sect-Defensive_Coding-Tasks-Serialization-Qt">10.4.6. Using Qt for XML parsing</a></span></dt><dt><span class="section"><a href="#sect-Defensive_Coding-Tasks-Serialization-XML-OpenJDK_Parse">10.4.7. Using OpenJDK for XML parsing and validation</a></span></dt></dl></dd><dt><span class="section"><a href="#idm217614300256">10.5. Protocol Encoders</a></span></dt></dl></div><div class="para">
+ </div></div></div><div xml:lang="en-US" class="chapter" id="chap-Defensive_Coding-Tasks-Serialization" lang="en-US"><div class="titlepage"><div><div><h2 class="title">Chapter 12. Serialization and Deserialization</h2></div></div></div><div class="toc"><dl class="toc"><dt><span class="section"><a href="#sect-Defensive_Coding-Tasks-Serialization-Decoders">12.1. Recommendations for manually written decoders</a></span></dt><dt><span class="section"><a href="#idm225454526272">12.2. Protocol design</a></span></dt><dt><span class="section"><a href="#sect-Defensive_Coding-Tasks-Serialization-Fragmentation">12.3. Fragmentation</a></span></dt><dd><dl><dt><span class="section"><a href="#sect-Defensive_Coding-Tasks-Serialization-Fragmentation-ID">12.3.1. Fragment IDs</a></span></dt></dl></dd><dt><span class="section"><a href="#idm225453976880">12.4. Library support for deserialization</a></span></dt><dt><span class="section"><a href="#sect-Defensive_Coding-Tasks-Serialization-XML">1
2.5. XML serialization</a></span></dt><dd><dl><dt><span class="section"><a href="#sect-Defensive_Coding-Tasks-Serialization-XML-External">12.5.1. External references</a></span></dt><dt><span class="section"><a href="#sect-Defensive_Coding-Tasks-Serialization-XML-Entities">12.5.2. Entity expansion</a></span></dt><dt><span class="section"><a href="#sect-Defensive_Coding-Tasks-Serialization-XML-XInclude">12.5.3. XInclude processing</a></span></dt><dt><span class="section"><a href="#sect-Defensive_Coding-Tasks-Serialization-XML-Validation">12.5.4. Algorithmic complexity of XML validation</a></span></dt><dt><span class="section"><a href="#sect-Defensive_Coding-Tasks-Serialization-XML-Expat">12.5.5. Using Expat for XML parsing</a></span></dt><dt><span class="section"><a href="#sect-Defensive_Coding-Tasks-Serialization-Qt">12.5.6. Using Qt for XML parsing</a></span></dt><dt><span class="section"><a href="#sect-Defensive_Coding-Tasks-Serialization-XML-OpenJDK_Parse">12.5.7. Using Op
enJDK for XML parsing and validation</a></span></dt></dl></dd><dt><span class="section"><a href="#idm225461438784">12.6. Protocol Encoders</a></span></dt></dl></div><div class="para">
Protocol decoders and file format parsers are often the most-exposed part of an application because they are exposed with little or no user interaction and before any authentication and security checks are made. They are also difficult to write robustly in languages which are not memory-safe.
- </div><div class="section" id="sect-Defensive_Coding-Tasks-Serialization-Decoders"><div class="titlepage"><div><div keep-together.within-column="always"><h2 class="title">10.1. Recommendations for manually written decoders</h2></div></div></div><div class="para">
+ </div><div class="section" id="sect-Defensive_Coding-Tasks-Serialization-Decoders"><div class="titlepage"><div><div keep-together.within-column="always"><h2 class="title">12.1. Recommendations for manually written decoders</h2></div></div></div><div class="para">
For C and C++, the advice in <a class="xref" href="#sect-Defensive_Coding-C-Pointers">Section 1.1.2, “Recommendations for pointers and array handling”</a> applies. In addition, avoid non-character pointers directly into input buffers. Pointer misalignment causes crashes on some architectures.
</div><div class="para">
When reading variable-sized objects, do not allocate large amounts of data solely based on the value of a size field. If possible, grow the data structure as more data is read from the source, and stop when no data is available. This helps to avoid denial-of-service attacks where little amounts of input data results in enormous memory allocations during decoding. Alternatively, you can impose reasonable bounds on memory allocations, but some protocols do not permit this.
- </div></div><div class="section" id="idm217619956912"><div class="titlepage"><div><div keep-together.within-column="always"><h2 class="title" id="idm217619956912">10.2. Protocol design</h2></div></div></div><div class="para">
+ </div></div><div class="section" id="idm225454526272"><div class="titlepage"><div><div keep-together.within-column="always"><h2 class="title" id="idm225454526272">12.2. Protocol design</h2></div></div></div><div class="para">
Binary formats with explicit length fields are more difficult to parse robustly than those where the length of dynamically-sized elements is derived from sentinel values. A protocol which does not use length fields and can be written in printable ASCII characters simplifies testing and debugging. However, binary protocols with length fields may be more efficient to parse.
- </div></div><div class="section" id="idm217645053984"><div class="titlepage"><div><div keep-together.within-column="always"><h2 class="title" id="idm217645053984">10.3. Library support for deserialization</h2></div></div></div><div class="para">
+ </div><div class="para">
+ In new datagram-oriented protocols, unique numbers such as sequence numbers or identifiers for fragment reassembly (see <a class="xref" href="#sect-Defensive_Coding-Tasks-Serialization-Fragmentation">Section 12.3, “Fragmentation”</a>) should be at least 64 bits large, and really should not be smaller than 32 bits in size. Protocols should not permit fragments with overlapping contents.
+ </div></div><div class="section" id="sect-Defensive_Coding-Tasks-Serialization-Fragmentation"><div class="titlepage"><div><div keep-together.within-column="always"><h2 class="title">12.3. Fragmentation</h2></div></div></div><div class="para">
+ Some serialization formats use frames or protocol data units (PDUs) on lower levels which are smaller than the PDUs on higher levels. With such an architecture, higher-level PDUs may have to be <span class="emphasis"><em>fragmented</em></span> into smaller frames during serialization, and frames may need <span class="emphasis"><em>reassembly</em></span> into large PDUs during deserialization.
+ </div><div class="para">
+ Serialization formats may use conceptually similar structures for completely different purposes, for example storing multiple layers and color channels in a single image file.
+ </div><div class="para">
+ When fragmenting PDUs, establish a reasonable lower bound for the size of individual fragments (as large as possible—limits as low as one or even zero can add substantial overhead). Avoid fragmentation if at all possible, and try to obtain the maximum acceptable fragment length from a trusted data source.
+ </div><div class="para">
+ When implementing reassembly, consider the following aspects.
+ </div><div class="itemizedlist"><ul><li class="listitem"><div class="para">
+ Avoid allocating significant amount of resources without proper authentication. Allocate memory for the unfragmented PDU as more and more and fragments are encountered, and not based on the initially advertised unfragmented PDU size, unless there is a sufficiently low limit on the unfragmented PDU size, so that over-allocation cannot lead to performance problems.
+ </div></li><li class="listitem"><div class="para">
+ Reassembly queues on top of datagram-oriented transports should be bounded, both in the combined size of the arrived partial PDUs waiting for reassembly, and the total number of partially reassembled fragments. The latter limit helps to reduce the risk of accidental reassembly of unrelated fragments, as it can happen with small fragment IDs (see <a class="xref" href="#sect-Defensive_Coding-Tasks-Serialization-Fragmentation-ID">Section 12.3.1, “Fragment IDs”</a>). It also guards to some extent against deliberate injection of fragments, by guessing fragment IDs.
+ </div></li><li class="listitem"><div class="para">
+ Carefully keep track of which bytes in the unfragmented PDU have been covered by fragments so far. If message reordering is a concern, the most straightforward data structure for this is an array of bits, with one bit for every byte (or other atomic unit) in the unfragmented PDU. Complete reassembly can be determined by increasing a counter of set bits in the bit array as the bit array is updated, taking overlapping fragments into consideration.
+ </div></li><li class="listitem"><div class="para">
+ Reject overlapping fragments (that is, multiple fragments which provide data at the same offset of the PDU being fragmented), unless the protocol explicitly requires accepting overlapping fragments. The bit array used for tracking already arrived bytes can be used for this purpose.
+ </div></li><li class="listitem"><div class="para">
+ Check for conflicting values of unfragmented PDU lengths (if this length information is part of every fragment) and reject fragments which are inconsistent.
+ </div></li><li class="listitem"><div class="para">
+ Validate fragment lengths and offsets of individual fragments against the unfragmented PDU length (if they are present). Check that the last byte in the fragment does not lie after the end of the unfragmented PDU. Avoid integer overflows in these computations (see <a class="xref" href="#sect-Defensive_Coding-C-Arithmetic">Section 1.1.3, “Recommendations for integer arithmetic”</a>).
+ </div></li></ul></div><div class="section" id="sect-Defensive_Coding-Tasks-Serialization-Fragmentation-ID"><div class="titlepage"><div><div keep-together.within-column="always"><h3 class="title">12.3.1. Fragment IDs</h3></div></div></div><div class="para">
+ If the underlying transport is datagram-oriented (so that PDUs can be reordered, duplicated or be lost, like with UDP), fragment reassembly needs to take into account endpoint addresses of the communication channel, and there has to be some sort of fragment ID which identifies the individual fragments as part of a larger PDU. In addition, the fragmentation protocol will typically involve fragment offsets and fragment lengths, as mentioned above.
+ </div><div class="para">
+ If the transport may be subject to blind PDU injection (again, like UDP), the fragment ID must be generated randomly. If the fragment ID is 64 bit or larger (strongly recommended), it can be generated in a completely random fashion for most traffic volumes. If it is less than 64 bits large (so that accidental collisions can happen if a lot of PDUs are transmitted), the fragment ID should be incremented sequentially from a starting value. The starting value should be derived using a HMAC-like construction from the endpoint addresses, using a long-lived random key. This construction ensures that despite the limited range of the ID, accidental collisions are as unlikely as possible. (This will not work reliable with really short fragment IDs, such as the 16 bit IDs used by the Internet Protocol.)
+ </div></div></div><div class="section" id="idm225453976880"><div class="titlepage"><div><div keep-together.within-column="always"><h2 class="title" id="idm225453976880">12.4. Library support for deserialization</h2></div></div></div><div class="para">
For some languages, generic libraries are available which allow to serialize and deserialize user-defined objects. The deserialization part comes in one of two flavors, depending on the library. The first kind uses type information in the data stream to control which objects are instantiated. The second kind uses type definitions supplied by the programmer. The first one allows arbitrary object instantiation, the second one generally does not.
</div><div class="para">
The following serialization frameworks are in the first category, are known to be unsafe, and must not be used for untrusted data:
</div><div class="itemizedlist"><ul><li class="listitem"><div class="para">
- Python's <span class="package">pickle</span> and <span class="package">cPickle</span> modules
+ Python's <span class="package">pickle</span> and <span class="package">cPickle</span> modules, and wrappers such as <span class="package">shelve</span>
</div></li><li class="listitem"><div class="para">
Perl's <span class="package">Storable</span> package
</div></li><li class="listitem"><div class="para">
@@ -1109,9 +1294,9 @@ AccessController.<span class="perl_Function">doPrivileged</span>(<span class="pe
When using a type-directed deserialization format where the types of the deserialized objects are specified by the programmer, make sure that the objects which can be instantiated cannot perform any destructive actions in their destructors, even when the data members have been manipulated.
</div><div class="para">
In general, JSON decoders do not suffer from this problem. But you must not use the <code class="function">eval</code> function to parse JSON objects in Javascript; even with the regular expression filter from RFC 4627, there are still information leaks remaining. JSON-based formats can still turn out risky if they serve as an encoding form for any if the serialization frameworks listed above.
- </div></div><div class="section" id="sect-Defensive_Coding-Tasks-Serialization-XML"><div class="titlepage"><div><div keep-together.within-column="always"><h2 class="title">10.4. XML serialization</h2></div></div></div><div class="para">
+ </div></div><div class="section" id="sect-Defensive_Coding-Tasks-Serialization-XML"><div class="titlepage"><div><div keep-together.within-column="always"><h2 class="title">12.5. XML serialization</h2></div></div></div><div class="para">
- </div><div class="section" id="sect-Defensive_Coding-Tasks-Serialization-XML-External"><div class="titlepage"><div><div keep-together.within-column="always"><h3 class="title">10.4.1. External references</h3></div></div></div><div class="para">
+ </div><div class="section" id="sect-Defensive_Coding-Tasks-Serialization-XML-External"><div class="titlepage"><div><div keep-together.within-column="always"><h3 class="title">12.5.1. External references</h3></div></div></div><div class="para">
XML documents can contain external references. They can occur in various places.
</div><div class="itemizedlist"><ul><li class="listitem"><div class="para">
In the DTD declaration in the header of an XML document:
@@ -1137,21 +1322,21 @@ AccessController.<span class="perl_Function">doPrivileged</span>(<span class="pe
Originally, these external references were intended as unique identifiers, but by many XML implementations, they are used for locating the data for the referenced element. This causes unwanted network traffic, and may disclose file system contents or otherwise unreachable network resources, so this functionality should be disabled.
</div><div class="para">
Depending on the XML library, external referenced might be processed not just when parsing XML, but also when generating it.
- </div></div><div class="section" id="sect-Defensive_Coding-Tasks-Serialization-XML-Entities"><div class="titlepage"><div><div keep-together.within-column="always"><h3 class="title">10.4.2. Entity expansion</h3></div></div></div><div class="para">
+ </div></div><div class="section" id="sect-Defensive_Coding-Tasks-Serialization-XML-Entities"><div class="titlepage"><div><div keep-together.within-column="always"><h3 class="title">12.5.2. Entity expansion</h3></div></div></div><div class="para">
When external DTD processing is disabled, an internal DTD subset can still contain entity definitions. Entity declarations can reference other entities. Some XML libraries expand entities automatically, and this processing cannot be switched off in some places (such as attribute values or content models). Without limits on the entity nesting level, this expansion results in data which can grow exponentially in length with size of the input. (If there is a limit on the nesting level, the growth is still polynomial, unless further limits are imposed.)
</div><div class="para">
Consequently, the processing internal DTD subsets should be disabled if possible, and only trusted DTDs should be processed. If a particular XML application does not permit such restrictions, then application-specific limits are called for.
- </div></div><div class="section" id="sect-Defensive_Coding-Tasks-Serialization-XML-XInclude"><div class="titlepage"><div><div keep-together.within-column="always"><h3 class="title">10.4.3. XInclude processing</h3></div></div></div><div class="para">
+ </div></div><div class="section" id="sect-Defensive_Coding-Tasks-Serialization-XML-XInclude"><div class="titlepage"><div><div keep-together.within-column="always"><h3 class="title">12.5.3. XInclude processing</h3></div></div></div><div class="para">
XInclude processing can reference file and network resources and include them into the document, much like external entity references. When parsing untrusted XML documents, XInclude processing should be truned off.
</div><div class="para">
XInclude processing is also fairly complex and may pull in support for the XPointer and XPath specifications, considerably increasing the amount of code required for XML processing.
- </div></div><div class="section" id="sect-Defensive_Coding-Tasks-Serialization-XML-Validation"><div class="titlepage"><div><div keep-together.within-column="always"><h3 class="title">10.4.4. Algorithmic complexity of XML validation</h3></div></div></div><div class="para">
+ </div></div><div class="section" id="sect-Defensive_Coding-Tasks-Serialization-XML-Validation"><div class="titlepage"><div><div keep-together.within-column="always"><h3 class="title">12.5.4. Algorithmic complexity of XML validation</h3></div></div></div><div class="para">
DTD-based XML validation uses regular expressions for content models. The XML specification requires that content models are deterministic, which means that efficient validation is possible. However, some implementations do not enforce determinism, and require exponential (or just polynomial) amount of space or time for validating some DTD/document combinations.
</div><div class="para">
XML schemas and RELAX NG (via the <code class="literal">xsd:</code> prefix) directly support textual regular expressions which are not required to be deterministic.
- </div></div><div class="section" id="sect-Defensive_Coding-Tasks-Serialization-XML-Expat"><div class="titlepage"><div><div keep-together.within-column="always"><h3 class="title">10.4.5. Using Expat for XML parsing</h3></div></div></div><div class="para">
- By default, Expat does not try to resolve external IDs, so no steps are required to block them. However, internal entity declarations are processed. Installing a callback which stops parsing as soon as such entities are encountered disables them, see <a class="xref" href="#ex-Defensive_Coding-Tasks-Serialization-XML-Expat-EntityDeclHandler">Example 10.1, “Disabling XML entity processing with Expat”</a>. Expat does not perform any validation, so there are no problems related to that.
- </div><div class="example" id="ex-Defensive_Coding-Tasks-Serialization-XML-Expat-EntityDeclHandler"><h6>Example 10.1. Disabling XML entity processing with Expat</h6><div class="example-contents"><pre xml:lang="en-US" class="programlisting" lang="en-US">
+ </div></div><div class="section" id="sect-Defensive_Coding-Tasks-Serialization-XML-Expat"><div class="titlepage"><div><div keep-together.within-column="always"><h3 class="title">12.5.5. Using Expat for XML parsing</h3></div></div></div><div class="para">
+ By default, Expat does not try to resolve external IDs, so no steps are required to block them. However, internal entity declarations are processed. Installing a callback which stops parsing as soon as such entities are encountered disables them, see <a class="xref" href="#ex-Defensive_Coding-Tasks-Serialization-XML-Expat-EntityDeclHandler">Example 12.1, “Disabling XML entity processing with Expat”</a>. Expat does not perform any validation, so there are no problems related to that.
+ </div><div class="example" id="ex-Defensive_Coding-Tasks-Serialization-XML-Expat-EntityDeclHandler"><h6>Example 12.1. Disabling XML entity processing with Expat</h6><div class="example-contents"><pre xml:lang="en-US" class="programlisting" lang="en-US">
<span class="perl_Comment">// Stop the parser when an entity declaration is encountered.</span><span class="perl_Comment"></span>
<span class="perl_Comment"></span><span class="perl_DataType">static</span> <span class="perl_DataType">void</span>
EntityDeclHandler(<span class="perl_DataType">void</span> *userData,
@@ -1163,8 +1348,8 @@ EntityDeclHandler(<span class="perl_DataType">void</span> *userData,
XML_StopParser((XML_Parser)userData, XML_FALSE);
}
</pre></div></div><br class="example-break" /><div class="para">
- This handler must be installed when the <code class="literal">XML_Parser</code> object is created (<a class="xref" href="#ex-Defensive_Coding-Tasks-Serialization-XML-Expat-Create">Example 10.2, “Creating an Expat XML parser”</a>).
- </div><div class="example" id="ex-Defensive_Coding-Tasks-Serialization-XML-Expat-Create"><h6>Example 10.2. Creating an Expat XML parser</h6><div class="example-contents"><pre xml:lang="en-US" class="programlisting" lang="en-US">
+ This handler must be installed when the <code class="literal">XML_Parser</code> object is created (<a class="xref" href="#ex-Defensive_Coding-Tasks-Serialization-XML-Expat-Create">Example 12.2, “Creating an Expat XML parser”</a>).
+ </div><div class="example" id="ex-Defensive_Coding-Tasks-Serialization-XML-Expat-Create"><h6>Example 12.2. Creating an Expat XML parser</h6><div class="example-contents"><pre xml:lang="en-US" class="programlisting" lang="en-US">
XML_Parser parser = XML_ParserCreate(<span class="perl_String">"UTF-8"</span>);
<span class="perl_Keyword">if</span> (parser == NULL) {
fprintf(stderr, <span class="perl_String">"XML_ParserCreate failed</span><span class="perl_Char">\n</span><span class="perl_String">"</span>);
@@ -1178,11 +1363,11 @@ XML_Parser parser = XML_ParserCreate(<span class="perl_String">"UTF-8"</span>);
<span class="perl_Comment"></span>XML_SetEntityDeclHandler(parser, EntityDeclHandler);
</pre></div></div><br class="example-break" /><div class="para">
It is also possible to reject internal DTD subsets altogeher, using a suitable <code class="literal">XML_StartDoctypeDeclHandler</code> handler installed with <code class="function">XML_SetDoctypeDeclHandler</code>.
- </div></div><div class="section" id="sect-Defensive_Coding-Tasks-Serialization-Qt"><div class="titlepage"><div><div keep-together.within-column="always"><h3 class="title">10.4.6. Using Qt for XML parsing</h3></div></div></div><div class="para">
+ </div></div><div class="section" id="sect-Defensive_Coding-Tasks-Serialization-Qt"><div class="titlepage"><div><div keep-together.within-column="always"><h3 class="title">12.5.6. Using Qt for XML parsing</h3></div></div></div><div class="para">
The XML component of Qt, QtXml, does not resolve external IDs by default, so it is not requred to prevent such resolution. Internal entities are processed, though. To change that, a custom <code class="literal">QXmlDeclHandler</code> and <code class="literal">QXmlSimpleReader</code> subclasses are needed. It is not possible to use the <code class="function">QDomDocument::setContent(const QByteArray &)</code> convenience methods.
</div><div class="para">
- <a class="xref" href="#ex-Defensive_Coding-Tasks-Serialization-XML-Qt-NoEntityHandler">Example 10.3, “A QtXml entity handler which blocks entity processing”</a> shows an entity handler which always returns errors, causing parsing to stop when encountering entity declarations.
- </div><div class="example" id="ex-Defensive_Coding-Tasks-Serialization-XML-Qt-NoEntityHandler"><h6>Example 10.3. A QtXml entity handler which blocks entity processing</h6><div class="example-contents"><pre xml:lang="en-US" class="programlisting" lang="en-US">
+ <a class="xref" href="#ex-Defensive_Coding-Tasks-Serialization-XML-Qt-NoEntityHandler">Example 12.3, “A QtXml entity handler which blocks entity processing”</a> shows an entity handler which always returns errors, causing parsing to stop when encountering entity declarations.
+ </div><div class="example" id="ex-Defensive_Coding-Tasks-Serialization-XML-Qt-NoEntityHandler"><h6>Example 12.3. A QtXml entity handler which blocks entity processing</h6><div class="example-contents"><pre xml:lang="en-US" class="programlisting" lang="en-US">
class NoEntityHandler : public QXmlDeclHandler {
public:
bool attributeDecl(<span class="perl_DataType">const</span> QString&, <span class="perl_DataType">const</span> QString&, <span class="perl_DataType">const</span> QString&,
@@ -1220,8 +1405,8 @@ NoEntityHandler::errorString() <span class="perl_DataType">const</span>
<span class="perl_Keyword">return</span> <span class="perl_String">"XML declaration not permitted"</span>;
}
</pre></div></div><br class="example-break" /><div class="para">
- This handler is used in the custom <code class="literal">QXmlReader</code> subclass in <a class="xref" href="#ex-Defensive_Coding-Tasks-Serialization-XML-Qt-NoEntityReader">Example 10.4, “A QtXml XML reader which blocks entity processing”</a>. Some parts of QtXml will call the <code class="function">setDeclHandler(QXmlDeclHandler *)</code> method. Consequently, we prevent overriding our custom handler by providing a definition of this method which does nothing. In the constructor, we activate namespace processing; this part may need adjusting.
- </div><div class="example" id="ex-Defensive_Coding-Tasks-Serialization-XML-Qt-NoEntityReader"><h6>Example 10.4. A QtXml XML reader which blocks entity processing</h6><div class="example-contents"><pre xml:lang="en-US" class="programlisting" lang="en-US">
+ This handler is used in the custom <code class="literal">QXmlReader</code> subclass in <a class="xref" href="#ex-Defensive_Coding-Tasks-Serialization-XML-Qt-NoEntityReader">Example 12.4, “A QtXml XML reader which blocks entity processing”</a>. Some parts of QtXml will call the <code class="function">setDeclHandler(QXmlDeclHandler *)</code> method. Consequently, we prevent overriding our custom handler by providing a definition of this method which does nothing. In the constructor, we activate namespace processing; this part may need adjusting.
+ </div><div class="example" id="ex-Defensive_Coding-Tasks-Serialization-XML-Qt-NoEntityReader"><h6>Example 12.4. A QtXml XML reader which blocks entity processing</h6><div class="example-contents"><pre xml:lang="en-US" class="programlisting" lang="en-US">
class NoEntityReader : public QXmlSimpleReader {
NoEntityHandler handler;
public:
@@ -1242,8 +1427,8 @@ NoEntityReader::setDeclHandler(QXmlDeclHandler *)
<span class="perl_Comment">// Ignore the handler which was passed in.</span><span class="perl_Comment"></span>
<span class="perl_Comment"></span>}
</pre></div></div><br class="example-break" /><div class="para">
- Our <code class="literal">NoEntityReader</code> class can be used with one of the overloaded <code class="function">QDomDocument::setContent</code> methods. <a class="xref" href="#ex-Defensive_Coding-Tasks-Serialization-XML-Qt-QDomDocument">Example 10.5, “Parsing an XML document with QDomDocument, without entity expansion”</a> shows how the <code class="literal">buffer</code> object (of type <code class="literal">QByteArray</code>) is wrapped as a <code class="literal">QXmlInputSource</code>. After calling the <code class="function">setContent</code> method, you should check the return value and report any error.
- </div><div class="example" id="ex-Defensive_Coding-Tasks-Serialization-XML-Qt-QDomDocument"><h6>Example 10.5. Parsing an XML document with QDomDocument, without entity expansion</h6><div class="example-contents"><pre xml:lang="en-US" class="programlisting" lang="en-US">
+ Our <code class="literal">NoEntityReader</code> class can be used with one of the overloaded <code class="function">QDomDocument::setContent</code> methods. <a class="xref" href="#ex-Defensive_Coding-Tasks-Serialization-XML-Qt-QDomDocument">Example 12.5, “Parsing an XML document with QDomDocument, without entity expansion”</a> shows how the <code class="literal">buffer</code> object (of type <code class="literal">QByteArray</code>) is wrapped as a <code class="literal">QXmlInputSource</code>. After calling the <code class="function">setContent</code> method, you should check the return value and report any error.
+ </div><div class="example" id="ex-Defensive_Coding-Tasks-Serialization-XML-Qt-QDomDocument"><h6>Example 12.5. Parsing an XML document with QDomDocument, without entity expansion</h6><div class="example-contents"><pre xml:lang="en-US" class="programlisting" lang="en-US">
NoEntityReader reader;
QBuffer buffer(&data);
buffer.open(QIODevice::ReadOnly);
@@ -1254,13 +1439,13 @@ QString errorMsg;
<span class="perl_DataType">int</span> errorColumn;
bool okay = doc.setContent
(&source, &reader, &errorMsg, &errorLine, &errorColumn);
-</pre></div></div><br class="example-break" /></div><div class="section" id="sect-Defensive_Coding-Tasks-Serialization-XML-OpenJDK_Parse"><div class="titlepage"><div><div keep-together.within-column="always"><h3 class="title">10.4.7. Using OpenJDK for XML parsing and validation</h3></div></div></div><div class="para">
+</pre></div></div><br class="example-break" /></div><div class="section" id="sect-Defensive_Coding-Tasks-Serialization-XML-OpenJDK_Parse"><div class="titlepage"><div><div keep-together.within-column="always"><h3 class="title">12.5.7. Using OpenJDK for XML parsing and validation</h3></div></div></div><div class="para">
OpenJDK contains facilities for DOM-based, SAX-based, and StAX-based document parsing. Documents can be validated against DTDs or XML schemas.
</div><div class="para">
- The approach taken to deal with entity expansion differs from the general recommendation in <a class="xref" href="#sect-Defensive_Coding-Tasks-Serialization-XML-Entities">Section 10.4.2, “Entity expansion”</a>. We enable the the feature flag <code class="literal">javax.xml.XMLConstants.FEATURE_SECURE_PROCESSING</code>, which enforces heuristic restrictions on the number of entity expansions. Note that this flag alone does not prevent resolution of external references (system IDs or public IDs), so it is slightly misnamed.
+ The approach taken to deal with entity expansion differs from the general recommendation in <a class="xref" href="#sect-Defensive_Coding-Tasks-Serialization-XML-Entities">Section 12.5.2, “Entity expansion”</a>. We enable the the feature flag <code class="literal">javax.xml.XMLConstants.FEATURE_SECURE_PROCESSING</code>, which enforces heuristic restrictions on the number of entity expansions. Note that this flag alone does not prevent resolution of external references (system IDs or public IDs), so it is slightly misnamed.
</div><div class="para">
In the following sections, we use helper classes to prevent external ID resolution.
- </div><div class="example" id="ex-Defensive_Coding-Tasks-Serialization-XML-OpenJDK-NoEntityResolver"><h6>Example 10.6. Helper class to prevent DTD external entity resolution in OpenJDK</h6><div class="example-contents"><pre xml:lang="en-US" class="programlisting" lang="en-US">
+ </div><div class="example" id="ex-Defensive_Coding-Tasks-Serialization-XML-OpenJDK-NoEntityResolver"><h6>Example 12.6. Helper class to prevent DTD external entity resolution in OpenJDK</h6><div class="example-contents"><pre xml:lang="en-US" class="programlisting" lang="en-US">
<span class="perl_Keyword">class</span> NoEntityResolver <span class="perl_Keyword">implements</span> EntityResolver {
@Override
<span class="perl_Keyword">public</span> InputSource <span class="perl_Function">resolveEntity</span>(String publicId, String systemId)
@@ -1270,7 +1455,7 @@ bool okay = doc.setContent
<span class="perl_Function"></span> <span class="perl_String">"attempt to resolve </span><span class="perl_Char">\"</span><span class="perl_String">%s</span><span class="perl_Char">\"</span><span class="perl_String"> </span><span class="perl_Char">\"</span><span class="perl_String">%s</span><span class="perl_Char">\"</span><span class="perl_String">"</span>, publicId, systemId));
}
}
-</pre></div></div><br class="example-break" /><div class="example" id="ex-Defensive_Coding-Tasks-Serialization-XML-OpenJDK-NoResourceResolver"><h6>Example 10.7. Helper class to prevent schema resolution in OpenJDK</h6><div class="example-contents"><pre xml:lang="en-US" class="programlisting" lang="en-US">
+</pre></div></div><br class="example-break" /><div class="example" id="ex-Defensive_Coding-Tasks-Serialization-XML-OpenJDK-NoResourceResolver"><h6>Example 12.7. Helper class to prevent schema resolution in OpenJDK</h6><div class="example-contents"><pre xml:lang="en-US" class="programlisting" lang="en-US">
<span class="perl_Keyword">class</span> NoResourceResolver <span class="perl_Keyword">implements</span> LSResourceResolver {
@Override
<span class="perl_Keyword">public</span> LSInput <span class="perl_Function">resolveResource</span>(String type, String namespaceURI,
@@ -1283,8 +1468,8 @@ bool okay = doc.setContent
}
}
</pre></div></div><br class="example-break" /><div class="para">
- <a class="xref" href="#ex-Defensive_Coding-Tasks-Serialization-XML-OpenJDK-Imports">Example 10.8, “Java imports for OpenJDK XML parsing”</a> shows the imports used by the examples.
- </div><div class="example" id="ex-Defensive_Coding-Tasks-Serialization-XML-OpenJDK-Imports"><h6>Example 10.8. Java imports for OpenJDK XML parsing</h6><div class="example-contents"><pre xml:lang="en-US" class="programlisting" lang="en-US">
+ <a class="xref" href="#ex-Defensive_Coding-Tasks-Serialization-XML-OpenJDK-Imports">Example 12.8, “Java imports for OpenJDK XML parsing”</a> shows the imports used by the examples.
+ </div><div class="example" id="ex-Defensive_Coding-Tasks-Serialization-XML-OpenJDK-Imports"><h6>Example 12.8. Java imports for OpenJDK XML parsing</h6><div class="example-contents"><pre xml:lang="en-US" class="programlisting" lang="en-US">
<span class="perl_Keyword">import</span> javax.xml.XMLConstants;
<span class="perl_Keyword">import</span> javax.xml.parsers.DocumentBuilder;
<span class="perl_Keyword">import</span> javax.xml.parsers.DocumentBuilderFactory;
@@ -1306,9 +1491,9 @@ bool okay = doc.setContent
<span class="perl_Keyword">import</span> org.xml.sax.SAXException;
<span class="perl_Keyword">import</span> org.xml.sax.SAXParseException;
<span class="perl_Keyword">import org.xml.sax.XMLReader;</span>
-</pre></div></div><br class="example-break" /><div class="section" id="sect-Defensive_Coding-Tasks-Serialization-XML-OpenJDK_Parse-DOM"><div class="titlepage"><div><div keep-together.within-column="always"><h4 class="title">10.4.7.1. DOM-based XML parsing and DTD validation in OpenJDK</h4></div></div></div><div class="para">
- This approach produces a <code class="literal">org.w3c.dom.Document</code> object from an input stream. <a class="xref" href="#ex-Defensive_Coding-Tasks-Serialization-XML-OpenJDK_Parse-DOM">Example 10.9, “DOM-based XML parsing in OpenJDK”</a> use the data from the <code class="literal">java.io.InputStream</code> instance in the <code class="literal">inputStream</code> variable.
- </div><div class="example" id="ex-Defensive_Coding-Tasks-Serialization-XML-OpenJDK_Parse-DOM"><h6>Example 10.9. DOM-based XML parsing in OpenJDK</h6><div class="example-contents"><pre xml:lang="en-US" class="programlisting" lang="en-US">
+</pre></div></div><br class="example-break" /><div class="section" id="sect-Defensive_Coding-Tasks-Serialization-XML-OpenJDK_Parse-DOM"><div class="titlepage"><div><div keep-together.within-column="always"><h4 class="title">12.5.7.1. DOM-based XML parsing and DTD validation in OpenJDK</h4></div></div></div><div class="para">
+ This approach produces a <code class="literal">org.w3c.dom.Document</code> object from an input stream. <a class="xref" href="#ex-Defensive_Coding-Tasks-Serialization-XML-OpenJDK_Parse-DOM">Example 12.9, “DOM-based XML parsing in OpenJDK”</a> use the data from the <code class="literal">java.io.InputStream</code> instance in the <code class="literal">inputStream</code> variable.
+ </div><div class="example" id="ex-Defensive_Coding-Tasks-Serialization-XML-OpenJDK_Parse-DOM"><h6>Example 12.9. DOM-based XML parsing in OpenJDK</h6><div class="example-contents"><pre xml:lang="en-US" class="programlisting" lang="en-US">
DocumentBuilderFactory factory = DocumentBuilderFactory.<span class="perl_Function">newInstance</span>();
<span class="perl_Comment">// Impose restrictions on the complexity of the DTD.</span><span class="perl_Comment"></span>
<span class="perl_Comment"></span>factory.<span class="perl_Function">setFeature</span>(XMLConstants.<span class="perl_Function">FEATURE_SECURE_PROCESSING</span>, <span class="perl_Keyword">true</span>);
@@ -1323,12 +1508,12 @@ builder.<span class="perl_Function">setEntityResolver</span>(<span class="perl_K
builder.<span class="perl_Function">setErrorHandler</span>(<span class="perl_Keyword">new</span> <span class="perl_Function">Errors</span>());
Document document = builder.<span class="perl_Function">parse</span>(inputStream);
</pre></div></div><br class="example-break" /><div class="para">
- External entity references are prohibited using the <code class="literal">NoEntityResolver</code> class in <a class="xref" href="#ex-Defensive_Coding-Tasks-Serialization-XML-OpenJDK-NoEntityResolver">Example 10.6, “Helper class to prevent DTD external entity resolution in OpenJDK”</a>. Because external DTD references are prohibited, DTD validation (if enabled) will only happen against the internal DTD subset embedded in the XML document.
+ External entity references are prohibited using the <code class="literal">NoEntityResolver</code> class in <a class="xref" href="#ex-Defensive_Coding-Tasks-Serialization-XML-OpenJDK-NoEntityResolver">Example 12.6, “Helper class to prevent DTD external entity resolution in OpenJDK”</a>. Because external DTD references are prohibited, DTD validation (if enabled) will only happen against the internal DTD subset embedded in the XML document.
</div><div class="para">
To validate the document against an external DTD, use a <code class="literal">javax.xml.transform.Transformer</code> class to add the DTD reference to the document, and an entity resolver which whitelists this external reference.
- </div></div><div class="section" id="sect-Defensive_Coding-Tasks-Serialization-XML-OpenJDK_Parse-SAX"><div class="titlepage"><div><div keep-together.within-column="always"><h4 class="title">10.4.7.2. XML Schema validation in OpenJDK</h4></div></div></div><div class="para">
- <a class="xref" href="#ex-Defensive_Coding-Tasks-Serialization-XML-OpenJDK_Parse-XMLSchema_SAX">Example 10.10, “SAX-based validation against an XML schema in OpenJDK”</a> shows how to validate a document against an XML Schema, using a SAX-based approach. The XML data is read from an <code class="literal">java.io.InputStream</code> in the <code class="literal">inputStream</code> variable.
- </div><div class="example" id="ex-Defensive_Coding-Tasks-Serialization-XML-OpenJDK_Parse-XMLSchema_SAX"><h6>Example 10.10. SAX-based validation against an XML schema in OpenJDK</h6><div class="example-contents"><pre xml:lang="en-US" class="programlisting" lang="en-US">
+ </div></div><div class="section" id="sect-Defensive_Coding-Tasks-Serialization-XML-OpenJDK_Parse-SAX"><div class="titlepage"><div><div keep-together.within-column="always"><h4 class="title">12.5.7.2. XML Schema validation in OpenJDK</h4></div></div></div><div class="para">
+ <a class="xref" href="#ex-Defensive_Coding-Tasks-Serialization-XML-OpenJDK_Parse-XMLSchema_SAX">Example 12.10, “SAX-based validation against an XML schema in OpenJDK”</a> shows how to validate a document against an XML Schema, using a SAX-based approach. The XML data is read from an <code class="literal">java.io.InputStream</code> in the <code class="literal">inputStream</code> variable.
+ </div><div class="example" id="ex-Defensive_Coding-Tasks-Serialization-XML-OpenJDK_Parse-XMLSchema_SAX"><h6>Example 12.10. SAX-based validation against an XML schema in OpenJDK</h6><div class="example-contents"><pre xml:lang="en-US" class="programlisting" lang="en-US">
SchemaFactory factory = SchemaFactory.<span class="perl_Function">newInstance</span>(
XMLConstants.<span class="perl_Function">W3C_XML_SCHEMA_NS_URI</span>);
@@ -1350,10 +1535,10 @@ Validator validator = schema.<span class="perl_Function">newValidator</span>();
validator.<span class="perl_Function">validate</span>(<span class="perl_Keyword">new</span> SAXSource(<span class="perl_Keyword">new</span> InputSource(inputStream)));
</pre></div></div><br class="example-break" /><div class="para">
- The <code class="literal">NoResourceResolver</code> class is defined in <a class="xref" href="#ex-Defensive_Coding-Tasks-Serialization-XML-OpenJDK-NoResourceResolver">Example 10.7, “Helper class to prevent schema resolution in OpenJDK”</a>.
+ The <code class="literal">NoResourceResolver</code> class is defined in <a class="xref" href="#ex-Defensive_Coding-Tasks-Serialization-XML-OpenJDK-NoResourceResolver">Example 12.7, “Helper class to prevent schema resolution in OpenJDK”</a>.
</div><div class="para">
- If you need to validate a document against an XML schema, use the code in <a class="xref" href="#ex-Defensive_Coding-Tasks-Serialization-XML-OpenJDK_Parse-DOM">Example 10.9, “DOM-based XML parsing in OpenJDK”</a> to create the document, but do not enable validation at this point. Then use <a class="xref" href="#ex-Defensive_Coding-Tasks-Serialization-XML-OpenJDK_Parse-XMLSchema_DOM">Example 10.11, “Validation of a DOM document against an XML schema in OpenJDK”</a> to perform the schema-based validation on the <code class="literal">org.w3c.dom.Document</code> instance <code class="literal">document</code>.
- </div><div class="example" id="ex-Defensive_Coding-Tasks-Serialization-XML-OpenJDK_Parse-XMLSchema_DOM"><h6>Example 10.11. Validation of a DOM document against an XML schema in OpenJDK</h6><div class="example-contents"><pre xml:lang="en-US" class="programlisting" lang="en-US">
+ If you need to validate a document against an XML schema, use the code in <a class="xref" href="#ex-Defensive_Coding-Tasks-Serialization-XML-OpenJDK_Parse-DOM">Example 12.9, “DOM-based XML parsing in OpenJDK”</a> to create the document, but do not enable validation at this point. Then use <a class="xref" href="#ex-Defensive_Coding-Tasks-Serialization-XML-OpenJDK_Parse-XMLSchema_DOM">Example 12.11, “Validation of a DOM document against an XML schema in OpenJDK”</a> to perform the schema-based validation on the <code class="literal">org.w3c.dom.Document</code> instance <code class="literal">document</code>.
+ </div><div class="example" id="ex-Defensive_Coding-Tasks-Serialization-XML-OpenJDK_Parse-XMLSchema_DOM"><h6>Example 12.11. Validation of a DOM document against an XML schema in OpenJDK</h6><div class="example-contents"><pre xml:lang="en-US" class="programlisting" lang="en-US">
SchemaFactory factory = SchemaFactory.<span class="perl_Function">newInstance</span>(
XMLConstants.<span class="perl_Function">W3C_XML_SCHEMA_NS_URI</span>);
@@ -1371,17 +1556,17 @@ Validator validator = schema.<span class="perl_Function">newValidator</span>();
<span class="perl_Comment">// This prevents external resource resolution.</span><span class="perl_Comment"></span>
<span class="perl_Comment"></span>validator.<span class="perl_Function">setResourceResolver</span>(<span class="perl_Keyword">new</span> <span class="perl_Function">NoResourceResolver</span>());
validator.<span class="perl_Function">validate</span>(<span class="perl_Keyword">new</span> DOMSource(document));
-</pre></div></div><br class="example-break" /></div><div class="section" id="sect-Defensive_Coding-Tasks-Serialization-XML-OpenJDK_Parse-Other"><div class="titlepage"><div><div keep-together.within-column="always"><h4 class="title">10.4.7.3. Other XML parsers in OpenJDK</h4></div></div></div><div class="para">
+</pre></div></div><br class="example-break" /></div><div class="section" id="sect-Defensive_Coding-Tasks-Serialization-XML-OpenJDK_Parse-Other"><div class="titlepage"><div><div keep-together.within-column="always"><h4 class="title">12.5.7.3. Other XML parsers in OpenJDK</h4></div></div></div><div class="para">
OpenJDK contains additional XML parsing and processing facilities. Some of them are insecure.
</div><div class="para">
- The class <span class="type">java.beans.XMLDecoder</span> acts as a bridge between the Java object serialization format and XML. It is close to impossible to securely deserialize Java objects in this format from untrusted inputs, so its use is not recommended, as with the Java object serialization format itself. See <a class="xref" href="#sect-Defensive_Coding-Tasks-Serialization-Library">Section 10.3, “Library support for deserialization”</a>.
- </div></div></div></div><div class="section" id="idm217614300256"><div class="titlepage"><div><div keep-together.within-column="always"><h2 class="title" id="idm217614300256">10.5. Protocol Encoders</h2></div></div></div><div class="para">
+ The class <span class="type">java.beans.XMLDecoder</span> acts as a bridge between the Java object serialization format and XML. It is close to impossible to securely deserialize Java objects in this format from untrusted inputs, so its use is not recommended, as with the Java object serialization format itself. See <a class="xref" href="#sect-Defensive_Coding-Tasks-Serialization-Library">Section 12.4, “Library support for deserialization”</a>.
+ </div></div></div></div><div class="section" id="idm225461438784"><div class="titlepage"><div><div keep-together.within-column="always"><h2 class="title" id="idm225461438784">12.6. Protocol Encoders</h2></div></div></div><div class="para">
For protocol encoders, you should write bytes to a buffer which grows as needed, using an exponential sizing policy. Explicit lengths can be patched in later, once they are known. Allocating the required number of bytes upfront typically requires separate code to compute the final size, which must be kept in sync with the actual encoding step, or vulnerabilities may result. In multi-threaded code, parts of the object being deserialized might change, so that the computed size is out of date.
</div><div class="para">
You should avoid copying data directly from a received packet during encoding, disregarding the format. Propagating malformed data could enable attacks on other recipients of that data.
</div><div class="para">
When using C or C++ and copying whole data structures directly into the output, make sure that you do not leak information in padding bytes between fields or at the end of the <code class="literal">struct</code>.
- </div></div></div><div xml:lang="en-US" class="chapter" id="chap-Defensive_Coding-Tasks-Cryptography" lang="en-US"><div class="titlepage"><div><div><h2 class="title">Chapter 11. Cryptography</h2></div></div></div><div class="toc"><dl class="toc"><dt><span class="section"><a href="#idm217608525920">11.1. Primitives</a></span></dt><dt><span class="section"><a href="#idm217628358944">11.2. Randomness</a></span></dt></dl></div><div class="section" id="idm217608525920"><div class="titlepage"><div><div keep-together.within-column="always"><h2 class="title" id="idm217608525920">11.1. Primitives</h2></div></div></div><div class="para">
+ </div></div></div><div xml:lang="en-US" class="chapter" id="chap-Defensive_Coding-Tasks-Cryptography" lang="en-US"><div class="titlepage"><div><div><h2 class="title">Chapter 13. Cryptography</h2></div></div></div><div class="toc"><dl class="toc"><dt><span class="section"><a href="#idm225439624448">13.1. Primitives</a></span></dt><dt><span class="section"><a href="#idm225469447536">13.2. Randomness</a></span></dt></dl></div><div class="section" id="idm225439624448"><div class="titlepage"><div><div keep-together.within-column="always"><h2 class="title" id="idm225439624448">13.1. Primitives</h2></div></div></div><div class="para">
Choosing from the following cryptographic primitives is recommended:
</div><div class="itemizedlist"><ul><li class="listitem"><div class="para">
RSA with 2048 bit keys and OAEP
@@ -1410,8 +1595,8 @@ validator.<span class="perl_Function">validate</span>(<span class="perl_Keyword"
</div></li><li class="listitem"><div class="para">
HMAC-MD5
</div></li></ul></div><div class="important"><div class="admonition_header"><h2>Important</h2></div><div class="admonition"><div class="para">
- These primitives are difficult to use in a secure way. Custom implementation of security protocols should be avoided. For protecting confidentiality and integrity of network transmissions, TLS should be used (<a class="xref" href="#chap-Defensive_Coding-TLS">Chapter 13, <em>Transport Layer Security</em></a>).
- </div></div></div></div><div class="section" id="idm217628358944"><div class="titlepage"><div><div keep-together.within-column="always"><h2 class="title" id="idm217628358944">11.2. Randomness</h2></div></div></div><div class="para">
+ These primitives are difficult to use in a secure way. Custom implementation of security protocols should be avoided. For protecting confidentiality and integrity of network transmissions, TLS should be used (<a class="xref" href="#chap-Defensive_Coding-TLS">Chapter 16, <em>Transport Layer Security</em></a>).
+ </div></div></div></div><div class="section" id="idm225469447536"><div class="titlepage"><div><div keep-together.within-column="always"><h2 class="title" id="idm225469447536">13.2. Randomness</h2></div></div></div><div class="para">
The following facilities can be used to generate unpredictable and non-repeating values. When these functions are used without special safeguards, each individual random value should be at least 12 bytes long.
</div><div class="itemizedlist"><ul><li class="listitem"><div class="para">
<code class="function">PK11_GenerateRandom</code> in the NSS library (usable for high data rates)
@@ -1433,7 +1618,77 @@ validator.<span class="perl_Function">validate</span>(<span class="perl_Keyword"
Other sources of randomness should be considered predictable.
</div><div class="para">
Generating randomness for cryptographic keys in long-term use may need different steps and is best left to cryptographic libraries.
- </div></div></div></div><div class="part" id="idm217604414304"><div class="titlepage"><div><div text-align="center"><h1 class="title">Part III. Implementing Security Features</h1></div></div></div><div class="toc"><p><strong>Table of Contents</strong></p><dl class="toc"><dt><span class="chapter"><a href="#chap-Defensive_Coding-Authentication">12. Authentication and Authorization</a></span></dt><dd><dl><dt><span class="section"><a href="#sect-Defensive_Coding-Authentication-Server">12.1. Authenticating servers</a></span></dt><dt><span class="section"><a href="#sect-Defensive_Coding-Authentication-Host_based">12.2. Host-based authentication</a></span></dt><dt><span class="section"><a href="#sect-Defensive_Coding-Authentication-UNIX_Domain">12.3. UNIX domain socket authentication</a></span></dt><dt><span class="section"><a href="#sect-Defensive_Coding-Authentication-Netlink">12.4. <code class="literal">AF_NETLINK</code> authentication of origin</a></span></dt></dl></dd><dt>
<span class="chapter"><a href="#chap-Defensive_Coding-TLS">13. Transport Layer Security</a></span></dt><dd><dl><dt><span class="section"><a href="#sect-Defensive_Coding-TLS-Pitfalls">13.1. Common Pitfalls</a></span></dt><dd><dl><dt><span class="section"><a href="#sect-Defensive_Coding-TLS-OpenSSL">13.1.1. OpenSSL Pitfalls</a></span></dt><dt><span class="section"><a href="#sect-Defensive_Coding-TLS-Pitfalls-GNUTLS">13.1.2. GNUTLS Pitfalls</a></span></dt><dt><span class="section"><a href="#sect-Defensive_Coding-TLS-Pitfalls-OpenJDK">13.1.3. OpenJDK Pitfalls</a></span></dt><dt><span class="section"><a href="#sect-Defensive_Coding-TLS-Pitfalls-NSS">13.1.4. NSS Pitfalls</a></span></dt></dl></dd><dt><span class="section"><a href="#sect-Defensive_Coding-TLS-Client">13.2. TLS Clients</a></span></dt><dd><dl><dt><span class="section"><a href="#idm217604048736">13.2.1. Implementation TLS Clients With OpenSSL</a></span></dt><dt><span class="section"><a href="#sect-Defensive_Coding-TLS-C
lient-GNUTLS">13.2.2. Implementation TLS Clients With GNUTLS</a></span></dt><dt><span class="section"><a href="#sect-Defensive_Coding-TLS-Client-OpenJDK">13.2.3. Implementing TLS Clients With OpenJDK</a></span></dt><dt><span class="section"><a href="#sect-Defensive_Coding-TLS-Client-NSS">13.2.4. Implementing TLS Clients With NSS</a></span></dt><dt><span class="section"><a href="#sect-Defensive_Coding-TLS-Client-Python">13.2.5. Implementing TLS Clients With Python</a></span></dt></dl></dd></dl></dd></dl></div><div xml:lang="en-US" class="chapter" id="chap-Defensive_Coding-Authentication" lang="en-US"><div class="titlepage"><div><div><h2 class="title">Chapter 12. Authentication and Authorization</h2></div></div></div><div class="toc"><dl class="toc"><dt><span class="section"><a href="#sect-Defensive_Coding-Authentication-Server">12.1. Authenticating servers</a></span></dt><dt><span class="section"><a href="#sect-Defensive_Coding-Authentication-Host_based">12.2. Host-based au
thentication</a></span></dt><dt><span class="section"><a href="#sect-Defensive_Coding-Authentication-UNIX_Domain">12.3. UNIX domain socket authentication</a></span></dt><dt><span class="section"><a href="#sect-Defensive_Coding-Authentication-Netlink">12.4. <code class="literal">AF_NETLINK</code> authentication of origin</a></span></dt></dl></div><div class="section" id="sect-Defensive_Coding-Authentication-Server"><div class="titlepage"><div><div keep-together.within-column="always"><h2 class="title">12.1. Authenticating servers</h2></div></div></div><div class="para">
+ </div></div></div><div xml:lang="en-US" class="chapter" id="chap-Defensive_Coding-Tasks-Packaging" lang="en-US"><div class="titlepage"><div><div><h2 class="title">Chapter 14. RPM packaging</h2></div></div></div><div class="toc"><dl class="toc"><dt><span class="section"><a href="#sect-Defensive_Coding-Tasks-Packaging-Certificates">14.1. Generating X.509 self-signed certificates during installation</a></span></dt><dt><span class="section"><a href="#sect-Defensive_Coding-Tasks-Packaging-Certificates-Service">14.2. Generating X.509 self-signed certificates before service start</a></span></dt></dl></div><div class="para">
+ This chapter deals with security-related concerns around RPM packaging. It has to be read in conjunction with distribution-specific packaging guidelines.
+ </div><div class="section" id="sect-Defensive_Coding-Tasks-Packaging-Certificates"><div class="titlepage"><div><div keep-together.within-column="always"><h2 class="title">14.1. Generating X.509 self-signed certificates during installation</h2></div></div></div><div class="para">
+ Some applications need X.509 certificates for authentication purposes. For example, a single private/public key pair could be used to define cluster membership, enabling authentication and encryption of all intra-cluster communication. (Lack of certification from a CA matters less in such a context.) For such use, generating the key pair at package installation time when preparing system images for use in the cluster is reasonable. For other use cases, it is necessary to generate the key pair before the service is started for the first time, see <a class="xref" href="#sect-Defensive_Coding-Tasks-Packaging-Certificates-Service">Section 14.2, “Generating X.509 self-signed certificates before service start”</a>.
+ </div><div class="important"><div class="admonition_header"><h2>Important</h2></div><div class="admonition"><div class="para">
+ The way the key is generated may not be suitable for key material of critical value. (<code class="command">openssl genrsa</code> uses, but does not require, entropy from a physical source of randomness, among other things.) Such keys should be stored in a hardware security module if possible, and generated from random bits reserved for this purpose derived from a non-deterministic physical source.
+ </div></div></div><div class="para">
+ In the spec file, we define two RPM variables which contain the names of the files used to store the private and public key, and the user name for the service:
+ </div><div class="informalexample"><pre class="programlisting">
+<span class="perl_Comment"># Name of the user owning the file with the private key</span><span class="perl_Comment"></span>
+<span class="perl_Comment"></span><span class="perl_String">%define</span> tlsuser <span class="perl_String">%</span><span class="perl_Keyword">{name}</span>
+<span class="perl_Comment"># Name of the directory which contains the key and certificate files</span><span class="perl_Comment"></span>
+<span class="perl_Comment"></span><span class="perl_String">%define</span> tlsdir <span class="perl_String">%</span><span class="perl_Keyword">{_sysconfdir}</span>/<span class="perl_String">%</span><span class="perl_Keyword">{name}</span>
+<span class="perl_String">%define</span> tlskey <span class="perl_String">%</span><span class="perl_Keyword">{tlsdir}</span>/<span class="perl_String">%</span><span class="perl_Keyword">{name}</span>.key
+<span class="perl_String">%define</span> tlscert <span class="perl_String">%</span><span class="perl_Keyword">{tlsdir}</span>/<span class="perl_String">%</span><span class="perl_Keyword">{name}</span>.crt
+</pre></div><div class="para">
+ These variables likely need adjustment based on the needs of the package.
+ </div><div class="para">
+ Typically, the file with the private key needs to be owned by the system user which needs to read it, <code class="literal">%{tlsuser}</code> (not <code class="literal">root</code>). In order to avoid races, if the <span class="emphasis"><em>directory</em></span> <code class="literal">%{tlsdir}</code> is <span class="emphasis"><em>owned by the services user</em></span>, you should use the code in <a class="xref" href="#ex-Defensive_Coding-Packaging-Certificates-Owned">Example 14.1, “Creating a key pair in a user-owned directory”</a>. The invocation of <span class="application"><strong>su</strong></span> with the <code class="option">-s /bin/bash</code> argument is necessary in case the login shell for the user has been disabled.
+ </div><div class="example" id="ex-Defensive_Coding-Packaging-Certificates-Owned"><h6>Example 14.1. Creating a key pair in a user-owned directory</h6><div class="example-contents"><pre class="programlisting">
+%post
+<span class="perl_Keyword">if</span><span class="perl_Reserved"> [</span> <span class="perl_Others">$1</span> -eq 1<span class="perl_Reserved"> ]</span> ; <span class="perl_Keyword">then</span>
+ <span class="perl_Keyword">if</span> ! <span class="perl_Reserved">test</span> -e %<span class="perl_DataType">{tlskey}</span> ; <span class="perl_Keyword">then</span>
+ <span class="perl_BString">su</span> -s /bin/bash \
+ -c <span class="perl_String">"umask 077 && openssl genrsa -out %{tlskey} 2048 2>/dev/null"</span> \
+ %<span class="perl_DataType">{tlsuser}</span>
+ <span class="perl_Keyword">fi</span>
+ <span class="perl_Keyword">if</span> ! <span class="perl_Reserved">test</span> -e %<span class="perl_DataType">{tlscert}</span> ; <span class="perl_Keyword">then</span>
+ <span class="perl_Others">cn=</span><span class="perl_String">"Automatically generated certificate for the %{tlsuser} service"</span>
+ <span class="perl_Others">req_args=</span><span class="perl_String">"-key %{tlskey} -out %{tlscert} -days 7305 -subj </span><span class="perl_DataType">\"</span><span class="perl_String">/CN=</span><span class="perl_Others">$cn</span><span class="perl_String">/</span><span class="perl_DataType">\"</span><span class="perl_String">"</span>
+ <span class="perl_BString">su</span> -s /bin/bash \
+ -c <span class="perl_String">"openssl req -new -x509 -extensions usr_cert </span><span class="perl_Others">$req_args</span><span class="perl_String">"</span> \
+ %<span class="perl_DataType">{tlsuser}</span>
+ <span class="perl_Keyword">fi</span>
+<span class="perl_Keyword">fi</span>
+
+%files
+%<span class="perl_BString">dir</span> %attr<span class="perl_Keyword">(</span>0755,%<span class="perl_DataType">{tlsuser}</span>,%{tlsuser]<span class="perl_Keyword">)</span> %<span class="perl_DataType">{tlsdir}</span>
+%ghost %attr<span class="perl_Keyword">(</span>0600,%<span class="perl_DataType">{tlsuser},%{tlsuser}</span><span class="perl_Keyword">)</span> %config<span class="perl_Keyword">(</span>noreplace<span class="perl_Keyword">)</span> %<span class="perl_DataType">{tlskey}</span>
+%ghost %attr<span class="perl_Keyword">(</span>0644,%<span class="perl_DataType">{tlsuser},%{tlsuser}</span><span class="perl_Keyword">)</span> %config<span class="perl_Keyword">(</span>noreplace<span class="perl_Keyword">)</span> %<span class="perl_DataType">{tlscert}</span>
+</pre></div></div><br class="example-break" /><div class="para">
+ The files containing the key material are marked as ghost configuration files. This ensures that they are tracked in the RPM database as associated with the package, but RPM will not create them when the package is installed and not verify their contents (the <code class="literal">%ghost</code>), or delete the files when the package is uninstalled (the <code class="literal">%config(noreplace)</code> part).
+ </div><div class="para">
+ If the <span class="emphasis"><em>directory</em></span> <code class="literal">%{tlsdir}</code> <span class="emphasis"><em>is owned by</em></span> <code class="literal">root</code>, use the code in <a class="xref" href="#ex-Defensive_Coding-Packaging-Certificates-Unowned">Example 14.2, “Creating a key pair in a <code class="literal">root</code>-owned directory”</a>.
+ </div><div class="example" id="ex-Defensive_Coding-Packaging-Certificates-Unowned"><h6>Example 14.2. Creating a key pair in a <code class="literal">root</code>-owned directory</h6><div class="example-contents"><pre class="programlisting">
+%post
+<span class="perl_Keyword">if</span><span class="perl_Reserved"> [</span> <span class="perl_Others">$1</span> -eq 1<span class="perl_Reserved"> ]</span> ; <span class="perl_Keyword">then</span>
+ <span class="perl_Keyword">if</span> ! <span class="perl_Reserved">test</span> -e %<span class="perl_DataType">{tlskey}</span> ; <span class="perl_Keyword">then</span>
+ <span class="perl_Keyword">(</span><span class="perl_Reserved">umask</span> 077 <span class="perl_Keyword">&&</span> openssl genrsa -out %<span class="perl_DataType">{tlskey}</span> 2048 <span class="perl_Operator">2></span>/dev/null<span class="perl_Keyword">)</span>
+ <span class="perl_BString">chown</span> %<span class="perl_DataType">{tlsuser}</span> %<span class="perl_DataType">{tlskey}</span>
+ <span class="perl_Keyword">fi</span>
+ <span class="perl_Keyword">if</span> ! <span class="perl_Reserved">test</span> -e %<span class="perl_DataType">{tlscert}</span> ; <span class="perl_Keyword">then</span>
+ <span class="perl_Others">cn=</span><span class="perl_String">"Automatically generated certificate for the %{tlsuser} service"</span>
+ openssl req -new -x509 -extensions usr_cert \
+ -key %<span class="perl_DataType">{tlskey}</span> -out %<span class="perl_DataType">{tlscert}</span> -days 7305 -subj <span class="perl_String">"/CN=</span><span class="perl_Others">$cn</span><span class="perl_String">/"</span>
+ <span class="perl_Keyword">fi</span>
+<span class="perl_Keyword">fi</span>
+
+%files
+%<span class="perl_BString">dir</span> %attr<span class="perl_Keyword">(</span>0755,root,root]<span class="perl_Keyword">)</span> %<span class="perl_DataType">{tlsdir}</span>
+%ghost %attr<span class="perl_Keyword">(</span>0600,%<span class="perl_DataType">{tlsuser},%{tlsuser}</span><span class="perl_Keyword">)</span> %config<span class="perl_Keyword">(</span>noreplace<span class="perl_Keyword">)</span> %<span class="perl_DataType">{tlskey}</span>
+%ghost %attr<span class="perl_Keyword">(</span>0644,root,root<span class="perl_Keyword">)</span> %config<span class="perl_Keyword">(</span>noreplace<span class="perl_Keyword">)</span> %<span class="perl_DataType">{tlscert}</span>
+</pre></div></div><br class="example-break" /><div class="para">
+ In order for this to work, the package which generates the keys must require the <span class="application"><strong>openssl</strong></span> package. If the user which owns the key file is generated by a different package, the package generating the certificate must specify a <code class="literal">Requires(pre):</code> on the package which creates the user. This ensures that the user account will exist when it is needed for the <span class="application"><strong>su</strong></span> or <span class="application"><strong>chmod</strong></span> invocation.
+ </div></div><div class="section" id="sect-Defensive_Coding-Tasks-Packaging-Certificates-Service"><div class="titlepage"><div><div keep-together.within-column="always"><h2 class="title">14.2. Generating X.509 self-signed certificates before service start</h2></div></div></div><div class="para">
+ An alternative way to automatically provide an X.509 key pair is to create it just before the service is started for the first time. This ensures that installation images which are created from installed RPM packages receive different key material. Creating the key pair at package installation time (see <a class="xref" href="#sect-Defensive_Coding-Tasks-Packaging-Certificates">Section 14.1, “Generating X.509 self-signed certificates during installation”</a>) would put the key into the image, which may or may not make sense.
+ </div><div class="important"><div class="admonition_header"><h2>Important</h2></div><div class="admonition"><div class="para">
+ The caveats about the way the key is generated in <a class="xref" href="#sect-Defensive_Coding-Tasks-Packaging-Certificates">Section 14.1, “Generating X.509 self-signed certificates during installation”</a> apply to this procedure as well.
+ </div></div></div><div class="para">
+ Generating key material before service start may happen very early during boot, when the kernel randomness pool has not yet been initialized. Currently, the only way to check for the initialization is to look for the kernel message <code class="literal">random: nonblocking pool is initialized</code>. In theory, it is also possible to read from <code class="filename">/dev/random</code> while generating the key material (instead of <code class="filename">/dev/urandom</code>), but this can block not just during the boot process, but also much later at run time, and generally results in a poor user experience.
+ </div></div></div></div><div class="part" id="idm225439368352"><div class="titlepage"><div><div text-align="center"><h1 class="title">Part III. Implementing Security Features</h1></div></div></div><div class="toc"><p><strong>Table of Contents</strong></p><dl class="toc"><dt><span class="chapter"><a href="#chap-Defensive_Coding-Authentication">15. Authentication and Authorization</a></span></dt><dd><dl><dt><span class="section"><a href="#sect-Defensive_Coding-Authentication-Server">15.1. Authenticating servers</a></span></dt><dt><span class="section"><a href="#sect-Defensive_Coding-Authentication-Host_based">15.2. Host-based authentication</a></span></dt><dt><span class="section"><a href="#sect-Defensive_Coding-Authentication-UNIX_Domain">15.3. UNIX domain socket authentication</a></span></dt><dt><span class="section"><a href="#sect-Defensive_Coding-Authentication-Netlink">15.4. <code class="literal">AF_NETLINK</code> authentication of origin</a></span></dt></dl></dd><dt>
<span class="chapter"><a href="#chap-Defensive_Coding-TLS">16. Transport Layer Security</a></span></dt><dd><dl><dt><span class="section"><a href="#sect-Defensive_Coding-TLS-Pitfalls">16.1. Common Pitfalls</a></span></dt><dd><dl><dt><span class="section"><a href="#sect-Defensive_Coding-TLS-OpenSSL">16.1.1. OpenSSL Pitfalls</a></span></dt><dt><span class="section"><a href="#sect-Defensive_Coding-TLS-Pitfalls-GNUTLS">16.1.2. GNUTLS Pitfalls</a></span></dt><dt><span class="section"><a href="#sect-Defensive_Coding-TLS-Pitfalls-OpenJDK">16.1.3. OpenJDK Pitfalls</a></span></dt><dt><span class="section"><a href="#sect-Defensive_Coding-TLS-Pitfalls-NSS">16.1.4. NSS Pitfalls</a></span></dt></dl></dd><dt><span class="section"><a href="#sect-Defensive_Coding-TLS-Client">16.2. TLS Clients</a></span></dt><dd><dl><dt><span class="section"><a href="#idm225459421792">16.2.1. Implementation TLS Clients With OpenSSL</a></span></dt><dt><span class="section"><a href="#sect-Defensive_Coding-TLS-C
lient-GNUTLS">16.2.2. Implementation TLS Clients With GNUTLS</a></span></dt><dt><span class="section"><a href="#sect-Defensive_Coding-TLS-Client-OpenJDK">16.2.3. Implementing TLS Clients With OpenJDK</a></span></dt><dt><span class="section"><a href="#sect-Defensive_Coding-TLS-Client-NSS">16.2.4. Implementing TLS Clients With NSS</a></span></dt><dt><span class="section"><a href="#sect-Defensive_Coding-TLS-Client-Python">16.2.5. Implementing TLS Clients With Python</a></span></dt></dl></dd></dl></dd></dl></div><div xml:lang="en-US" class="chapter" id="chap-Defensive_Coding-Authentication" lang="en-US"><div class="titlepage"><div><div><h2 class="title">Chapter 15. Authentication and Authorization</h2></div></div></div><div class="toc"><dl class="toc"><dt><span class="section"><a href="#sect-Defensive_Coding-Authentication-Server">15.1. Authenticating servers</a></span></dt><dt><span class="section"><a href="#sect-Defensive_Coding-Authentication-Host_based">15.2. Host-based au
thentication</a></span></dt><dt><span class="section"><a href="#sect-Defensive_Coding-Authentication-UNIX_Domain">15.3. UNIX domain socket authentication</a></span></dt><dt><span class="section"><a href="#sect-Defensive_Coding-Authentication-Netlink">15.4. <code class="literal">AF_NETLINK</code> authentication of origin</a></span></dt></dl></div><div class="section" id="sect-Defensive_Coding-Authentication-Server"><div class="titlepage"><div><div keep-together.within-column="always"><h2 class="title">15.1. Authenticating servers</h2></div></div></div><div class="para">
When connecting to a server, a client has to make sure that it is actually talking to the server it expects. There are two different aspects, securing the network path, and making sure that the expected user runs the process on the target host. There are several ways to ensure that:
</div><div class="itemizedlist"><ul><li class="listitem"><div class="para">
The server uses a TLS certificate which is valid according to the web browser public key infrastructure, and the client verifies the certificate and the host name.
@@ -1444,10 +1699,10 @@ validator.<span class="perl_Function">validate</span>(<span class="perl_Keyword"
</div></li><li class="listitem"><div class="para">
Port numbers less than 1024 (<span class="emphasis"><em>trusted ports</em></span>) can only be used by <code class="literal">root</code>, so if a UDP or TCP server is running on the local host and it uses a trusted port, its identity is assured. (Not all operating systems enforce the trusted ports concept, and the network might not be trusted, so it is only useful on the local system.)
</div></li></ul></div><div class="para">
- TLS (<a class="xref" href="#chap-Defensive_Coding-TLS">Chapter 13, <em>Transport Layer Security</em></a>) is the recommended way for securing connections over untrusted networks.
+ TLS (<a class="xref" href="#chap-Defensive_Coding-TLS">Chapter 16, <em>Transport Layer Security</em></a>) is the recommended way for securing connections over untrusted networks.
</div><div class="para">
If the server port number is 1024 is higher, a local user can impersonate the process by binding to this socket, perhaps after crashing the real server by exploiting a denial-of-service vulnerability.
- </div></div><div class="section" id="sect-Defensive_Coding-Authentication-Host_based"><div class="titlepage"><div><div keep-together.within-column="always"><h2 class="title">12.2. Host-based authentication</h2></div></div></div><div class="para">
+ </div></div><div class="section" id="sect-Defensive_Coding-Authentication-Host_based"><div class="titlepage"><div><div keep-together.within-column="always"><h2 class="title">15.2. Host-based authentication</h2></div></div></div><div class="para">
Host-based authentication uses access control lists (ACLs) to accept or deny requests from clients. Thsis authentication method comes in two flavors: IP-based (or, more generally, address-based) and name-based (with the name coming from DNS or <code class="filename">/etc/hosts</code>). IP-based ACLs often use prefix notation to extend access to entire subnets. Name-based ACLs sometimes use wildcards for adding groups of hosts (from entire DNS subtrees). (In the SSH context, host-based authentication means something completely different and is not covered in this section.)
</div><div class="para">
Host-based authentication trust the network and may not offer sufficient granularity, so it has to be considered a weak form of authentication. On the other hand, IP-based authentication can be made extremely robust and can be applied very early in input processing, so it offers an opportunity for significantly reducing the number of potential attackers for many services.
@@ -1459,7 +1714,7 @@ validator.<span class="perl_Function">validate</span>(<span class="perl_Keyword"
Similarly, if an address or name is not matched by the list, it should be denied. However, many implementations behave differently, so the actual behavior must be documented properly.
</div><div class="para">
IPv6 addresses can embed IPv4 addresses. There is no universally correct way to deal with this ambiguity. The behavior of the ACL implementation should be documented.
- </div></div><div class="section" id="sect-Defensive_Coding-Authentication-UNIX_Domain"><div class="titlepage"><div><div keep-together.within-column="always"><h2 class="title">12.3. UNIX domain socket authentication</h2></div></div></div><div class="para">
+ </div></div><div class="section" id="sect-Defensive_Coding-Authentication-UNIX_Domain"><div class="titlepage"><div><div keep-together.within-column="always"><h2 class="title">15.3. UNIX domain socket authentication</h2></div></div></div><div class="para">
UNIX domain sockets (with address family <code class="literal">AF_UNIX</code> or <code class="literal">AF_LOCAL</code>) are restricted to the local host and offer a special authentication mechanism: credentials passing.
</div><div class="para">
Nowadays, most systems support the <code class="literal">SO_PEERCRED</code> (Linux) or <code class="literal">LOCAL_PEERCRED</code> (FreeBSD) socket options, or the <code class="function">getpeereid</code> (other BSDs, MacOS X). These interfaces provide direct access to the (effective) user ID on the other end of a domain socket connect, without cooperation from the other end.
@@ -1467,15 +1722,15 @@ validator.<span class="perl_Function">validate</span>(<span class="perl_Keyword"
Historically, credentials passing was implemented using ancillary data in the <code class="function">sendmsg</code> and <code class="function">recvmsg</code> functions. On some systems, only credentials data that the peer has explicitly sent can be received, and the kernel checks the data for correctness on the sending side. This means that both peers need to deal with ancillary data. Compared to that, the modern interfaces are easier to use. Both sets of interfaces vary considerably among UNIX-like systems, unfortunately.
</div><div class="para">
If you want to authenticate based on supplementary groups, you should obtain the user ID using one of these methods, and look up the list of supplementary groups using <code class="function">getpwuid</code> (or <code class="function">getpwuid_r</code>) and <code class="function">getgrouplist</code>. Using the PID and information from <code class="filename">/proc/PID/status</code> is prone to race conditions and insecure.
- </div></div><div class="section" id="sect-Defensive_Coding-Authentication-Netlink"><div class="titlepage"><div><div keep-together.within-column="always"><h2 class="title">12.4. <code class="literal">AF_NETLINK</code> authentication of origin</h2></div></div></div><div class="para">
+ </div></div><div class="section" id="sect-Defensive_Coding-Authentication-Netlink"><div class="titlepage"><div><div keep-together.within-column="always"><h2 class="title">15.4. <code class="literal">AF_NETLINK</code> authentication of origin</h2></div></div></div><div class="para">
Netlink messages are used as a high-performance data transfer mechanism between the kernel and the userspace. Traditionally, they are used to exchange information related to the network statck, such as routing table entries.
</div><div class="para">
When processing Netlink messages from the kernel, it is important to check that these messages actually originate from the kernel, by checking that the port ID (or PID) field <code class="literal">nl_pid</code> in the <code class="literal">sockaddr_nl</code> structure is <code class="literal">0</code>. (This structure can be obtained using <code class="function">recvfrom</code> or <code class="function">recvmsg</code>, it is different from the <code class="literal">nlmsghdr</code> structure.) The kernel does not prevent other processes from sending unicast Netlink messages, but the <code class="literal">nl_pid</code> field in the sender's socket address will be non-zero in such cases.
</div><div class="para">
Applications should not use <code class="literal">AF_NETLINK</code> sockets as an IPC mechanism among processes, but prefer UNIX domain sockets for this tasks.
- </div></div></div><div xml:lang="en-US" class="chapter" id="chap-Defensive_Coding-TLS" lang="en-US"><div class="titlepage"><div><div><h2 class="title">Chapter 13. Transport Layer Security</h2></div></div></div><div class="toc"><dl class="toc"><dt><span class="section"><a href="#sect-Defensive_Coding-TLS-Pitfalls">13.1. Common Pitfalls</a></span></dt><dd><dl><dt><span class="section"><a href="#sect-Defensive_Coding-TLS-OpenSSL">13.1.1. OpenSSL Pitfalls</a></span></dt><dt><span class="section"><a href="#sect-Defensive_Coding-TLS-Pitfalls-GNUTLS">13.1.2. GNUTLS Pitfalls</a></span></dt><dt><span class="section"><a href="#sect-Defensive_Coding-TLS-Pitfalls-OpenJDK">13.1.3. OpenJDK Pitfalls</a></span></dt><dt><span class="section"><a href="#sect-Defensive_Coding-TLS-Pitfalls-NSS">13.1.4. NSS Pitfalls</a></span></dt></dl></dd><dt><span class="section"><a href="#sect-Defensive_Coding-TLS-Client">13.2. TLS Clients</a></span></dt><dd><dl><dt><span class="section"><a href="#idm2176
04048736">13.2.1. Implementation TLS Clients With OpenSSL</a></span></dt><dt><span class="section"><a href="#sect-Defensive_Coding-TLS-Client-GNUTLS">13.2.2. Implementation TLS Clients With GNUTLS</a></span></dt><dt><span class="section"><a href="#sect-Defensive_Coding-TLS-Client-OpenJDK">13.2.3. Implementing TLS Clients With OpenJDK</a></span></dt><dt><span class="section"><a href="#sect-Defensive_Coding-TLS-Client-NSS">13.2.4. Implementing TLS Clients With NSS</a></span></dt><dt><span class="section"><a href="#sect-Defensive_Coding-TLS-Client-Python">13.2.5. Implementing TLS Clients With Python</a></span></dt></dl></dd></dl></div><div class="para">
+ </div></div></div><div xml:lang="en-US" class="chapter" id="chap-Defensive_Coding-TLS" lang="en-US"><div class="titlepage"><div><div><h2 class="title">Chapter 16. Transport Layer Security</h2></div></div></div><div class="toc"><dl class="toc"><dt><span class="section"><a href="#sect-Defensive_Coding-TLS-Pitfalls">16.1. Common Pitfalls</a></span></dt><dd><dl><dt><span class="section"><a href="#sect-Defensive_Coding-TLS-OpenSSL">16.1.1. OpenSSL Pitfalls</a></span></dt><dt><span class="section"><a href="#sect-Defensive_Coding-TLS-Pitfalls-GNUTLS">16.1.2. GNUTLS Pitfalls</a></span></dt><dt><span class="section"><a href="#sect-Defensive_Coding-TLS-Pitfalls-OpenJDK">16.1.3. OpenJDK Pitfalls</a></span></dt><dt><span class="section"><a href="#sect-Defensive_Coding-TLS-Pitfalls-NSS">16.1.4. NSS Pitfalls</a></span></dt></dl></dd><dt><span class="section"><a href="#sect-Defensive_Coding-TLS-Client">16.2. TLS Clients</a></span></dt><dd><dl><dt><span class="section"><a href="#idm2254
59421792">16.2.1. Implementation TLS Clients With OpenSSL</a></span></dt><dt><span class="section"><a href="#sect-Defensive_Coding-TLS-Client-GNUTLS">16.2.2. Implementation TLS Clients With GNUTLS</a></span></dt><dt><span class="section"><a href="#sect-Defensive_Coding-TLS-Client-OpenJDK">16.2.3. Implementing TLS Clients With OpenJDK</a></span></dt><dt><span class="section"><a href="#sect-Defensive_Coding-TLS-Client-NSS">16.2.4. Implementing TLS Clients With NSS</a></span></dt><dt><span class="section"><a href="#sect-Defensive_Coding-TLS-Client-Python">16.2.5. Implementing TLS Clients With Python</a></span></dt></dl></dd></dl></div><div class="para">
Transport Layer Security (TLS, formerly Secure Sockets Layer/SSL) is the recommended way to to protect integrity and confidentiality while data is transferred over an untrusted network connection, and to identify the endpoint.
- </div><div class="section" id="sect-Defensive_Coding-TLS-Pitfalls"><div class="titlepage"><div><div keep-together.within-column="always"><h2 class="title">13.1. Common Pitfalls</h2></div></div></div><div class="para">
+ </div><div class="section" id="sect-Defensive_Coding-TLS-Pitfalls"><div class="titlepage"><div><div keep-together.within-column="always"><h2 class="title">16.1. Common Pitfalls</h2></div></div></div><div class="para">
TLS implementations are difficult to use, and most of them lack a clean API design. The following sections contain implementation-specific advice, and some generic pitfalls are mentioned below.
</div><div class="itemizedlist"><ul><li class="listitem"><div class="para">
Most TLS implementations have questionable default TLS cipher suites. Most of them enable anonymous Diffie-Hellman key exchange (but we generally want servers to authenticate themselves). Many do not disable ciphers which are subject to brute-force attacks because of restricted key lengths. Some even disable all variants of AES in the default configuration.
@@ -1485,7 +1740,7 @@ validator.<span class="perl_Function">validate</span>(<span class="perl_Keyword"
The name which is used in certificate validation must match the name provided by the user or configuration file. No host name canonicalization or IP address lookup must be performed.
</div></li><li class="listitem"><div class="para">
The TLS handshake has very poor performance if the TCP Nagle algorithm is active. You should switch on the <code class="literal">TCP_NODELAY</code> socket option (at least for the duration of the handshake), or use the Linux-specific <code class="literal">TCP_CORK</code> option.
- </div><div class="example" id="ex-Defensive_Coding-TLS-Nagle"><h6>Example 13.1. Deactivating the TCP Nagle algorithm</h6><div class="example-contents"><pre xml:lang="en-US" class="programlisting" lang="en-US">
+ </div><div class="example" id="ex-Defensive_Coding-TLS-Nagle"><h6>Example 16.1. Deactivating the TCP Nagle algorithm</h6><div class="example-contents"><pre xml:lang="en-US" class="programlisting" lang="en-US">
<span class="perl_DataType">const</span> <span class="perl_DataType">int</span> val = <span class="perl_Float">1</span>;
<span class="perl_DataType">int</span> ret = setsockopt(sockfd, IPPROTO_TCP, TCP_NODELAY, &val, <span class="perl_Keyword">sizeof</span>(val));
<span class="perl_Keyword">if</span> (ret < 0) {
@@ -1499,8 +1754,8 @@ validator.<span class="perl_Function">validate</span>(<span class="perl_Keyword"
</div></li><li class="listitem"><div class="para">
When implementing a server using event-driven programming, it is important to handle the TLS handshake properly because it includes multiple network round-trips which can block when an ordinary TCP <code class="function">accept</code> would not. Otherwise, a client which fails to complete the TLS handshake for some reason will prevent the server from handling input from other clients.
</div></li><li class="listitem"><div class="para">
- Unlike regular file descriptors, TLS connections cannot be passed between processes. Some TLS implementations add additional restrictions, and TLS connections generally cannot be used across <code class="function">fork</code> function calls (see <a class="xref" href="#sect-Defensive_Coding-Tasks-Processes-Fork-Parallel">Section 9.6, “<code class="function">fork</code> as a primitive for parallelism”</a>).
- </div></li></ul></div><div class="section" id="sect-Defensive_Coding-TLS-OpenSSL"><div class="titlepage"><div><div keep-together.within-column="always"><h3 class="title">13.1.1. OpenSSL Pitfalls</h3></div></div></div><div class="para">
+ Unlike regular file descriptors, TLS connections cannot be passed between processes. Some TLS implementations add additional restrictions, and TLS connections generally cannot be used across <code class="function">fork</code> function calls (see <a class="xref" href="#sect-Defensive_Coding-Tasks-Processes-Fork-Parallel">Section 11.6, “<code class="function">fork</code> as a primitive for parallelism”</a>).
+ </div></li></ul></div><div class="section" id="sect-Defensive_Coding-TLS-OpenSSL"><div class="titlepage"><div><div keep-together.within-column="always"><h3 class="title">16.1.1. OpenSSL Pitfalls</h3></div></div></div><div class="para">
Some OpenSSL function use <span class="emphasis"><em>tri-state return values</em></span>. Correct error checking is extremely important. Several functions return <code class="literal">int</code> values with the following meaning:
</div><div class="itemizedlist"><ul><li class="listitem"><div class="para">
The value <code class="literal">1</code> indicates success (for example, a successful signature verification).
@@ -1511,8 +1766,8 @@ validator.<span class="perl_Function">validate</span>(<span class="perl_Keyword"
</div></li></ul></div><div class="para">
Treating such tri-state return values as booleans can lead to security vulnerabilities. Note that some OpenSSL functions return boolean results or yet another set of status indicators. Each function needs to be checked individually.
</div><div class="para">
- Recovering precise error information is difficult. <a class="xref" href="#ex-Defensive_Coding-TLS-OpenSSL-Errors">Example 13.2, “Obtaining OpenSSL error codes”</a> shows how to obtain a more precise error code after a function call on an <code class="literal">SSL</code> object has failed. However, there are still cases where no detailed error information is available (e.g., if <code class="function">SSL_shutdown</code> fails due to a connection teardown by the other end).
- </div><div class="example" id="ex-Defensive_Coding-TLS-OpenSSL-Errors"><h6>Example 13.2. Obtaining OpenSSL error codes</h6><div class="example-contents"><pre xml:lang="en-US" class="programlisting" lang="en-US">
+ Recovering precise error information is difficult. <a class="xref" href="#ex-Defensive_Coding-TLS-OpenSSL-Errors">Example 16.2, “Obtaining OpenSSL error codes”</a> shows how to obtain a more precise error code after a function call on an <code class="literal">SSL</code> object has failed. However, there are still cases where no detailed error information is available (e.g., if <code class="function">SSL_shutdown</code> fails due to a connection teardown by the other end).
+ </div><div class="example" id="ex-Defensive_Coding-TLS-OpenSSL-Errors"><h6>Example 16.2. Obtaining OpenSSL error codes</h6><div class="example-contents"><pre xml:lang="en-US" class="programlisting" lang="en-US">
<span class="perl_DataType">static</span> <span class="perl_DataType">void</span> __attribute__((noreturn))
ssl_print_error_and_exit(SSL *ssl, <span class="perl_DataType">const</span> <span class="perl_DataType">char</span> *op, <span class="perl_DataType">int</span> ret)
{
@@ -1547,10 +1802,12 @@ ssl_print_error_and_exit(SSL *ssl, <span class="perl_DataType">const</span> <spa
</div><div class="para">
The command line tools do not always indicate failure in the exit status of the <span class="application"><strong>openssl</strong></span> process. For instance, a verification failure in <code class="command">openssl verify</code> result in an exit status of zero.
</div><div class="para">
+ OpenSSL command-line commands, such as <code class="command">openssl genrsa</code>, do not ensure that physical entropy is used for key generation—they obtain entropy from <code class="filename">/dev/urandom</code> and other sources, but not from <code class="filename">/dev/random</code>. This can result in weak keys if the system lacks a proper entropy source (e.g., a virtual machine with solid state storage). Depending on local policies, keys generated by these OpenSSL tools should not be used in high-value, critical functions.
+ </div><div class="para">
The OpenSSL server and client applications (<code class="command">openssl s_client</code> and <code class="command">openssl s_server</code>) are debugging tools and should <span class="emphasis"><em>never</em></span> be used as generic clients. For instance, the <span class="application"><strong>s_client</strong></span> tool reacts in a surprisign way to lines starting with <code class="literal">R</code> and <code class="literal">Q</code>.
</div><div class="para">
OpenSSL allows application code to access private key material over documented interfaces. This can significantly increase the part of the code base which has to undergo security certification.
- </div></div><div class="section" id="sect-Defensive_Coding-TLS-Pitfalls-GNUTLS"><div class="titlepage"><div><div keep-together.within-column="always"><h3 class="title">13.1.2. GNUTLS Pitfalls</h3></div></div></div><div class="para">
+ </div></div><div class="section" id="sect-Defensive_Coding-TLS-Pitfalls-GNUTLS"><div class="titlepage"><div><div keep-together.within-column="always"><h3 class="title">16.1.2. GNUTLS Pitfalls</h3></div></div></div><div class="para">
<code class="filename">libgnutls.so.26</code> links to <code class="filename">libpthread.so.0</code>. Loading the threading library too late causes problems, so the main program should be linked with <code class="literal">-lpthread</code> as well. As a result, it can be difficult to use GNUTLS in a plugin which is loaded with the <code class="function">dlopen</code> function. Another side effect is that applications which merely link against GNUTLS (even without actually using it) may incur a substantial overhead because other libraries automatically switch to thread-safe algorithms.
</div><div class="para">
The <code class="function">gnutls_global_init</code> function must be called before using any functionality provided by the library. This function is not thread-safe, so external locking is required, but it is not clear which lock should be used. Omitting the synchronization does not just lead to a memory leak, as it is suggested in the GNUTLS documentation, but to undefined behavior because there is no barrier that would enforce memory ordering.
@@ -1558,19 +1815,19 @@ ssl_print_error_and_exit(SSL *ssl, <span class="perl_DataType">const</span> <spa
The <code class="function">gnutls_global_deinit</code> function does not actually deallocate all resources allocated by <code class="function">gnutls_global_init</code>. It is currently not thread-safe. Therefore, it is best to avoid calling it altogether.
</div><div class="para">
The X.509 implementation in GNUTLS is rather lenient. For example, it is possible to create and process X.509 version 1 certificates which carry extensions. These certificates are (correctly) rejected by other implementations.
- </div></div><div class="section" id="sect-Defensive_Coding-TLS-Pitfalls-OpenJDK"><div class="titlepage"><div><div keep-together.within-column="always"><h3 class="title">13.1.3. OpenJDK Pitfalls</h3></div></div></div><div class="para">
+ </div></div><div class="section" id="sect-Defensive_Coding-TLS-Pitfalls-OpenJDK"><div class="titlepage"><div><div keep-together.within-column="always"><h3 class="title">16.1.3. OpenJDK Pitfalls</h3></div></div></div><div class="para">
The Java cryptographic framework is highly modular. As a result, when you request an object implementing some cryptographic functionality, you cannot be completely sure that you end up with the well-tested, reviewed implementation in OpenJDK.
</div><div class="para">
OpenJDK (in the source code as published by Oracle) and other implementations of the Java platform require that the system administrator has installed so-called <span class="emphasis"><em>unlimited strength jurisdiction policy files</em></span>. Without this step, it is not possible to use the secure algorithms which offer sufficient cryptographic strength. Most downstream redistributors of OpenJDK remove this requirement.
</div><div class="para">
Some versions of OpenJDK use <code class="filename">/dev/random</code> as the randomness source for nonces and other random data which is needed for TLS operation, but does not actually require physical randomness. As a result, TLS applications can block, waiting for more bits to become available in <code class="filename">/dev/random</code>.
- </div></div><div class="section" id="sect-Defensive_Coding-TLS-Pitfalls-NSS"><div class="titlepage"><div><div keep-together.within-column="always"><h3 class="title">13.1.4. NSS Pitfalls</h3></div></div></div><div class="para">
+ </div></div><div class="section" id="sect-Defensive_Coding-TLS-Pitfalls-NSS"><div class="titlepage"><div><div keep-together.within-column="always"><h3 class="title">16.1.4. NSS Pitfalls</h3></div></div></div><div class="para">
NSS was not designed to be used by other libraries which can be linked into applications without modifying them. There is a lot of global state. There does not seem to be a way to perform required NSS initialization without race conditions.
</div><div class="para">
If the NSPR descriptor is in an unexpected state, the <code class="function">SSL_ForceHandshake</code> function can succeed, but no TLS handshake takes place, the peer is not authenticated, and subsequent data is exchanged in the clear.
</div><div class="para">
NSS disables itself if it detects that the process underwent a <code class="function">fork</code> after the library has been initialized. This behavior is required by the PKCS#11 API specification.
- </div></div></div><div class="section" id="sect-Defensive_Coding-TLS-Client"><div class="titlepage"><div><div keep-together.within-column="always"><h2 class="title">13.2. TLS Clients</h2></div></div></div><div class="para">
+ </div></div></div><div class="section" id="sect-Defensive_Coding-TLS-Client"><div class="titlepage"><div><div keep-together.within-column="always"><h2 class="title">16.2. TLS Clients</h2></div></div></div><div class="para">
Secure use of TLS in a client generally involves all of the following steps. (Individual instructions for specific TLS implementations follow in the next sections.)
</div><div class="itemizedlist"><ul><li class="listitem"><div class="para">
The client must configure the TLS library to use a set of trusted root certificates. These certificates are provided by the system in <code class="filename">/etc/ssl/certs</code> or files derived from it.
@@ -1586,11 +1843,11 @@ ssl_print_error_and_exit(SSL *ssl, <span class="perl_DataType">const</span> <spa
It is safe to provide users detailed diagnostics on certificate validation failures. Other causes of handshake failures and, generally speaking, any details on other errors reported by the TLS implementation (particularly exception tracebacks), must not be divulged in ways that make them accessible to potential attackers. Otherwise, it is possible to create decryption oracles.
</div><div class="important"><div class="admonition_header"><h2>Important</h2></div><div class="admonition"><div class="para">
Depending on the application, revocation checking (against certificate revocations lists or via OCSP) and session resumption are important aspects of production-quality client. These aspects are not yet covered.
- </div></div></div><div class="section" id="idm217604048736"><div class="titlepage"><div><div keep-together.within-column="always"><h3 class="title" id="idm217604048736">13.2.1. Implementation TLS Clients With OpenSSL</h3></div></div></div><div class="para">
+ </div></div></div><div class="section" id="idm225459421792"><div class="titlepage"><div><div keep-together.within-column="always"><h3 class="title" id="idm225459421792">16.2.1. Implementation TLS Clients With OpenSSL</h3></div></div></div><div class="para">
In the following code, the error handling is only exploratory. Proper error handling is required for production use, especially in libraries.
</div><div class="para">
- The OpenSSL library needs explicit initialization (see <a class="xref" href="#ex-Defensive_Coding-TLS-OpenSSL-Init">Example 13.3, “OpenSSL library initialization”</a>).
- </div><div class="example" id="ex-Defensive_Coding-TLS-OpenSSL-Init"><h6>Example 13.3. OpenSSL library initialization</h6><div class="example-contents"><pre xml:lang="en-US" class="programlisting" lang="en-US">
+ The OpenSSL library needs explicit initialization (see <a class="xref" href="#ex-Defensive_Coding-TLS-OpenSSL-Init">Example 16.3, “OpenSSL library initialization”</a>).
+ </div><div class="example" id="ex-Defensive_Coding-TLS-OpenSSL-Init"><h6>Example 16.3. OpenSSL library initialization</h6><div class="example-contents"><pre xml:lang="en-US" class="programlisting" lang="en-US">
<span class="perl_Comment">// The following call prints an error message and calls exit() if</span><span class="perl_Comment"></span>
<span class="perl_Comment"></span><span class="perl_Comment">// the OpenSSL configuration file is unreadable.</span><span class="perl_Comment"></span>
<span class="perl_Comment"></span>OPENSSL_config(NULL);
@@ -1599,8 +1856,8 @@ ssl_print_error_and_exit(SSL *ssl, <span class="perl_DataType">const</span> <spa
<span class="perl_Comment">// Register ciphers.</span><span class="perl_Comment"></span>
<span class="perl_Comment"></span>SSL_library_init();
</pre></div></div><br class="example-break" /><div class="para">
- After that, a context object has to be created, which acts as a factory for connection objects (<a class="xref" href="#ex-Defensive_Coding-TLS-Client-OpenSSL-CTX">Example 13.4, “OpenSSL client context creation”</a>). We use an explicit cipher list so that we do not pick up any strange ciphers when OpenSSL is upgraded. The actual version requested in the client hello depends on additional restrictions in the OpenSSL library. If possible, you should follow the example code and use the default list of trusted root certificate authorities provided by the system because you would have to maintain your own set otherwise, which can be cumbersome.
- </div><div class="example" id="ex-Defensive_Coding-TLS-Client-OpenSSL-CTX"><h6>Example 13.4. OpenSSL client context creation</h6><div class="example-contents"><pre xml:lang="en-US" class="programlisting" lang="en-US">
+ After that, a context object has to be created, which acts as a factory for connection objects (<a class="xref" href="#ex-Defensive_Coding-TLS-Client-OpenSSL-CTX">Example 16.4, “OpenSSL client context creation”</a>). We use an explicit cipher list so that we do not pick up any strange ciphers when OpenSSL is upgraded. The actual version requested in the client hello depends on additional restrictions in the OpenSSL library. If possible, you should follow the example code and use the default list of trusted root certificate authorities provided by the system because you would have to maintain your own set otherwise, which can be cumbersome.
+ </div><div class="example" id="ex-Defensive_Coding-TLS-Client-OpenSSL-CTX"><h6>Example 16.4. OpenSSL client context creation</h6><div class="example-contents"><pre xml:lang="en-US" class="programlisting" lang="en-US">
<span class="perl_Comment">// Configure a client connection context. Send a hendshake for the</span><span class="perl_Comment"></span>
<span class="perl_Comment"></span><span class="perl_Comment">// highest supported TLS version, and disable compression.</span><span class="perl_Comment"></span>
<span class="perl_Comment"></span><span class="perl_DataType">const</span> SSL_METHOD *<span class="perl_DataType">const</span> req_method = SSLv23_client_method();
@@ -1669,12 +1926,12 @@ SSL_CTX_set_options(ctx, SSL_OP_NO_SSLv2 | SSL_OP_NO_COMPRESSION);
</pre></div></div><br class="example-break" /><div class="para">
A single context object can be used to create multiple connection objects. It is safe to use the same <code class="literal">SSL_CTX</code> object for creating connections concurrently from multiple threads, provided that the <code class="literal">SSL_CTX</code> object is not modified (e.g., callbacks must not be changed).
</div><div class="para">
- After creating the TCP socket and disabling the Nagle algorithm (per <a class="xref" href="#ex-Defensive_Coding-TLS-Nagle">Example 13.1, “Deactivating the TCP Nagle algorithm”</a>), the actual connection object needs to be created, as show in <a class="xref" href="#ex-Defensive_Coding-TLS-Client-OpenSSL-CTX">Example 13.4, “OpenSSL client context creation”</a>. If the handshake started by <code class="function">SSL_connect</code> fails, the <code class="function">ssl_print_error_and_exit</code> function from <a class="xref" href="#ex-Defensive_Coding-TLS-OpenSSL-Errors">Example 13.2, “Obtaining OpenSSL error codes”</a> is called.
+ After creating the TCP socket and disabling the Nagle algorithm (per <a class="xref" href="#ex-Defensive_Coding-TLS-Nagle">Example 16.1, “Deactivating the TCP Nagle algorithm”</a>), the actual connection object needs to be created, as show in <a class="xref" href="#ex-Defensive_Coding-TLS-Client-OpenSSL-CTX">Example 16.4, “OpenSSL client context creation”</a>. If the handshake started by <code class="function">SSL_connect</code> fails, the <code class="function">ssl_print_error_and_exit</code> function from <a class="xref" href="#ex-Defensive_Coding-TLS-OpenSSL-Errors">Example 16.2, “Obtaining OpenSSL error codes”</a> is called.
</div><div class="para">
The <code class="function">certificate_validity_override</code> function provides an opportunity to override the validity of the certificate in case the OpenSSL check fails. If such functionality is not required, the call can be removed, otherwise, the application developer has to implement it.
</div><div class="para">
The host name passed to the functions <code class="function">SSL_set_tlsext_host_name</code> and <code class="function">X509_check_host</code> must be the name that was passed to <code class="function">getaddrinfo</code> or a similar name resolution function. No host name canonicalization must be performed. The <code class="function">X509_check_host</code> function used in the final step for host name matching is currently only implemented in OpenSSL 1.1, which is not released yet. In case host name matching fails, the function <code class="function">certificate_host_name_override</code> is called. This function should check user-specific certificate store, to allow a connection even if the host name does not match the certificate. This function has to be provided by the application developer. Note that the override must be keyed by both the certificate <span class="emphasis"><em>and</em></span> the host name.
- </div><div class="example" id="ex-Defensive_Coding-TLS-Client-OpenSSL-Connect"><h6>Example 13.5. Creating a client connection using OpenSSL</h6><div class="example-contents"><pre xml:lang="en-US" class="programlisting" lang="en-US">
+ </div><div class="example" id="ex-Defensive_Coding-TLS-Client-OpenSSL-Connect"><h6>Example 16.5. Creating a client connection using OpenSSL</h6><div class="example-contents"><pre xml:lang="en-US" class="programlisting" lang="en-US">
<span class="perl_Comment">// Create the connection object.</span><span class="perl_Comment"></span>
<span class="perl_Comment"></span>SSL *ssl = SSL_new(ctx);
<span class="perl_Keyword">if</span> (ssl == NULL) {
@@ -1725,8 +1982,8 @@ SSL_set_fd(ssl, sockfd);
X509_free(peercert);
</pre></div></div><br class="example-break" /><div class="para">
- The connection object can be used for sending and receiving data, as in <a class="xref" href="#ex-Defensive_Coding-TLS-OpenSSL-Connection-Use">Example 13.6, “Using an OpenSSL connection to send and receive data”</a>. It is also possible to create a <code class="literal">BIO</code> object and use the <code class="literal">SSL</code> object as the underlying transport, using <code class="function">BIO_set_ssl</code>.
- </div><div class="example" id="ex-Defensive_Coding-TLS-OpenSSL-Connection-Use"><h6>Example 13.6. Using an OpenSSL connection to send and receive data</h6><div class="example-contents"><pre xml:lang="en-US" class="programlisting" lang="en-US">
+ The connection object can be used for sending and receiving data, as in <a class="xref" href="#ex-Defensive_Coding-TLS-OpenSSL-Connection-Use">Example 16.6, “Using an OpenSSL connection to send and receive data”</a>. It is also possible to create a <code class="literal">BIO</code> object and use the <code class="literal">SSL</code> object as the underlying transport, using <code class="function">BIO_set_ssl</code>.
+ </div><div class="example" id="ex-Defensive_Coding-TLS-OpenSSL-Connection-Use"><h6>Example 16.6. Using an OpenSSL connection to send and receive data</h6><div class="example-contents"><pre xml:lang="en-US" class="programlisting" lang="en-US">
<span class="perl_DataType">const</span> <span class="perl_DataType">char</span> *<span class="perl_DataType">const</span> req = <span class="perl_String">"GET / HTTP/1.0</span><span class="perl_Char">\r\n\r\n</span><span class="perl_String">"</span>;
<span class="perl_Keyword">if</span> (SSL_write(ssl, req, strlen(req)) < 0) {
ssl_print_error_and_exit(ssl, <span class="perl_String">"SSL_write"</span>, ret);
@@ -1737,8 +1994,8 @@ ret = SSL_read(ssl, buf, <span class="perl_Keyword">sizeof</span>(buf));
ssl_print_error_and_exit(ssl, <span class="perl_String">"SSL_read"</span>, ret);
}
</pre></div></div><br class="example-break" /><div class="para">
- When it is time to close the connection, the <code class="function">SSL_shutdown</code> function needs to be called twice for an orderly, synchronous connection termination (<a class="xref" href="#ex-Defensive_Coding-TLS-OpenSSL-Connection-Close">Example 13.7, “Closing an OpenSSL connection in an orderly fashion”</a>). This exchanges <code class="literal">close_notify</code> alerts with the server. The additional logic is required to deal with an unexpected <code class="literal">close_notify</code> from the server. Note that is necessary to explicitly close the underlying socket after the connection object has been freed.
- </div><div class="example" id="ex-Defensive_Coding-TLS-OpenSSL-Connection-Close"><h6>Example 13.7. Closing an OpenSSL connection in an orderly fashion</h6><div class="example-contents"><pre xml:lang="en-US" class="programlisting" lang="en-US">
+ When it is time to close the connection, the <code class="function">SSL_shutdown</code> function needs to be called twice for an orderly, synchronous connection termination (<a class="xref" href="#ex-Defensive_Coding-TLS-OpenSSL-Connection-Close">Example 16.7, “Closing an OpenSSL connection in an orderly fashion”</a>). This exchanges <code class="literal">close_notify</code> alerts with the server. The additional logic is required to deal with an unexpected <code class="literal">close_notify</code> from the server. Note that is necessary to explicitly close the underlying socket after the connection object has been freed.
+ </div><div class="example" id="ex-Defensive_Coding-TLS-OpenSSL-Connection-Close"><h6>Example 16.7. Closing an OpenSSL connection in an orderly fashion</h6><div class="example-contents"><pre xml:lang="en-US" class="programlisting" lang="en-US">
<span class="perl_Comment">// Send the close_notify alert.</span><span class="perl_Comment"></span>
<span class="perl_Comment"></span>ret = SSL_shutdown(ssl);
<span class="perl_Keyword">switch</span> (ret) {
@@ -1764,20 +2021,20 @@ ret = SSL_read(ssl, buf, <span class="perl_Keyword">sizeof</span>(buf));
SSL_free(ssl);
close(sockfd);
</pre></div></div><br class="example-break" /><div class="para">
- <a class="xref" href="#ex-Defensive_Coding-TLS-OpenSSL-Context-Close">Example 13.8, “Closing an OpenSSL connection in an orderly fashion”</a> shows how to deallocate the context object when it is no longer needed because no further TLS connections will be established.
- </div><div class="example" id="ex-Defensive_Coding-TLS-OpenSSL-Context-Close"><h6>Example 13.8. Closing an OpenSSL connection in an orderly fashion</h6><div class="example-contents"><pre xml:lang="en-US" class="programlisting" lang="en-US">
+ <a class="xref" href="#ex-Defensive_Coding-TLS-OpenSSL-Context-Close">Example 16.8, “Closing an OpenSSL connection in an orderly fashion”</a> shows how to deallocate the context object when it is no longer needed because no further TLS connections will be established.
+ </div><div class="example" id="ex-Defensive_Coding-TLS-OpenSSL-Context-Close"><h6>Example 16.8. Closing an OpenSSL connection in an orderly fashion</h6><div class="example-contents"><pre xml:lang="en-US" class="programlisting" lang="en-US">
SSL_CTX_free(ctx);
-</pre></div></div><br class="example-break" /></div><div class="section" id="sect-Defensive_Coding-TLS-Client-GNUTLS"><div class="titlepage"><div><div keep-together.within-column="always"><h3 class="title">13.2.2. Implementation TLS Clients With GNUTLS</h3></div></div></div><div class="para">
+</pre></div></div><br class="example-break" /></div><div class="section" id="sect-Defensive_Coding-TLS-Client-GNUTLS"><div class="titlepage"><div><div keep-together.within-column="always"><h3 class="title">16.2.2. Implementation TLS Clients With GNUTLS</h3></div></div></div><div class="para">
This section describes how to implement a TLS client with full certificate validation (but without certificate revocation checking). Note that the error handling in is only exploratory and needs to be replaced before production use.
</div><div class="para">
The GNUTLS library needs explicit initialization:
</div><div class="informalexample" id="ex-Defensive_Coding-TLS-GNUTLS-Init"><pre xml:lang="en-US" class="programlisting" lang="en-US">
gnutls_global_init();
</pre></div><div class="para">
- Failing to do so can result in obscure failures in Base64 decoding. See <a class="xref" href="#sect-Defensive_Coding-TLS-Pitfalls-GNUTLS">Section 13.1.2, “GNUTLS Pitfalls”</a> for additional aspects of initialization.
+ Failing to do so can result in obscure failures in Base64 decoding. See <a class="xref" href="#sect-Defensive_Coding-TLS-Pitfalls-GNUTLS">Section 16.1.2, “GNUTLS Pitfalls”</a> for additional aspects of initialization.
</div><div class="para">
- Before setting up TLS connections, a credentials objects has to be allocated and initialized with the set of trusted root CAs (<a class="xref" href="#ex-Defensive_Coding-TLS-Client-GNUTLS-Credentials">Example 13.9, “Initializing a GNUTLS credentials structure”</a>).
- </div><div class="example" id="ex-Defensive_Coding-TLS-Client-GNUTLS-Credentials"><h6>Example 13.9. Initializing a GNUTLS credentials structure</h6><div class="example-contents"><pre xml:lang="en-US" class="programlisting" lang="en-US">
+ Before setting up TLS connections, a credentials objects has to be allocated and initialized with the set of trusted root CAs (<a class="xref" href="#ex-Defensive_Coding-TLS-Client-GNUTLS-Credentials">Example 16.9, “Initializing a GNUTLS credentials structure”</a>).
+ </div><div class="example" id="ex-Defensive_Coding-TLS-Client-GNUTLS-Credentials"><h6>Example 16.9. Initializing a GNUTLS credentials structure</h6><div class="example-contents"><pre xml:lang="en-US" class="programlisting" lang="en-US">
<span class="perl_Comment">// Load the trusted CA certificates.</span><span class="perl_Comment"></span>
<span class="perl_Comment"></span>gnutls_certificate_credentials_t cred = NULL;
<span class="perl_DataType">int</span> ret = gnutls_certificate_allocate_credentials (&cred);
@@ -1808,8 +2065,8 @@ gnutls_certificate_free_credentials(cred);
</pre></div><div class="para">
During its lifetime, the credentials object can be used to initialize TLS session objects from multiple threads, provided that it is not changed.
</div><div class="para">
- Once the TCP connection has been established, the Nagle algorithm should be disabled (see <a class="xref" href="#ex-Defensive_Coding-TLS-Nagle">Example 13.1, “Deactivating the TCP Nagle algorithm”</a>). After that, the socket can be associated with a new GNUTLS session object. The previously allocated credentials object provides the set of root CAs. The <code class="literal">NORMAL</code> set of cipher suites and protocols provides a reasonable default. Then the TLS handshake must be initiated. This is shown in <a class="xref" href="#ex-Defensive_Coding-TLS-Client-GNUTLS-Connect">Example 13.10, “Establishing a TLS client connection using GNUTLS”</a>.
- </div><div class="example" id="ex-Defensive_Coding-TLS-Client-GNUTLS-Connect"><h6>Example 13.10. Establishing a TLS client connection using GNUTLS</h6><div class="example-contents"><pre xml:lang="en-US" class="programlisting" lang="en-US">
+ Once the TCP connection has been established, the Nagle algorithm should be disabled (see <a class="xref" href="#ex-Defensive_Coding-TLS-Nagle">Example 16.1, “Deactivating the TCP Nagle algorithm”</a>). After that, the socket can be associated with a new GNUTLS session object. The previously allocated credentials object provides the set of root CAs. The <code class="literal">NORMAL</code> set of cipher suites and protocols provides a reasonable default. Then the TLS handshake must be initiated. This is shown in <a class="xref" href="#ex-Defensive_Coding-TLS-Client-GNUTLS-Connect">Example 16.10, “Establishing a TLS client connection using GNUTLS”</a>.
+ </div><div class="example" id="ex-Defensive_Coding-TLS-Client-GNUTLS-Connect"><h6>Example 16.10. Establishing a TLS client connection using GNUTLS</h6><div class="example-contents"><pre xml:lang="en-US" class="programlisting" lang="en-US">
<span class="perl_Comment">// Create the session object.</span><span class="perl_Comment"></span>
<span class="perl_Comment"></span>gnutls_session_t session;
ret = gnutls_init(&session, GNUTLS_CLIENT);
@@ -1855,8 +2112,8 @@ ret = gnutls_server_name_set(session, GNUTLS_NAME_DNS,
exit(<span class="perl_Float">1</span>);
}
</pre></div></div><br class="example-break" /><div class="para">
- After the handshake has been completed, the server certificate needs to be verified (<a class="xref" href="#ex-Defensive_Coding-TLS-Client-GNUTLS-Verify">Example 13.11, “Verifying a server certificate using GNUTLS”</a>). In the example, the user-defined <code class="function">certificate_validity_override</code> function is called if the verification fails, so that a separate, user-specific trust store can be checked. This function call can be omitted if the functionality is not needed.
- </div><div class="example" id="ex-Defensive_Coding-TLS-Client-GNUTLS-Verify"><h6>Example 13.11. Verifying a server certificate using GNUTLS</h6><div class="example-contents"><pre xml:lang="en-US" class="programlisting" lang="en-US">
+ After the handshake has been completed, the server certificate needs to be verified (<a class="xref" href="#ex-Defensive_Coding-TLS-Client-GNUTLS-Verify">Example 16.11, “Verifying a server certificate using GNUTLS”</a>). In the example, the user-defined <code class="function">certificate_validity_override</code> function is called if the verification fails, so that a separate, user-specific trust store can be checked. This function call can be omitted if the functionality is not needed.
+ </div><div class="example" id="ex-Defensive_Coding-TLS-Client-GNUTLS-Verify"><h6>Example 16.11. Verifying a server certificate using GNUTLS</h6><div class="example-contents"><pre xml:lang="en-US" class="programlisting" lang="en-US">
<span class="perl_Comment">// Obtain the server certificate chain. The server certificate</span><span class="perl_Comment"></span>
<span class="perl_Comment"></span><span class="perl_Comment">// itself is stored in the first element of the array.</span><span class="perl_Comment"></span>
<span class="perl_Comment"></span><span class="perl_DataType">unsigned</span> certslen = 0;
@@ -1894,8 +2151,8 @@ ret = gnutls_certificate_verify_peers2(session, &status);
}
}
</pre></div></div><br class="example-break" /><div class="para">
- In the next step (<a class="xref" href="#ex-Defensive_Coding-TLS-Client-GNUTLS-Match">Example 13.12, “Matching the server host name and certificate in a GNUTLS client”</a>, the certificate must be matched against the host name (note the unusual return value from <code class="function">gnutls_x509_crt_check_hostname</code>). Again, an override function <code class="function">certificate_host_name_override</code> is called. Note that the override must be keyed to the certificate <span class="emphasis"><em>and</em></span> the host name. The function call can be omitted if the override is not needed.
- </div><div class="example" id="ex-Defensive_Coding-TLS-Client-GNUTLS-Match"><h6>Example 13.12. Matching the server host name and certificate in a GNUTLS client</h6><div class="example-contents"><pre xml:lang="en-US" class="programlisting" lang="en-US">
+ In the next step (<a class="xref" href="#ex-Defensive_Coding-TLS-Client-GNUTLS-Match">Example 16.12, “Matching the server host name and certificate in a GNUTLS client”</a>, the certificate must be matched against the host name (note the unusual return value from <code class="function">gnutls_x509_crt_check_hostname</code>). Again, an override function <code class="function">certificate_host_name_override</code> is called. Note that the override must be keyed to the certificate <span class="emphasis"><em>and</em></span> the host name. The function call can be omitted if the override is not needed.
+ </div><div class="example" id="ex-Defensive_Coding-TLS-Client-GNUTLS-Match"><h6>Example 16.12. Matching the server host name and certificate in a GNUTLS client</h6><div class="example-contents"><pre xml:lang="en-US" class="programlisting" lang="en-US">
<span class="perl_Comment">// Match the peer certificate against the host name.</span><span class="perl_Comment"></span>
<span class="perl_Comment"></span><span class="perl_Comment">// We can only obtain a set of DER-encoded certificates from the</span><span class="perl_Comment"></span>
<span class="perl_Comment"></span><span class="perl_Comment">// session object, so we have to re-parse the peer certificate into</span><span class="perl_Comment"></span>
@@ -1923,8 +2180,8 @@ gnutls_x509_crt_deinit(cert);
</pre></div></div><br class="example-break" /><div class="para">
In newer GNUTLS versions, certificate checking and host name validation can be combined using the <code class="function">gnutls_certificate_verify_peers3</code> function.
</div><div class="para">
- An established TLS session can be used for sending and receiving data, as in <a class="xref" href="#ex-Defensive_Coding-TLS-GNUTLS-Use">Example 13.13, “Using a GNUTLS session”</a>.
- </div><div class="example" id="ex-Defensive_Coding-TLS-GNUTLS-Use"><h6>Example 13.13. Using a GNUTLS session</h6><div class="example-contents"><pre xml:lang="en-US" class="programlisting" lang="en-US">
+ An established TLS session can be used for sending and receiving data, as in <a class="xref" href="#ex-Defensive_Coding-TLS-GNUTLS-Use">Example 16.13, “Using a GNUTLS session”</a>.
+ </div><div class="example" id="ex-Defensive_Coding-TLS-GNUTLS-Use"><h6>Example 16.13. Using a GNUTLS session</h6><div class="example-contents"><pre xml:lang="en-US" class="programlisting" lang="en-US">
<span class="perl_DataType">char</span> buf[4096];
snprintf(buf, <span class="perl_Keyword">sizeof</span>(buf), <span class="perl_String">"GET / HTTP/1.0</span><span class="perl_Char">\r\n</span><span class="perl_String">Host: %s</span><span class="perl_Char">\r\n\r\n</span><span class="perl_String">"</span>, host);
ret = gnutls_record_send(session, buf, strlen(buf));
@@ -1938,8 +2195,8 @@ ret = gnutls_record_recv(session, buf, <span class="perl_Keyword">sizeof</span>(
exit(<span class="perl_Float">1</span>);
}
</pre></div></div><br class="example-break" /><div class="para">
- In order to shut down a connection in an orderly manner, you should call the <code class="function">gnutls_bye</code> function. Finally, the session object can be deallocated using <code class="function">gnutls_deinit</code> (see <a class="xref" href="#ex-Defensive_Coding-TLS-GNUTLS-Disconnect">Example 13.14, “Using a GNUTLS session”</a>).
- </div><div class="example" id="ex-Defensive_Coding-TLS-GNUTLS-Disconnect"><h6>Example 13.14. Using a GNUTLS session</h6><div class="example-contents"><pre xml:lang="en-US" class="programlisting" lang="en-US">
+ In order to shut down a connection in an orderly manner, you should call the <code class="function">gnutls_bye</code> function. Finally, the session object can be deallocated using <code class="function">gnutls_deinit</code> (see <a class="xref" href="#ex-Defensive_Coding-TLS-GNUTLS-Disconnect">Example 16.14, “Using a GNUTLS session”</a>).
+ </div><div class="example" id="ex-Defensive_Coding-TLS-GNUTLS-Disconnect"><h6>Example 16.14. Using a GNUTLS session</h6><div class="example-contents"><pre xml:lang="en-US" class="programlisting" lang="en-US">
<span class="perl_Comment">// Initiate an orderly connection shutdown.</span><span class="perl_Comment"></span>
<span class="perl_Comment"></span>ret = gnutls_bye(session, GNUTLS_SHUT_RDWR);
<span class="perl_Keyword">if</span> (ret < 0) {
@@ -1948,7 +2205,7 @@ ret = gnutls_record_recv(session, buf, <span class="perl_Keyword">sizeof</span>(
}
<span class="perl_Comment">// Free the session object.</span><span class="perl_Comment"></span>
<span class="perl_Comment"></span>gnutls_deinit(session);
-</pre></div></div><br class="example-break" /></div><div class="section" id="sect-Defensive_Coding-TLS-Client-OpenJDK"><div class="titlepage"><div><div keep-together.within-column="always"><h3 class="title">13.2.3. Implementing TLS Clients With OpenJDK</h3></div></div></div><div class="para">
+</pre></div></div><br class="example-break" /></div><div class="section" id="sect-Defensive_Coding-TLS-Client-OpenJDK"><div class="titlepage"><div><div keep-together.within-column="always"><h3 class="title">16.2.3. Implementing TLS Clients With OpenJDK</h3></div></div></div><div class="para">
The examples below use the following cryptographic-related classes:
</div><div class="informalexample"><pre xml:lang="en-US" class="programlisting" lang="en-US">
<span class="perl_Keyword">import</span> java.security.NoSuchAlgorithmException;
@@ -1966,8 +2223,8 @@ ret = gnutls_record_recv(session, buf, <span class="perl_Keyword">sizeof</span>(
</pre></div><div class="para">
If compatibility with OpenJDK 6 is required, it is necessary to use the internal class <code class="literal">sun.security.util.HostnameChecker</code>. (The public OpenJDK API does not provide any support for dissecting the subject distinguished name of an X.509 certificate, so a custom-written DER parser is needed—or we have to use an internal class, which we do below.) In OpenJDK 7, the <code class="function">setEndpointIdentificationAlgorithm</code> method was added to the <code class="literal">javax.net.ssl.SSLParameters</code> class, providing an official way to implement host name checking.
</div><div class="para">
- TLS connections are established using an <code class="literal">SSLContext</code> instance. With a properly configured OpenJDK installation, the <code class="literal">SunJSSE</code> provider uses the system-wide set of trusted root certificate authorities, so no further configuration is necessary. For backwards compatibility with OpenJDK 6, the <code class="literal">TLSv1</code> provider has to be supported as a fall-back option. This is shown in <a class="xref" href="#ex-Defensive_Coding-TLS-Client-OpenJDK-Context">Example 13.15, “Setting up an <code class="literal">SSLContext</code> for OpenJDK TLS clients”</a>.
- </div><div class="example" id="ex-Defensive_Coding-TLS-Client-OpenJDK-Context"><h6>Example 13.15. Setting up an <code class="literal">SSLContext</code> for OpenJDK TLS clients</h6><div class="example-contents"><pre xml:lang="en-US" class="programlisting" lang="en-US">
+ TLS connections are established using an <code class="literal">SSLContext</code> instance. With a properly configured OpenJDK installation, the <code class="literal">SunJSSE</code> provider uses the system-wide set of trusted root certificate authorities, so no further configuration is necessary. For backwards compatibility with OpenJDK 6, the <code class="literal">TLSv1</code> provider has to be supported as a fall-back option. This is shown in <a class="xref" href="#ex-Defensive_Coding-TLS-Client-OpenJDK-Context">Example 16.15, “Setting up an <code class="literal">SSLContext</code> for OpenJDK TLS clients”</a>.
+ </div><div class="example" id="ex-Defensive_Coding-TLS-Client-OpenJDK-Context"><h6>Example 16.15. Setting up an <code class="literal">SSLContext</code> for OpenJDK TLS clients</h6><div class="example-contents"><pre xml:lang="en-US" class="programlisting" lang="en-US">
<span class="perl_Comment">// Create the context. Specify the SunJSSE provider to avoid</span><span class="perl_Comment"></span>
<span class="perl_Comment"></span><span class="perl_Comment">// picking up third-party providers. Try the TLS 1.2 provider</span><span class="perl_Comment"></span>
<span class="perl_Comment"></span><span class="perl_Comment">// first, then fall back to TLS 1.0.</span><span class="perl_Comment"></span>
@@ -1989,8 +2246,8 @@ ret = gnutls_record_recv(session, buf, <span class="perl_Keyword">sizeof</span>(
}
ctx.<span class="perl_Function">init</span>(<span class="perl_Keyword">null</span>, <span class="perl_Keyword">null</span>, <span class="perl_Keyword">null</span>);
</pre></div></div><br class="example-break" /><div class="para">
- In addition to the context, a TLS parameter object will be needed which adjusts the cipher suites and protocols (<a class="xref" href="#ex-Defensive_Coding-TLS-OpenJDK-Parameters">Example 13.16, “Setting up <code class="literal">SSLParameters</code> for TLS use with OpenJDK”</a>). Like the context, these parameters can be reused for multiple TLS connections.
- </div><div class="example" id="ex-Defensive_Coding-TLS-OpenJDK-Parameters"><h6>Example 13.16. Setting up <code class="literal">SSLParameters</code> for TLS use with OpenJDK</h6><div class="example-contents"><pre xml:lang="en-US" class="programlisting" lang="en-US">
+ In addition to the context, a TLS parameter object will be needed which adjusts the cipher suites and protocols (<a class="xref" href="#ex-Defensive_Coding-TLS-OpenJDK-Parameters">Example 16.16, “Setting up <code class="literal">SSLParameters</code> for TLS use with OpenJDK”</a>). Like the context, these parameters can be reused for multiple TLS connections.
+ </div><div class="example" id="ex-Defensive_Coding-TLS-OpenJDK-Parameters"><h6>Example 16.16. Setting up <code class="literal">SSLParameters</code> for TLS use with OpenJDK</h6><div class="example-contents"><pre xml:lang="en-US" class="programlisting" lang="en-US">
<span class="perl_Comment">// Prepare TLS parameters. These have to applied to every TLS</span><span class="perl_Comment"></span>
<span class="perl_Comment"></span><span class="perl_Comment">// socket before the handshake is triggered.</span><span class="perl_Comment"></span>
<span class="perl_Comment"></span>SSLParameters params = ctx.<span class="perl_Function">getDefaultSSLParameters</span>();
@@ -2019,8 +2276,8 @@ params.<span class="perl_Function">setEndpointIdentificationAlgorithm</span>(<sp
</pre></div><div class="para">
All application protocols can use the <code class="literal">"HTTPS"</code> algorithm. (The algorithms have minor differences with regard to wildcard handling, which should not matter in practice.)
</div><div class="para">
- <a class="xref" href="#ex-Defensive_Coding-TLS-Client-OpenJDK-Connect">Example 13.17, “Establishing a TLS connection with OpenJDK”</a> shows how to establish the connection. Before the handshake is initialized, the protocol and cipher configuration has to be performed, by applying the parameter object <code class="literal">params</code>. (After this point, changes to <code class="literal">params</code> will not affect this TLS socket.) As mentioned initially, host name checking requires using an internal API on OpenJDK 6.
- </div><div class="example" id="ex-Defensive_Coding-TLS-Client-OpenJDK-Connect"><h6>Example 13.17. Establishing a TLS connection with OpenJDK</h6><div class="example-contents"><pre xml:lang="en-US" class="programlisting" lang="en-US">
+ <a class="xref" href="#ex-Defensive_Coding-TLS-Client-OpenJDK-Connect">Example 16.17, “Establishing a TLS connection with OpenJDK”</a> shows how to establish the connection. Before the handshake is initialized, the protocol and cipher configuration has to be performed, by applying the parameter object <code class="literal">params</code>. (After this point, changes to <code class="literal">params</code> will not affect this TLS socket.) As mentioned initially, host name checking requires using an internal API on OpenJDK 6.
+ </div><div class="example" id="ex-Defensive_Coding-TLS-Client-OpenJDK-Connect"><h6>Example 16.17. Establishing a TLS connection with OpenJDK</h6><div class="example-contents"><pre xml:lang="en-US" class="programlisting" lang="en-US">
<span class="perl_Comment">// Create the socket and connect it at the TCP layer.</span><span class="perl_Comment"></span>
<span class="perl_Comment"></span>SSLSocket socket = (SSLSocket) ctx.<span class="perl_Function">getSocketFactory</span>()
.<span class="perl_Function">createSocket</span>(host, port);
@@ -2044,18 +2301,18 @@ params.<span class="perl_Function">setEndpointIdentificationAlgorithm</span>(<sp
</pre></div></div><br class="example-break" /><div class="para">
Starting with OpenJDK 7, the last lines can be omitted, provided that host name verification has been enabled by calling the <code class="function">setEndpointIdentificationAlgorithm</code> method on the <code class="literal">params</code> object (before it was applied to the socket).
</div><div class="para">
- The TLS socket can be used as a regular socket, as shown in <a class="xref" href="#ex-Defensive_Coding-TLS-Client-OpenJDK-Use">Example 13.18, “Using a TLS client socket in OpenJDK”</a>.
- </div><div class="example" id="ex-Defensive_Coding-TLS-Client-OpenJDK-Use"><h6>Example 13.18. Using a TLS client socket in OpenJDK</h6><div class="example-contents"><pre xml:lang="en-US" class="programlisting" lang="en-US">
+ The TLS socket can be used as a regular socket, as shown in <a class="xref" href="#ex-Defensive_Coding-TLS-Client-OpenJDK-Use">Example 16.18, “Using a TLS client socket in OpenJDK”</a>.
+ </div><div class="example" id="ex-Defensive_Coding-TLS-Client-OpenJDK-Use"><h6>Example 16.18. Using a TLS client socket in OpenJDK</h6><div class="example-contents"><pre xml:lang="en-US" class="programlisting" lang="en-US">
socket.<span class="perl_Function">getOutputStream</span>().<span class="perl_Function">write</span>(<span class="perl_String">"GET / HTTP/1.0</span><span class="perl_Char">\r\n\r\n</span><span class="perl_String">"</span>
.<span class="perl_Function">getBytes</span>(Charset.<span class="perl_Function">forName</span>(<span class="perl_String">"UTF-8"</span>)));
<span class="perl_DataType">byte</span>[] buffer = <span class="perl_Keyword">new</span> <span class="perl_DataType">byte</span>[<span class="perl_Float">4096</span>];
<span class="perl_DataType">int</span> count = socket.<span class="perl_Function">getInputStream</span>().<span class="perl_Function">read</span>(buffer);
System.<span class="perl_Function">out</span>.<span class="perl_Function">write</span>(buffer, <span class="perl_Float">0</span>, count);
-</pre></div></div><br class="example-break" /><div class="section" id="idm217647167504"><div class="titlepage"><div><div keep-together.within-column="always"><h4 class="title" id="idm217647167504">13.2.3.1. Overriding server certificate validation with OpenJDK 6</h4></div></div></div><div class="para">
+</pre></div></div><br class="example-break" /><div class="section" id="idm225470349680"><div class="titlepage"><div><div keep-together.within-column="always"><h4 class="title" id="idm225470349680">16.2.3.1. Overriding server certificate validation with OpenJDK 6</h4></div></div></div><div class="para">
Overriding certificate validation requires a custom trust manager. With OpenJDK 6, the trust manager lacks information about the TLS session, and to which server the connection is made. Certificate overrides have to be tied to specific servers (host names). Consequently, different <code class="literal">TrustManager</code> and <code class="literal">SSLContext</code> objects have to be used for different servers.
</div><div class="para">
- In the trust manager shown in <a class="xref" href="#ex-Defensive_Coding-TLS-Client-MyTrustManager">Example 13.19, “A customer trust manager for OpenJDK TLS clients”</a>, the server certificate is identified by its SHA-256 hash.
- </div><div class="example" id="ex-Defensive_Coding-TLS-Client-MyTrustManager"><h6>Example 13.19. A customer trust manager for OpenJDK TLS clients</h6><div class="example-contents"><pre xml:lang="en-US" class="programlisting" lang="en-US">
+ In the trust manager shown in <a class="xref" href="#ex-Defensive_Coding-TLS-Client-MyTrustManager">Example 16.19, “A customer trust manager for OpenJDK TLS clients”</a>, the server certificate is identified by its SHA-256 hash.
+ </div><div class="example" id="ex-Defensive_Coding-TLS-Client-MyTrustManager"><h6>Example 16.19. A customer trust manager for OpenJDK TLS clients</h6><div class="example-contents"><pre xml:lang="en-US" class="programlisting" lang="en-US">
<span class="perl_Keyword">public</span> <span class="perl_Keyword">class</span> MyTrustManager <span class="perl_Keyword">implements</span> X509TrustManager {
<span class="perl_Keyword">private</span> <span class="perl_DataType">final</span> <span class="perl_DataType">byte</span>[] certHash;
@@ -2089,8 +2346,8 @@ System.<span class="perl_Function">out</span>.<span class="perl_Function">write<
}
}
</pre></div></div><br class="example-break" /><div class="para">
- This trust manager has to be passed to the <code class="literal">init</code> method of the <code class="literal">SSLContext</code> object, as show in <a class="xref" href="#ex-Defensive_Coding-TLS-Client-Context_For_Cert">Example 13.20, “Using a custom TLS trust manager with OpenJDK”</a>.
- </div><div class="example" id="ex-Defensive_Coding-TLS-Client-Context_For_Cert"><h6>Example 13.20. Using a custom TLS trust manager with OpenJDK</h6><div class="example-contents"><pre xml:lang="en-US" class="programlisting" lang="en-US">
+ This trust manager has to be passed to the <code class="literal">init</code> method of the <code class="literal">SSLContext</code> object, as show in <a class="xref" href="#ex-Defensive_Coding-TLS-Client-Context_For_Cert">Example 16.20, “Using a custom TLS trust manager with OpenJDK”</a>.
+ </div><div class="example" id="ex-Defensive_Coding-TLS-Client-Context_For_Cert"><h6>Example 16.20. Using a custom TLS trust manager with OpenJDK</h6><div class="example-contents"><pre xml:lang="en-US" class="programlisting" lang="en-US">
SSLContext ctx;
<span class="perl_Keyword">try</span> {
ctx = SSLContext.<span class="perl_Function">getInstance</span>(<span class="perl_String">"TLSv1.2"</span>, <span class="perl_String">"SunJSSE"</span>);
@@ -2111,13 +2368,13 @@ ctx.<span class="perl_Function">init</span>(<span class="perl_Keyword">null</spa
When certificate overrides are in place, host name verification should not be performed because there is no security requirement that the host name in the certificate matches the host name used to establish the connection (and it often will not). However, without host name verification, it is not possible to perform transparent fallback to certification validation using the system certificate store.
</div><div class="para">
The approach described above works with OpenJDK 6 and later versions. Starting with OpenJDK 7, it is possible to use a custom subclass of the <code class="literal">javax.net.ssl.X509ExtendedTrustManager</code> class. The OpenJDK TLS implementation will call the new methods, passing along TLS session information. This can be used to implement certificate overrides as a fallback (if certificate or host name verification fails), and a trust manager object can be used for multiple servers because the server address is available to the trust manager.
- </div></div></div><div class="section" id="sect-Defensive_Coding-TLS-Client-NSS"><div class="titlepage"><div><div keep-together.within-column="always"><h3 class="title">13.2.4. Implementing TLS Clients With NSS</h3></div></div></div><div class="para">
+ </div></div></div><div class="section" id="sect-Defensive_Coding-TLS-Client-NSS"><div class="titlepage"><div><div keep-together.within-column="always"><h3 class="title">16.2.4. Implementing TLS Clients With NSS</h3></div></div></div><div class="para">
The following code shows how to implement a simple TLS client using NSS. These instructions apply to NSS version 3.14 and later. Versions before 3.14 need different initialization code.
</div><div class="para">
Keep in mind that the error handling needs to be improved before the code can be used in production.
</div><div class="para">
- Using NSS needs several header files, as shown in <a class="xref" href="#ex-Defensive_Coding-TLS-NSS-Includes">Example 13.21, “Include files for NSS”</a>.
- </div><div class="example" id="ex-Defensive_Coding-TLS-NSS-Includes"><h6>Example 13.21. Include files for NSS</h6><div class="example-contents"><pre xml:lang="en-US" class="programlisting" lang="en-US">
+ Using NSS needs several header files, as shown in <a class="xref" href="#ex-Defensive_Coding-TLS-NSS-Includes">Example 16.21, “Include files for NSS”</a>.
+ </div><div class="example" id="ex-Defensive_Coding-TLS-NSS-Includes"><h6>Example 16.21. Include files for NSS</h6><div class="example-contents"><pre xml:lang="en-US" class="programlisting" lang="en-US">
<span class="perl_Comment">// NSPR include files</span><span class="perl_Comment"></span>
<span class="perl_Comment"></span><span class="perl_Others">#include <prerror.h></span><span class="perl_Others"></span>
<span class="perl_Others"></span><span class="perl_Others">#include <prinit.h></span><span class="perl_Others"></span>
@@ -2133,10 +2390,10 @@ ctx.<span class="perl_Function">init</span>(<span class="perl_Keyword">null</spa
<span class="perl_Comment"></span><span class="perl_Comment">// NSPR handle.</span><span class="perl_Comment"></span>
<span class="perl_Comment"></span>NSPR_API(PRFileDesc*) PR_ImportTCPSocket(<span class="perl_DataType">int</span>);
</pre></div></div><br class="example-break" /><div class="para">
- Initializing the NSS library is shown in <a class="xref" href="#ex-Defensive_Coding-TLS-NSS-Init">Example 13.22, “Initializing the NSS library”</a>. This initialization procedure overrides global state. We only call <code class="function">NSS_SetDomesticPolicy</code> if there are no strong ciphers available, assuming that it has already been called otherwise. This avoids overriding the process-wide cipher suite policy unnecessarily.
+ Initializing the NSS library is shown in <a class="xref" href="#ex-Defensive_Coding-TLS-NSS-Init">Example 16.22, “Initializing the NSS library”</a>. This initialization procedure overrides global state. We only call <code class="function">NSS_SetDomesticPolicy</code> if there are no strong ciphers available, assuming that it has already been called otherwise. This avoids overriding the process-wide cipher suite policy unnecessarily.
</div><div class="para">
The simplest way to configured the trusted root certificates involves loading the <code class="filename">libnssckbi.so</code> NSS module with a call to the <code class="function">SECMOD_LoadUserModule</code> function. The root certificates are compiled into this module. (The PEM module for NSS, <code class="filename">libnsspem.so</code>, offers a way to load trusted CA certificates from a file.)
- </div><div class="example" id="ex-Defensive_Coding-TLS-NSS-Init"><h6>Example 13.22. Initializing the NSS library</h6><div class="example-contents"><pre xml:lang="en-US" class="programlisting" lang="en-US">
+ </div><div class="example" id="ex-Defensive_Coding-TLS-NSS-Init"><h6>Example 16.22. Initializing the NSS library</h6><div class="example-contents"><pre xml:lang="en-US" class="programlisting" lang="en-US">
PR_Init(PR_USER_THREAD, PR_PRIORITY_NORMAL, 0);
NSSInitContext *<span class="perl_DataType">const</span> ctx =
NSS_InitContext(<span class="perl_String">"sql:/etc/pki/nssdb"</span>, <span class="perl_String">""</span>, <span class="perl_String">""</span>, <span class="perl_String">""</span>, NULL,
@@ -2200,12 +2457,12 @@ SECMODModule *module = SECMOD_LoadUserModule(module_name, NULL, PR_FALSE);
SECMOD_DestroyModule(module);
NSS_ShutdownContext(ctx);
</pre></div><div class="para">
- After NSS has been initialized, the TLS connection can be created (<a class="xref" href="#ex-Defensive_Coding-TLS-Client-NSS-Connect">Example 13.23, “Creating a TLS connection with NSS”</a>). The internal <code class="function">PR_ImportTCPSocket</code> function is used to turn the POSIX file descriptor <code class="literal">sockfd</code> into an NSPR file descriptor. (This function is de-facto part of the NSS public ABI, so it will not go away.) Creating the TLS-capable file descriptor requires a <span class="emphasis"><em>model</em></span> descriptor, which is configured with the desired set of protocols. The model descriptor is not needed anymore after TLS support has been activated for the existing connection descriptor.
+ After NSS has been initialized, the TLS connection can be created (<a class="xref" href="#ex-Defensive_Coding-TLS-Client-NSS-Connect">Example 16.23, “Creating a TLS connection with NSS”</a>). The internal <code class="function">PR_ImportTCPSocket</code> function is used to turn the POSIX file descriptor <code class="literal">sockfd</code> into an NSPR file descriptor. (This function is de-facto part of the NSS public ABI, so it will not go away.) Creating the TLS-capable file descriptor requires a <span class="emphasis"><em>model</em></span> descriptor, which is configured with the desired set of protocols. The model descriptor is not needed anymore after TLS support has been activated for the existing connection descriptor.
</div><div class="para">
The call to <code class="function">SSL_BadCertHook</code> can be omitted if no mechanism to override certificate verification is needed. The <code class="literal">bad_certificate</code> function must check both the host name specified for the connection and the certificate before granting the override.
</div><div class="para">
Triggering the actual handshake requires three function calls, <code class="function">SSL_ResetHandshake</code>, <code class="function">SSL_SetURL</code>, and <code class="function">SSL_ForceHandshake</code>. (If <code class="function">SSL_ResetHandshake</code> is omitted, <code class="function">SSL_ForceHandshake</code> will succeed, but the data will not be encrypted.) During the handshake, the certificate is verified and matched against the host name.
- </div><div class="example" id="ex-Defensive_Coding-TLS-Client-NSS-Connect"><h6>Example 13.23. Creating a TLS connection with NSS</h6><div class="example-contents"><pre xml:lang="en-US" class="programlisting" lang="en-US">
+ </div><div class="example" id="ex-Defensive_Coding-TLS-Client-NSS-Connect"><h6>Example 16.23. Creating a TLS connection with NSS</h6><div class="example-contents"><pre xml:lang="en-US" class="programlisting" lang="en-US">
<span class="perl_Comment">// Wrap the POSIX file descriptor. This is an internal NSPR</span><span class="perl_Comment"></span>
<span class="perl_Comment"></span><span class="perl_Comment">// function, but it is very unlikely to change.</span><span class="perl_Comment"></span>
<span class="perl_Comment"></span>PRFileDesc* nspr = PR_ImportTCPSocket(sockfd);
@@ -2281,8 +2538,8 @@ sockfd = <span class="perl_DecVal">-1</span>; <span class="perl_Comment">// Has
exit(<span class="perl_Float">1</span>);
}
</pre></div></div><br class="example-break" /><div class="para">
- After the connection has been established, <a class="xref" href="#ex-Defensive_Coding-TLS-NSS-Use">Example 13.24, “Using NSS for sending and receiving data”</a> shows how to use the NSPR descriptor to communicate with the server.
- </div><div class="example" id="ex-Defensive_Coding-TLS-NSS-Use"><h6>Example 13.24. Using NSS for sending and receiving data</h6><div class="example-contents"><pre xml:lang="en-US" class="programlisting" lang="en-US">
+ After the connection has been established, <a class="xref" href="#ex-Defensive_Coding-TLS-NSS-Use">Example 16.24, “Using NSS for sending and receiving data”</a> shows how to use the NSPR descriptor to communicate with the server.
+ </div><div class="example" id="ex-Defensive_Coding-TLS-NSS-Use"><h6>Example 16.24. Using NSS for sending and receiving data</h6><div class="example-contents"><pre xml:lang="en-US" class="programlisting" lang="en-US">
<span class="perl_DataType">char</span> buf[4096];
snprintf(buf, <span class="perl_Keyword">sizeof</span>(buf), <span class="perl_String">"GET / HTTP/1.0</span><span class="perl_Char">\r\n</span><span class="perl_String">Host: %s</span><span class="perl_Char">\r\n\r\n</span><span class="perl_String">"</span>, host);
PRInt32 ret = PR_Write(nspr, buf, strlen(buf));
@@ -2300,8 +2557,8 @@ ret = PR_Read(nspr, buf, <span class="perl_Keyword">sizeof</span>(buf));
exit(<span class="perl_Float">1</span>);
}
</pre></div></div><br class="example-break" /><div class="para">
- <a class="xref" href="#ex-Defensive_Coding-TLS-Client-NSS-Close">Example 13.25, “Closing NSS client connections”</a> shows how to close the connection.
- </div><div class="example" id="ex-Defensive_Coding-TLS-Client-NSS-Close"><h6>Example 13.25. Closing NSS client connections</h6><div class="example-contents"><pre xml:lang="en-US" class="programlisting" lang="en-US">
+ <a class="xref" href="#ex-Defensive_Coding-TLS-Client-NSS-Close">Example 16.25, “Closing NSS client connections”</a> shows how to close the connection.
+ </div><div class="example" id="ex-Defensive_Coding-TLS-Client-NSS-Close"><h6>Example 16.25. Closing NSS client connections</h6><div class="example-contents"><pre xml:lang="en-US" class="programlisting" lang="en-US">
<span class="perl_Comment">// Send close_notify alert.</span><span class="perl_Comment"></span>
<span class="perl_Comment"></span><span class="perl_Keyword">if</span> (PR_Shutdown(nspr, PR_SHUTDOWN_BOTH) != PR_SUCCESS) {
<span class="perl_DataType">const</span> PRErrorCode err = PR_GetError();
@@ -2311,13 +2568,13 @@ ret = PR_Read(nspr, buf, <span class="perl_Keyword">sizeof</span>(buf));
}
<span class="perl_Comment">// Closes the underlying POSIX file descriptor, too.</span><span class="perl_Comment"></span>
<span class="perl_Comment"></span>PR_Close(nspr);
-</pre></div></div><br class="example-break" /></div><div class="section" id="sect-Defensive_Coding-TLS-Client-Python"><div class="titlepage"><div><div keep-together.within-column="always"><h3 class="title">13.2.5. Implementing TLS Clients With Python</h3></div></div></div><div class="para">
- The Python distribution provides a TLS implementation in the <code class="literal">ssl</code> module (actually a wrapper around OpenSSL). The exported interface is somewhat restricted, so that the client code shown below does not fully implement the recommendations in <a class="xref" href="#sect-Defensive_Coding-TLS-OpenSSL">Section 13.1.1, “OpenSSL Pitfalls”</a>.
+</pre></div></div><br class="example-break" /></div><div class="section" id="sect-Defensive_Coding-TLS-Client-Python"><div class="titlepage"><div><div keep-together.within-column="always"><h3 class="title">16.2.5. Implementing TLS Clients With Python</h3></div></div></div><div class="para">
+ The Python distribution provides a TLS implementation in the <code class="literal">ssl</code> module (actually a wrapper around OpenSSL). The exported interface is somewhat restricted, so that the client code shown below does not fully implement the recommendations in <a class="xref" href="#sect-Defensive_Coding-TLS-OpenSSL">Section 16.1.1, “OpenSSL Pitfalls”</a>.
</div><div class="important"><div class="admonition_header"><h2>Important</h2></div><div class="admonition"><div class="para">
Currently, most Python function which accept <code class="literal">https://</code> URLs or otherwise implement HTTPS support do not perform certificate validation at all. (For example, this is true for the <code class="literal">httplib</code> and <code class="literal">xmlrpclib</code> modules.) If you use HTTPS, you should not use the built-in HTTP clients. The <code class="literal">Curl</code> class in the <code class="literal">curl</code> module, as provided by the <code class="literal">python-pycurl</code> package implements proper certificate validation.
</div></div></div><div class="para">
- The <code class="literal">ssl</code> module currently does not perform host name checking on the server certificate. <a class="xref" href="#ex-Defensive_Coding-TLS-Client-Python-check_host_name">Example 13.26, “Implementing TLS host name checking Python (without wildcard support)”</a> shows how to implement certificate matching, using the parsed certificate returned by <code class="function">getpeercert</code>.
- </div><div class="example" id="ex-Defensive_Coding-TLS-Client-Python-check_host_name"><h6>Example 13.26. Implementing TLS host name checking Python (without wildcard support)</h6><div class="example-contents"><pre xml:lang="en-US" class="programlisting" lang="en-US">
+ The <code class="literal">ssl</code> module currently does not perform host name checking on the server certificate. <a class="xref" href="#ex-Defensive_Coding-TLS-Client-Python-check_host_name">Example 16.26, “Implementing TLS host name checking Python (without wildcard support)”</a> shows how to implement certificate matching, using the parsed certificate returned by <code class="function">getpeercert</code>.
+ </div><div class="example" id="ex-Defensive_Coding-TLS-Client-Python-check_host_name"><h6>Example 16.26. Implementing TLS host name checking Python (without wildcard support)</h6><div class="example-contents"><pre xml:lang="en-US" class="programlisting" lang="en-US">
<span class="perl_Keyword">def</span> check_host_name<span class="perl_Char">(peercert</span>, name<span class="perl_Char">):</span>
<span class="perl_Comment">"""Simple certificate/host name checker. Returns True if the</span><span class="perl_Comment"></span>
<span class="perl_Comment"></span><span class="perl_Comment"> certificate matches, False otherwise. Does not support</span><span class="perl_Comment"></span>
@@ -2342,7 +2599,7 @@ ret = PR_Read(nspr, buf, <span class="perl_Keyword">sizeof</span>(buf));
<span class="perl_Keyword">return</span> cn <span class="perl_Char">==</span> name
<span class="perl_Keyword">return</span> <span class="perl_Others">False</span>
</pre></div></div><br class="example-break" /><div class="para">
- To turn a regular, connected TCP socket into a TLS-enabled socket, use the <code class="function">ssl.wrap_socket</code> function. The function call in <a class="xref" href="#ex-Defensive_Coding-TLS-Client-Python-Connect">Example 13.27, “Establishing a TLS client connection with Python”</a> provides additional arguments to override questionable defaults in OpenSSL and in the Python module.
+ To turn a regular, connected TCP socket into a TLS-enabled socket, use the <code class="function">ssl.wrap_socket</code> function. The function call in <a class="xref" href="#ex-Defensive_Coding-TLS-Client-Python-Connect">Example 16.27, “Establishing a TLS client connection with Python”</a> provides additional arguments to override questionable defaults in OpenSSL and in the Python module.
</div><div class="itemizedlist"><ul><li class="listitem"><div class="para">
<code class="literal">ciphers="HIGH:-aNULL:-eNULL:-PSK:RC4-SHA:RC4-MD5"</code> selects relatively strong cipher suites with certificate-based authentication. (The call to <code class="function">check_host_name</code> function provides additional protection against anonymous cipher suites.)
</div></li><li class="listitem"><div class="para">
@@ -2353,7 +2610,7 @@ ret = PR_Read(nspr, buf, <span class="perl_Keyword">sizeof</span>(buf));
<code class="literal">ca_certs='/etc/ssl/certs/ca-bundle.crt'</code> initializes the certificate store with a set of trusted root CAs. Unfortunately, it is necessary to hard-code this path into applications because the default path in OpenSSL is not available through the Python <code class="literal">ssl</code> module.
</div></li></ul></div><div class="para">
The <code class="literal">ssl</code> module (and OpenSSL) perform certificate validation, but the certificate must be compared manually against the host name, by calling the <code class="function">check_host_name</code> defined above.
- </div><div class="example" id="ex-Defensive_Coding-TLS-Client-Python-Connect"><h6>Example 13.27. Establishing a TLS client connection with Python</h6><div class="example-contents"><pre xml:lang="en-US" class="programlisting" lang="en-US">
+ </div><div class="example" id="ex-Defensive_Coding-TLS-Client-Python-Connect"><h6>Example 16.27. Establishing a TLS client connection with Python</h6><div class="example-contents"><pre xml:lang="en-US" class="programlisting" lang="en-US">
sock <span class="perl_Char">=</span> ssl.wrap_socket<span class="perl_Char">(sock</span>,
ciphers<span class="perl_Char">=</span><span class="perl_String">"HIGH:-aNULL:-eNULL:-PSK:RC4-SHA:RC4-MD5"</span>,
ssl_version<span class="perl_Char">=ssl</span>.PROTOCOL_TLSv1,
@@ -2371,8 +2628,14 @@ sock.write<span class="perl_Char">(</span><span class="perl_String">"GET / HTTP/
Closing the TLS socket is straightforward as well:
</div><div class="informalexample"><pre xml:lang="en-US" class="programlisting" lang="en-US">
sock.close<span class="perl_Char">()</span>
-</pre></div></div></div></div></div><div xml:lang="en-US" class="appendix" id="appe-UEFI_Secure_Boot_Guide-Revision_History" lang="en-US"><div class="titlepage"><div><div><h1 class="title">Revision History</h1></div></div></div><div class="para">
- <div class="revhistory"><table summary="Revision History"><tr><th align="left" valign="top" colspan="3"><strong>Revision History</strong></th></tr><tr><td align="left">Revision 1.0-1</td><td align="left">Thu May 09 2013</td><td align="left"><span class="author"><span class="firstname">Eric</span> <span class="surname">Christensen</span></span></td></tr><tr><td align="left" colspan="3">
+</pre></div></div></div></div></div><div xml:lang="en-US" class="appendix" id="appe-Defensive_Coding-Revision_History" lang="en-US"><div class="titlepage"><div><div><h1 class="title">Revision History</h1></div></div></div><div class="para">
+ <div class="revhistory"><table summary="Revision History"><tr><th align="left" valign="top" colspan="3"><strong>Revision History</strong></th></tr><tr><td align="left">Revision 1.2-1</td><td align="left">Wed Jul 16 2014</td><td align="left"><span class="author"><span class="firstname">Florian</span> <span class="surname">Weimer</span></span></td></tr><tr><td align="left" colspan="3">
+ <table border="0" summary="Simple list" class="simplelist"><tr><td>C: Corrected the <code class="function">strncat</code> example</td></tr><tr><td>C: Mention mixed signed/unsigned comparisons</td></tr><tr><td>C: Unsigned overflow checking example</td></tr><tr><td>C++: <code class="literal">operator new[]</code> has been fixed in GCC</td></tr><tr><td>C++: Additional material on <code class="literal">std::string</code>, iterators</td></tr><tr><td>OpenSSL: Mention <code class="command">openssl genrsa</code> entropy issue</td></tr><tr><td>Packaging: X.509 key generation</td></tr><tr><td>Go, Vala: Add short chapters</td></tr><tr><td>Serialization: Notes on fragmentation and reassembly</td></tr></table>
+
+ </td></tr><tr><td align="left">Revision 1.1-1</td><td align="left">Tue Aug 27 2013</td><td align="left"><span class="author"><span class="firstname">Eric</span> <span class="surname">Christensen</span></span></td></tr><tr><td align="left" colspan="3">
+ <table border="0" summary="Simple list" class="simplelist"><tr><td>Add a chapter which covers some Java topics.</td></tr><tr><td>Deserialization: Warn about Java's java.beans.XMLDecoder.</td></tr><tr><td>C: Correct the advice on array allocation (<a href="https://bugzilla.redhat.com/show_bug.cgi?id=995595">bug 995595</a>).</td></tr><tr><td>C: Add material on global variables.</td></tr></table>
+
+ </td></tr><tr><td align="left">Revision 1.0-1</td><td align="left">Thu May 09 2013</td><td align="left"><span class="author"><span class="firstname">Eric</span> <span class="surname">Christensen</span></span></td></tr><tr><td align="left" colspan="3">
<table border="0" summary="Simple list" class="simplelist"><tr><td>Added more C and C++ examples.</td></tr><tr><td>TLS Client NSS: Rely on NSS 3.14 cipher suite defaults.</td></tr></table>
</td></tr><tr><td align="left">Revision 0-1</td><td align="left">Thu Mar 7 2013</td><td align="left"><span class="author"><span class="firstname">Eric</span> <span class="surname">Christensen</span></span></td></tr><tr><td align="left" colspan="3">
diff --git a/public_html/en-US/Fedora_Security_Team/1/html/Defensive_Coding/appe-Defensive_Coding-Revision_History.html b/public_html/en-US/Fedora_Security_Team/1/html/Defensive_Coding/appe-Defensive_Coding-Revision_History.html
new file mode 100644
index 0000000..184202e
--- /dev/null
+++ b/public_html/en-US/Fedora_Security_Team/1/html/Defensive_Coding/appe-Defensive_Coding-Revision_History.html
@@ -0,0 +1,24 @@
+<?xml version="1.0" encoding="UTF-8" standalone="no"?>
+<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd"><html xmlns="http://www.w3.org/1999/xhtml"><head><meta http-equiv="Content-Type" content="text/html; charset=UTF-8" /><title>Appendix A. Revision History</title><link rel="stylesheet" type="text/css" href="Common_Content/css/default.css" /><link rel="stylesheet" media="print" href="Common_Content/css/print.css" type="text/css" /><meta name="generator" content="publican 2.8" /><meta name="package" content="Fedora_Security_Team-Defensive_Coding-1-en-US-1-1" /><script type="text/javascript" src="../../../../../toc.js"></script><script type="text/javascript">
+ addID('Fedora_Security_Team');
+
+ addID('Fedora_Security_Team.1');
+
+ addID('Fedora_Security_Team.1.books');
+ addID('Fedora_Security_Team.1.Defensive_Coding');
+ </script><link rel="home" href="index.html" title="Defensive Coding" /><link rel="up" href="index.html" title="Defensive Coding" /><link rel="prev" href="sect-Defensive_Coding-TLS-Client-Python.html" title="16.2.5. Implementing TLS Clients With Python" /></head><body class="toc_embeded "><div id="tocdiv" class="toc"><iframe id="tocframe" class="toc" src="../../../../toc.html">This is an iframe, to view it upgrade your browser or enable iframe display.</iframe></div><p id="title"><a class="left" href="http://www.fedoraproject.org"><img src="Common_Content/images/image_left.png" alt="Product Site" /></a><a class="right" href="http://docs.fedoraproject.org"><img src="Common_Content/images/image_right.png" alt="Documentation Site" /></a></p><ul class="docnav"><li class="previous"><a accesskey="p" href="sect-Defensive_Coding-TLS-Client-Python.html"><strong>Prev</strong></a></li><li class="next"></li></ul><div xml:lang="en-US" class="appendix" id="appe-Defensive_Cod
ing-Revision_History" lang="en-US"><div class="titlepage"><div><div><h1 class="title">Revision History</h1></div></div></div><div class="para">
+ <div class="revhistory"><table summary="Revision History"><tr><th align="left" valign="top" colspan="3"><strong>Revision History</strong></th></tr><tr><td align="left">Revision 1.2-1</td><td align="left">Wed Jul 16 2014</td><td align="left"><span class="author"><span class="firstname">Florian</span> <span class="surname">Weimer</span></span></td></tr><tr><td align="left" colspan="3">
+ <table border="0" summary="Simple list" class="simplelist"><tr><td>C: Corrected the <code class="function">strncat</code> example</td></tr><tr><td>C: Mention mixed signed/unsigned comparisons</td></tr><tr><td>C: Unsigned overflow checking example</td></tr><tr><td>C++: <code class="literal">operator new[]</code> has been fixed in GCC</td></tr><tr><td>C++: Additional material on <code class="literal">std::string</code>, iterators</td></tr><tr><td>OpenSSL: Mention <code class="command">openssl genrsa</code> entropy issue</td></tr><tr><td>Packaging: X.509 key generation</td></tr><tr><td>Go, Vala: Add short chapters</td></tr><tr><td>Serialization: Notes on fragmentation and reassembly</td></tr></table>
+
+ </td></tr><tr><td align="left">Revision 1.1-1</td><td align="left">Tue Aug 27 2013</td><td align="left"><span class="author"><span class="firstname">Eric</span> <span class="surname">Christensen</span></span></td></tr><tr><td align="left" colspan="3">
+ <table border="0" summary="Simple list" class="simplelist"><tr><td>Add a chapter which covers some Java topics.</td></tr><tr><td>Deserialization: Warn about Java's java.beans.XMLDecoder.</td></tr><tr><td>C: Correct the advice on array allocation (<a href="https://bugzilla.redhat.com/show_bug.cgi?id=995595">bug 995595</a>).</td></tr><tr><td>C: Add material on global variables.</td></tr></table>
+
+ </td></tr><tr><td align="left">Revision 1.0-1</td><td align="left">Thu May 09 2013</td><td align="left"><span class="author"><span class="firstname">Eric</span> <span class="surname">Christensen</span></span></td></tr><tr><td align="left" colspan="3">
+ <table border="0" summary="Simple list" class="simplelist"><tr><td>Added more C and C++ examples.</td></tr><tr><td>TLS Client NSS: Rely on NSS 3.14 cipher suite defaults.</td></tr></table>
+
+ </td></tr><tr><td align="left">Revision 0-1</td><td align="left">Thu Mar 7 2013</td><td align="left"><span class="author"><span class="firstname">Eric</span> <span class="surname">Christensen</span></span></td></tr><tr><td align="left" colspan="3">
+ <table border="0" summary="Simple list" class="simplelist"><tr><td>Initial publication.</td></tr></table>
+
+ </td></tr></table></div>
+
+ </div></div><ul class="docnav"><li class="previous"><a accesskey="p" href="sect-Defensive_Coding-TLS-Client-Python.html"><strong>Prev</strong>16.2.5. Implementing TLS Clients With Python</a></li><li class="up"><a accesskey="u" href="#"><strong>Up</strong></a></li><li class="home"><a accesskey="h" href="index.html"><strong>Home</strong></a></li></ul></body></html>
\ No newline at end of file
diff --git a/public_html/en-US/Fedora_Security_Team/1/html/Defensive_Coding/ch01s02s03s05.html b/public_html/en-US/Fedora_Security_Team/1/html/Defensive_Coding/ch01s02s03s05.html
index a940718..3609120 100644
--- a/public_html/en-US/Fedora_Security_Team/1/html/Defensive_Coding/ch01s02s03s05.html
+++ b/public_html/en-US/Fedora_Security_Team/1/html/Defensive_Coding/ch01s02s03s05.html
@@ -1,12 +1,12 @@
<?xml version="1.0" encoding="UTF-8" standalone="no"?>
-<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd"><html xmlns="http://www.w3.org/1999/xhtml"><head><meta http-equiv="Content-Type" content="text/html; charset=UTF-8" /><title>1.2.3.5. strlcpy and strlcat</title><link rel="stylesheet" type="text/css" href="Common_Content/css/default.css" /><link rel="stylesheet" media="print" href="Common_Content/css/print.css" type="text/css" /><meta name="generator" content="publican 2.8" /><meta name="package" content="Fedora_Security_Team-Defensive_Coding-1-en-US--" /><script type="text/javascript" src="../../../../../toc.js"></script><script type="text/javascript">
+<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd"><html xmlns="http://www.w3.org/1999/xhtml"><head><meta http-equiv="Content-Type" content="text/html; charset=UTF-8" /><title>1.2.3.5. strlcpy and strlcat</title><link rel="stylesheet" type="text/css" href="Common_Content/css/default.css" /><link rel="stylesheet" media="print" href="Common_Content/css/print.css" type="text/css" /><meta name="generator" content="publican 2.8" /><meta name="package" content="Fedora_Security_Team-Defensive_Coding-1-en-US-1-1" /><script type="text/javascript" src="../../../../../toc.js"></script><script type="text/javascript">
addID('Fedora_Security_Team');
addID('Fedora_Security_Team.1');
addID('Fedora_Security_Team.1.books');
addID('Fedora_Security_Team.1.Defensive_Coding');
- </script><link rel="home" href="index.html" title="Defensive Coding" /><link rel="up" href="sect-Defensive_Coding-C-String-Functions-Length.html" title="1.2.3. String Functions With Explicit Length Arguments" /><link rel="prev" href="sect-Defensive_Coding-C-Libc-strncat.html" title="1.2.3.4. strncat" /><link rel="next" href="ch01s02s03s06.html" title="1.2.3.6. ISO C11 Annex K *_s functions" /></head><body class="toc_embeded "><div id="tocdiv" class="toc"><iframe id="tocframe" class="toc" src="../../../../toc.html">This is an iframe, to view it upgrade your browser or enable iframe display.</iframe></div><p id="title"><a class="left" href="http://www.fedoraproject.org"><img src="Common_Content/images/image_left.png" alt="Product Site" /></a><a class="right" href="http://docs.fedoraproject.org"><img src="Common_Content/images/image_right.png" alt="Documentation Site" /></a></p><ul class="docnav"><li class="previous"><a accesskey="p" href="sect-Defensive_Coding
-C-Libc-strncat.html"><strong>Prev</strong></a></li><li class="next"><a accesskey="n" href="ch01s02s03s06.html"><strong>Next</strong></a></li></ul><div class="section" id="idm217652925952"><div class="titlepage"><div><div keep-together.within-column="always"><h4 class="title" id="idm217652925952">1.2.3.5. <code class="function">strlcpy</code> and <code class="function">strlcat</code></h4></div></div></div><div class="para">
+ </script><link rel="home" href="index.html" title="Defensive Coding" /><link rel="up" href="sect-Defensive_Coding-C-String-Functions-Length.html" title="1.2.3. String Functions With Explicit Length Arguments" /><link rel="prev" href="sect-Defensive_Coding-C-Libc-strncat.html" title="1.2.3.4. strncat" /><link rel="next" href="ch01s02s03s06.html" title="1.2.3.6. ISO C11 Annex K *_s functions" /></head><body class="toc_embeded "><div id="tocdiv" class="toc"><iframe id="tocframe" class="toc" src="../../../../toc.html">This is an iframe, to view it upgrade your browser or enable iframe display.</iframe></div><p id="title"><a class="left" href="http://www.fedoraproject.org"><img src="Common_Content/images/image_left.png" alt="Product Site" /></a><a class="right" href="http://docs.fedoraproject.org"><img src="Common_Content/images/image_right.png" alt="Documentation Site" /></a></p><ul class="docnav"><li class="previous"><a accesskey="p" href="sect-Defensive_Coding
-C-Libc-strncat.html"><strong>Prev</strong></a></li><li class="next"><a accesskey="n" href="ch01s02s03s06.html"><strong>Next</strong></a></li></ul><div class="section" id="idm225447873680"><div class="titlepage"><div><div keep-together.within-column="always"><h4 class="title" id="idm225447873680">1.2.3.5. <code class="function">strlcpy</code> and <code class="function">strlcat</code></h4></div></div></div><div class="para">
Some systems support <code class="function">strlcpy</code> and <code class="function">strlcat</code> functions which behave this way, but these functions are not part of GNU libc. <code class="function">strlcpy</code> is often replaced with <code class="function">snprintf</code> with a <code class="literal">"%s"</code> format string. See <a class="xref" href="sect-Defensive_Coding-C-Libc-strncpy.html">Section 1.2.3.3, “<code class="function">strncpy</code>”</a> for a caveat related to the <code class="function">snprintf</code> return value.
</div><div class="para">
To emulate <code class="function">strlcat</code>, use the approach described in <a class="xref" href="sect-Defensive_Coding-C-Libc-strncat.html">Section 1.2.3.4, “<code class="function">strncat</code>”</a>.
diff --git a/public_html/en-US/Fedora_Security_Team/1/html/Defensive_Coding/ch01s02s03s06.html b/public_html/en-US/Fedora_Security_Team/1/html/Defensive_Coding/ch01s02s03s06.html
index bb182b0..e64e0f3 100644
--- a/public_html/en-US/Fedora_Security_Team/1/html/Defensive_Coding/ch01s02s03s06.html
+++ b/public_html/en-US/Fedora_Security_Team/1/html/Defensive_Coding/ch01s02s03s06.html
@@ -1,11 +1,11 @@
<?xml version="1.0" encoding="UTF-8" standalone="no"?>
-<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd"><html xmlns="http://www.w3.org/1999/xhtml"><head><meta http-equiv="Content-Type" content="text/html; charset=UTF-8" /><title>1.2.3.6. ISO C11 Annex K *_s functions</title><link rel="stylesheet" type="text/css" href="Common_Content/css/default.css" /><link rel="stylesheet" media="print" href="Common_Content/css/print.css" type="text/css" /><meta name="generator" content="publican 2.8" /><meta name="package" content="Fedora_Security_Team-Defensive_Coding-1-en-US--" /><script type="text/javascript" src="../../../../../toc.js"></script><script type="text/javascript">
+<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd"><html xmlns="http://www.w3.org/1999/xhtml"><head><meta http-equiv="Content-Type" content="text/html; charset=UTF-8" /><title>1.2.3.6. ISO C11 Annex K *_s functions</title><link rel="stylesheet" type="text/css" href="Common_Content/css/default.css" /><link rel="stylesheet" media="print" href="Common_Content/css/print.css" type="text/css" /><meta name="generator" content="publican 2.8" /><meta name="package" content="Fedora_Security_Team-Defensive_Coding-1-en-US-1-1" /><script type="text/javascript" src="../../../../../toc.js"></script><script type="text/javascript">
addID('Fedora_Security_Team');
addID('Fedora_Security_Team.1');
addID('Fedora_Security_Team.1.books');
addID('Fedora_Security_Team.1.Defensive_Coding');
- </script><link rel="home" href="index.html" title="Defensive Coding" /><link rel="up" href="sect-Defensive_Coding-C-String-Functions-Length.html" title="1.2.3. String Functions With Explicit Length Arguments" /><link rel="prev" href="ch01s02s03s05.html" title="1.2.3.5. strlcpy and strlcat" /><link rel="next" href="ch01s02s03s07.html" title="1.2.3.7. Other strn* and stpn* functions" /></head><body class="toc_embeded "><div id="tocdiv" class="toc"><iframe id="tocframe" class="toc" src="../../../../toc.html">This is an iframe, to view it upgrade your browser or enable iframe display.</iframe></div><p id="title"><a class="left" href="http://www.fedoraproject.org"><img src="Common_Content/images/image_left.png" alt="Product Site" /></a><a class="right" href="http://docs.fedoraproject.org"><img src="Common_Content/images/image_right.png" alt="Documentation Site" /></a></p><ul class="docnav"><li class="previous"><a accesskey="p" href="ch01s02s03s05.html"><strong>Pr
ev</strong></a></li><li class="next"><a accesskey="n" href="ch01s02s03s07.html"><strong>Next</strong></a></li></ul><div class="section" id="idm217610453824"><div class="titlepage"><div><div keep-together.within-column="always"><h4 class="title" id="idm217610453824">1.2.3.6. ISO C11 Annex K *<code class="function">_s</code> functions</h4></div></div></div><div class="para">
+ </script><link rel="home" href="index.html" title="Defensive Coding" /><link rel="up" href="sect-Defensive_Coding-C-String-Functions-Length.html" title="1.2.3. String Functions With Explicit Length Arguments" /><link rel="prev" href="ch01s02s03s05.html" title="1.2.3.5. strlcpy and strlcat" /><link rel="next" href="ch01s02s03s07.html" title="1.2.3.7. Other strn* and stpn* functions" /></head><body class="toc_embeded "><div id="tocdiv" class="toc"><iframe id="tocframe" class="toc" src="../../../../toc.html">This is an iframe, to view it upgrade your browser or enable iframe display.</iframe></div><p id="title"><a class="left" href="http://www.fedoraproject.org"><img src="Common_Content/images/image_left.png" alt="Product Site" /></a><a class="right" href="http://docs.fedoraproject.org"><img src="Common_Content/images/image_right.png" alt="Documentation Site" /></a></p><ul class="docnav"><li class="previous"><a accesskey="p" href="ch01s02s03s05.html"><strong>Pr
ev</strong></a></li><li class="next"><a accesskey="n" href="ch01s02s03s07.html"><strong>Next</strong></a></li></ul><div class="section" id="idm225470258240"><div class="titlepage"><div><div keep-together.within-column="always"><h4 class="title" id="idm225470258240">1.2.3.6. ISO C11 Annex K *<code class="function">_s</code> functions</h4></div></div></div><div class="para">
ISO C11 adds another set of length-checking functions, but GNU libc currently does not implement them.
</div></div><ul class="docnav"><li class="previous"><a accesskey="p" href="ch01s02s03s05.html"><strong>Prev</strong>1.2.3.5. strlcpy and strlcat</a></li><li class="up"><a accesskey="u" href="#"><strong>Up</strong></a></li><li class="home"><a accesskey="h" href="index.html"><strong>Home</strong></a></li><li class="next"><a accesskey="n" href="ch01s02s03s07.html"><strong>Next</strong>1.2.3.7. Other strn* and stpn* functions</a></li></ul></body></html>
\ No newline at end of file
diff --git a/public_html/en-US/Fedora_Security_Team/1/html/Defensive_Coding/ch01s02s03s07.html b/public_html/en-US/Fedora_Security_Team/1/html/Defensive_Coding/ch01s02s03s07.html
index c58c0d9..eda5d10 100644
--- a/public_html/en-US/Fedora_Security_Team/1/html/Defensive_Coding/ch01s02s03s07.html
+++ b/public_html/en-US/Fedora_Security_Team/1/html/Defensive_Coding/ch01s02s03s07.html
@@ -1,11 +1,11 @@
<?xml version="1.0" encoding="UTF-8" standalone="no"?>
-<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd"><html xmlns="http://www.w3.org/1999/xhtml"><head><meta http-equiv="Content-Type" content="text/html; charset=UTF-8" /><title>1.2.3.7. Other strn* and stpn* functions</title><link rel="stylesheet" type="text/css" href="Common_Content/css/default.css" /><link rel="stylesheet" media="print" href="Common_Content/css/print.css" type="text/css" /><meta name="generator" content="publican 2.8" /><meta name="package" content="Fedora_Security_Team-Defensive_Coding-1-en-US--" /><script type="text/javascript" src="../../../../../toc.js"></script><script type="text/javascript">
+<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd"><html xmlns="http://www.w3.org/1999/xhtml"><head><meta http-equiv="Content-Type" content="text/html; charset=UTF-8" /><title>1.2.3.7. Other strn* and stpn* functions</title><link rel="stylesheet" type="text/css" href="Common_Content/css/default.css" /><link rel="stylesheet" media="print" href="Common_Content/css/print.css" type="text/css" /><meta name="generator" content="publican 2.8" /><meta name="package" content="Fedora_Security_Team-Defensive_Coding-1-en-US-1-1" /><script type="text/javascript" src="../../../../../toc.js"></script><script type="text/javascript">
addID('Fedora_Security_Team');
addID('Fedora_Security_Team.1');
addID('Fedora_Security_Team.1.books');
addID('Fedora_Security_Team.1.Defensive_Coding');
- </script><link rel="home" href="index.html" title="Defensive Coding" /><link rel="up" href="sect-Defensive_Coding-C-String-Functions-Length.html" title="1.2.3. String Functions With Explicit Length Arguments" /><link rel="prev" href="ch01s02s03s06.html" title="1.2.3.6. ISO C11 Annex K *_s functions" /><link rel="next" href="sect-Defensive_Coding-C-Allocators.html" title="1.3. Memory allocators" /></head><body class="toc_embeded "><div id="tocdiv" class="toc"><iframe id="tocframe" class="toc" src="../../../../toc.html">This is an iframe, to view it upgrade your browser or enable iframe display.</iframe></div><p id="title"><a class="left" href="http://www.fedoraproject.org"><img src="Common_Content/images/image_left.png" alt="Product Site" /></a><a class="right" href="http://docs.fedoraproject.org"><img src="Common_Content/images/image_right.png" alt="Documentation Site" /></a></p><ul class="docnav"><li class="previous"><a accesskey="p" href="ch01s02s03s06.htm
l"><strong>Prev</strong></a></li><li class="next"><a accesskey="n" href="sect-Defensive_Coding-C-Allocators.html"><strong>Next</strong></a></li></ul><div class="section" id="idm217650196384"><div class="titlepage"><div><div keep-together.within-column="always"><h4 class="title" id="idm217650196384">1.2.3.7. Other <code class="function">strn</code>* and <code class="function">stpn</code>* functions</h4></div></div></div><div class="para">
+ </script><link rel="home" href="index.html" title="Defensive Coding" /><link rel="up" href="sect-Defensive_Coding-C-String-Functions-Length.html" title="1.2.3. String Functions With Explicit Length Arguments" /><link rel="prev" href="ch01s02s03s06.html" title="1.2.3.6. ISO C11 Annex K *_s functions" /><link rel="next" href="sect-Defensive_Coding-C-Allocators.html" title="1.3. Memory allocators" /></head><body class="toc_embeded "><div id="tocdiv" class="toc"><iframe id="tocframe" class="toc" src="../../../../toc.html">This is an iframe, to view it upgrade your browser or enable iframe display.</iframe></div><p id="title"><a class="left" href="http://www.fedoraproject.org"><img src="Common_Content/images/image_left.png" alt="Product Site" /></a><a class="right" href="http://docs.fedoraproject.org"><img src="Common_Content/images/image_right.png" alt="Documentation Site" /></a></p><ul class="docnav"><li class="previous"><a accesskey="p" href="ch01s02s03s06.htm
l"><strong>Prev</strong></a></li><li class="next"><a accesskey="n" href="sect-Defensive_Coding-C-Allocators.html"><strong>Next</strong></a></li></ul><div class="section" id="idm225487029024"><div class="titlepage"><div><div keep-together.within-column="always"><h4 class="title" id="idm225487029024">1.2.3.7. Other <code class="function">strn</code>* and <code class="function">stpn</code>* functions</h4></div></div></div><div class="para">
GNU libc contains additional functions with different variants of length checking. Consult the documentation before using them to find out what the length actually means.
</div></div><ul class="docnav"><li class="previous"><a accesskey="p" href="ch01s02s03s06.html"><strong>Prev</strong>1.2.3.6. ISO C11 Annex K *_s functions</a></li><li class="up"><a accesskey="u" href="#"><strong>Up</strong></a></li><li class="home"><a accesskey="h" href="index.html"><strong>Home</strong></a></li><li class="next"><a accesskey="n" href="sect-Defensive_Coding-C-Allocators.html"><strong>Next</strong>1.3. Memory allocators</a></li></ul></body></html>
\ No newline at end of file
diff --git a/public_html/en-US/Fedora_Security_Team/1/html/Defensive_Coding/ch01s03s05.html b/public_html/en-US/Fedora_Security_Team/1/html/Defensive_Coding/ch01s03s05.html
index 7a21403..57a1f70 100644
--- a/public_html/en-US/Fedora_Security_Team/1/html/Defensive_Coding/ch01s03s05.html
+++ b/public_html/en-US/Fedora_Security_Team/1/html/Defensive_Coding/ch01s03s05.html
@@ -1,13 +1,13 @@
<?xml version="1.0" encoding="UTF-8" standalone="no"?>
-<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd"><html xmlns="http://www.w3.org/1999/xhtml"><head><meta http-equiv="Content-Type" content="text/html; charset=UTF-8" /><title>1.3.5. Conservative garbage collection</title><link rel="stylesheet" type="text/css" href="Common_Content/css/default.css" /><link rel="stylesheet" media="print" href="Common_Content/css/print.css" type="text/css" /><meta name="generator" content="publican 2.8" /><meta name="package" content="Fedora_Security_Team-Defensive_Coding-1-en-US--" /><script type="text/javascript" src="../../../../../toc.js"></script><script type="text/javascript">
+<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd"><html xmlns="http://www.w3.org/1999/xhtml"><head><meta http-equiv="Content-Type" content="text/html; charset=UTF-8" /><title>1.3.5. Conservative garbage collection</title><link rel="stylesheet" type="text/css" href="Common_Content/css/default.css" /><link rel="stylesheet" media="print" href="Common_Content/css/print.css" type="text/css" /><meta name="generator" content="publican 2.8" /><meta name="package" content="Fedora_Security_Team-Defensive_Coding-1-en-US-1-1" /><script type="text/javascript" src="../../../../../toc.js"></script><script type="text/javascript">
addID('Fedora_Security_Team');
addID('Fedora_Security_Team.1');
addID('Fedora_Security_Team.1.books');
addID('Fedora_Security_Team.1.Defensive_Coding');
- </script><link rel="home" href="index.html" title="Defensive Coding" /><link rel="up" href="sect-Defensive_Coding-C-Allocators.html" title="1.3. Memory allocators" /><link rel="prev" href="ch01s03s04.html" title="1.3.4. Custom memory allocators" /><link rel="next" href="sect-Defensive_Coding-C-Other.html" title="1.4. Other C-related topics" /></head><body class="toc_embeded "><div id="tocdiv" class="toc"><iframe id="tocframe" class="toc" src="../../../../toc.html">This is an iframe, to view it upgrade your browser or enable iframe display.</iframe></div><p id="title"><a class="left" href="http://www.fedoraproject.org"><img src="Common_Content/images/image_left.png" alt="Product Site" /></a><a class="right" href="http://docs.fedoraproject.org"><img src="Common_Content/images/image_right.png" alt="Documentation Site" /></a></p><ul class="docnav"><li class="previous"><a accesskey="p" href="ch01s03s04.html"><strong>Prev</strong></a></li><li class="next"><a acces
skey="n" href="sect-Defensive_Coding-C-Other.html"><strong>Next</strong></a></li></ul><div class="section" id="idm217619127040"><div class="titlepage"><div><div keep-together.within-column="always"><h3 class="title" id="idm217619127040">1.3.5. Conservative garbage collection</h3></div></div></div><div class="para">
+ </script><link rel="home" href="index.html" title="Defensive Coding" /><link rel="up" href="sect-Defensive_Coding-C-Allocators.html" title="1.3. Memory allocators" /><link rel="prev" href="sect-Defensive_Coding-C-Allocators-Custom.html" title="1.3.4. Custom memory allocators" /><link rel="next" href="sect-Defensive_Coding-C-Other.html" title="1.4. Other C-related topics" /></head><body class="toc_embeded "><div id="tocdiv" class="toc"><iframe id="tocframe" class="toc" src="../../../../toc.html">This is an iframe, to view it upgrade your browser or enable iframe display.</iframe></div><p id="title"><a class="left" href="http://www.fedoraproject.org"><img src="Common_Content/images/image_left.png" alt="Product Site" /></a><a class="right" href="http://docs.fedoraproject.org"><img src="Common_Content/images/image_right.png" alt="Documentation Site" /></a></p><ul class="docnav"><li class="previous"><a accesskey="p" href="sect-Defensive_Coding-C-Allocators-Custom
.html"><strong>Prev</strong></a></li><li class="next"><a accesskey="n" href="sect-Defensive_Coding-C-Other.html"><strong>Next</strong></a></li></ul><div class="section" id="idm225451423808"><div class="titlepage"><div><div keep-together.within-column="always"><h3 class="title" id="idm225451423808">1.3.5. Conservative garbage collection</h3></div></div></div><div class="para">
Garbage collection can be an alternative to explicit memory management using <code class="function">malloc</code> and <code class="function">free</code>. The Boehm-Dehmers-Weiser allocator can be used from C programs, with minimal type annotations. Performance is competitive with <code class="function">malloc</code> on 64-bit architectures, especially for multi-threaded programs. The stop-the-world pauses may be problematic for some real-time applications, though.
</div><div class="para">
However, using a conservative garbage collector may reduce opertunities for code reduce because once one library in a program uses garbage collection, the whole process memory needs to be subject to it, so that no pointers are missed. The Boehm-Dehmers-Weiser collector also reserves certain signals for internal use, so it is not fully transparent to the rest of the program.
- </div></div><ul class="docnav"><li class="previous"><a accesskey="p" href="ch01s03s04.html"><strong>Prev</strong>1.3.4. Custom memory allocators</a></li><li class="up"><a accesskey="u" href="#"><strong>Up</strong></a></li><li class="home"><a accesskey="h" href="index.html"><strong>Home</strong></a></li><li class="next"><a accesskey="n" href="sect-Defensive_Coding-C-Other.html"><strong>Next</strong>1.4. Other C-related topics</a></li></ul></body></html>
\ No newline at end of file
+ </div></div><ul class="docnav"><li class="previous"><a accesskey="p" href="sect-Defensive_Coding-C-Allocators-Custom.html"><strong>Prev</strong>1.3.4. Custom memory allocators</a></li><li class="up"><a accesskey="u" href="#"><strong>Up</strong></a></li><li class="home"><a accesskey="h" href="index.html"><strong>Home</strong></a></li><li class="next"><a accesskey="n" href="sect-Defensive_Coding-C-Other.html"><strong>Next</strong>1.4. Other C-related topics</a></li></ul></body></html>
\ No newline at end of file
diff --git a/public_html/en-US/Fedora_Security_Team/1/html/Defensive_Coding/ch04s02.html b/public_html/en-US/Fedora_Security_Team/1/html/Defensive_Coding/ch04s02.html
index dd3bb75..76b0e79 100644
--- a/public_html/en-US/Fedora_Security_Team/1/html/Defensive_Coding/ch04s02.html
+++ b/public_html/en-US/Fedora_Security_Team/1/html/Defensive_Coding/ch04s02.html
@@ -1,12 +1,12 @@
<?xml version="1.0" encoding="UTF-8" standalone="no"?>
-<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd"><html xmlns="http://www.w3.org/1999/xhtml"><head><meta http-equiv="Content-Type" content="text/html; charset=UTF-8" /><title>4.2. Run-time compilation and code generation</title><link rel="stylesheet" type="text/css" href="Common_Content/css/default.css" /><link rel="stylesheet" media="print" href="Common_Content/css/print.css" type="text/css" /><meta name="generator" content="publican 2.8" /><meta name="package" content="Fedora_Security_Team-Defensive_Coding-1-en-US--" /><script type="text/javascript" src="../../../../../toc.js"></script><script type="text/javascript">
+<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd"><html xmlns="http://www.w3.org/1999/xhtml"><head><meta http-equiv="Content-Type" content="text/html; charset=UTF-8" /><title>4.2. Run-time compilation and code generation</title><link rel="stylesheet" type="text/css" href="Common_Content/css/default.css" /><link rel="stylesheet" media="print" href="Common_Content/css/print.css" type="text/css" /><meta name="generator" content="publican 2.8" /><meta name="package" content="Fedora_Security_Team-Defensive_Coding-1-en-US-1-1" /><script type="text/javascript" src="../../../../../toc.js"></script><script type="text/javascript">
addID('Fedora_Security_Team');
addID('Fedora_Security_Team.1');
addID('Fedora_Security_Team.1.books');
addID('Fedora_Security_Team.1.Defensive_Coding');
- </script><link rel="home" href="index.html" title="Defensive Coding" /><link rel="up" href="chap-Defensive_Coding-Python.html" title="Chapter 4. The Python Programming Language" /><link rel="prev" href="chap-Defensive_Coding-Python.html" title="Chapter 4. The Python Programming Language" /><link rel="next" href="ch04s03.html" title="4.3. Sandboxing" /></head><body class="toc_embeded "><div id="tocdiv" class="toc"><iframe id="tocframe" class="toc" src="../../../../toc.html">This is an iframe, to view it upgrade your browser or enable iframe display.</iframe></div><p id="title"><a class="left" href="http://www.fedoraproject.org"><img src="Common_Content/images/image_left.png" alt="Product Site" /></a><a class="right" href="http://docs.fedoraproject.org"><img src="Common_Content/images/image_right.png" alt="Documentation Site" /></a></p><ul class="docnav"><li class="previous"><a accesskey="p" href="chap-Defensive_Coding-Python.html"><strong>Prev</strong></a><
/li><li class="next"><a accesskey="n" href="ch04s03.html"><strong>Next</strong></a></li></ul><div class="section" id="idm217617439792"><div class="titlepage"><div><div keep-together.within-column="always"><h2 class="title" id="idm217617439792">4.2. Run-time compilation and code generation</h2></div></div></div><div class="para">
+ </script><link rel="home" href="index.html" title="Defensive Coding" /><link rel="up" href="chap-Defensive_Coding-Python.html" title="Chapter 4. The Python Programming Language" /><link rel="prev" href="chap-Defensive_Coding-Python.html" title="Chapter 4. The Python Programming Language" /><link rel="next" href="ch04s03.html" title="4.3. Sandboxing" /></head><body class="toc_embeded "><div id="tocdiv" class="toc"><iframe id="tocframe" class="toc" src="../../../../toc.html">This is an iframe, to view it upgrade your browser or enable iframe display.</iframe></div><p id="title"><a class="left" href="http://www.fedoraproject.org"><img src="Common_Content/images/image_left.png" alt="Product Site" /></a><a class="right" href="http://docs.fedoraproject.org"><img src="Common_Content/images/image_right.png" alt="Documentation Site" /></a></p><ul class="docnav"><li class="previous"><a accesskey="p" href="chap-Defensive_Coding-Python.html"><strong>Prev</strong></a><
/li><li class="next"><a accesskey="n" href="ch04s03.html"><strong>Next</strong></a></li></ul><div class="section" id="idm225449752960"><div class="titlepage"><div><div keep-together.within-column="always"><h2 class="title" id="idm225449752960">4.2. Run-time compilation and code generation</h2></div></div></div><div class="para">
The following Python functions and statements related to code execution should be avoided:
</div><div class="itemizedlist"><ul><li class="listitem"><div class="para">
<code class="function">compile</code>
diff --git a/public_html/en-US/Fedora_Security_Team/1/html/Defensive_Coding/ch04s03.html b/public_html/en-US/Fedora_Security_Team/1/html/Defensive_Coding/ch04s03.html
index cb80e20..1e40867 100644
--- a/public_html/en-US/Fedora_Security_Team/1/html/Defensive_Coding/ch04s03.html
+++ b/public_html/en-US/Fedora_Security_Team/1/html/Defensive_Coding/ch04s03.html
@@ -1,11 +1,11 @@
<?xml version="1.0" encoding="UTF-8" standalone="no"?>
-<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd"><html xmlns="http://www.w3.org/1999/xhtml"><head><meta http-equiv="Content-Type" content="text/html; charset=UTF-8" /><title>4.3. Sandboxing</title><link rel="stylesheet" type="text/css" href="Common_Content/css/default.css" /><link rel="stylesheet" media="print" href="Common_Content/css/print.css" type="text/css" /><meta name="generator" content="publican 2.8" /><meta name="package" content="Fedora_Security_Team-Defensive_Coding-1-en-US--" /><script type="text/javascript" src="../../../../../toc.js"></script><script type="text/javascript">
+<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd"><html xmlns="http://www.w3.org/1999/xhtml"><head><meta http-equiv="Content-Type" content="text/html; charset=UTF-8" /><title>4.3. Sandboxing</title><link rel="stylesheet" type="text/css" href="Common_Content/css/default.css" /><link rel="stylesheet" media="print" href="Common_Content/css/print.css" type="text/css" /><meta name="generator" content="publican 2.8" /><meta name="package" content="Fedora_Security_Team-Defensive_Coding-1-en-US-1-1" /><script type="text/javascript" src="../../../../../toc.js"></script><script type="text/javascript">
addID('Fedora_Security_Team');
addID('Fedora_Security_Team.1');
addID('Fedora_Security_Team.1.books');
addID('Fedora_Security_Team.1.Defensive_Coding');
- </script><link rel="home" href="index.html" title="Defensive Coding" /><link rel="up" href="chap-Defensive_Coding-Python.html" title="Chapter 4. The Python Programming Language" /><link rel="prev" href="ch04s02.html" title="4.2. Run-time compilation and code generation" /><link rel="next" href="pt02.html" title="Part II. Specific Programming Tasks" /></head><body class="toc_embeded "><div id="tocdiv" class="toc"><iframe id="tocframe" class="toc" src="../../../../toc.html">This is an iframe, to view it upgrade your browser or enable iframe display.</iframe></div><p id="title"><a class="left" href="http://www.fedoraproject.org"><img src="Common_Content/images/image_left.png" alt="Product Site" /></a><a class="right" href="http://docs.fedoraproject.org"><img src="Common_Content/images/image_right.png" alt="Documentation Site" /></a></p><ul class="docnav"><li class="previous"><a accesskey="p" href="ch04s02.html"><strong>Prev</strong></a></li><li class="next"><
a accesskey="n" href="pt02.html"><strong>Next</strong></a></li></ul><div class="section" id="idm217620859936"><div class="titlepage"><div><div keep-together.within-column="always"><h2 class="title" id="idm217620859936">4.3. Sandboxing</h2></div></div></div><div class="para">
+ </script><link rel="home" href="index.html" title="Defensive Coding" /><link rel="up" href="chap-Defensive_Coding-Python.html" title="Chapter 4. The Python Programming Language" /><link rel="prev" href="ch04s02.html" title="4.2. Run-time compilation and code generation" /><link rel="next" href="chap-Defensive_Coding-Go.html" title="Chapter 5. The Go Programming Language" /></head><body class="toc_embeded "><div id="tocdiv" class="toc"><iframe id="tocframe" class="toc" src="../../../../toc.html">This is an iframe, to view it upgrade your browser or enable iframe display.</iframe></div><p id="title"><a class="left" href="http://www.fedoraproject.org"><img src="Common_Content/images/image_left.png" alt="Product Site" /></a><a class="right" href="http://docs.fedoraproject.org"><img src="Common_Content/images/image_right.png" alt="Documentation Site" /></a></p><ul class="docnav"><li class="previous"><a accesskey="p" href="ch04s02.html"><strong>Prev</strong></a>
</li><li class="next"><a accesskey="n" href="chap-Defensive_Coding-Go.html"><strong>Next</strong></a></li></ul><div class="section" id="idm225460781632"><div class="titlepage"><div><div keep-together.within-column="always"><h2 class="title" id="idm225460781632">4.3. Sandboxing</h2></div></div></div><div class="para">
The <code class="literal">rexec</code> Python module cannot safely sandbox untrusted code and should not be used. The standard CPython implementation is not suitable for sandboxing.
- </div></div><ul class="docnav"><li class="previous"><a accesskey="p" href="ch04s02.html"><strong>Prev</strong>4.2. Run-time compilation and code generation</a></li><li class="up"><a accesskey="u" href="#"><strong>Up</strong></a></li><li class="home"><a accesskey="h" href="index.html"><strong>Home</strong></a></li><li class="next"><a accesskey="n" href="pt02.html"><strong>Next</strong>Part II. Specific Programming Tasks</a></li></ul></body></html>
\ No newline at end of file
+ </div></div><ul class="docnav"><li class="previous"><a accesskey="p" href="ch04s02.html"><strong>Prev</strong>4.2. Run-time compilation and code generation</a></li><li class="up"><a accesskey="u" href="#"><strong>Up</strong></a></li><li class="home"><a accesskey="h" href="index.html"><strong>Home</strong></a></li><li class="next"><a accesskey="n" href="chap-Defensive_Coding-Go.html"><strong>Next</strong>Chapter 5. The Go Programming Language</a></li></ul></body></html>
\ No newline at end of file
diff --git a/public_html/en-US/Fedora_Security_Team/1/html/Defensive_Coding/ch07s02.html b/public_html/en-US/Fedora_Security_Team/1/html/Defensive_Coding/ch07s02.html
new file mode 100644
index 0000000..02c26bd
--- /dev/null
+++ b/public_html/en-US/Fedora_Security_Team/1/html/Defensive_Coding/ch07s02.html
@@ -0,0 +1,13 @@
+<?xml version="1.0" encoding="UTF-8" standalone="no"?>
+<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd"><html xmlns="http://www.w3.org/1999/xhtml"><head><meta http-equiv="Content-Type" content="text/html; charset=UTF-8" /><title>7.2. Object orientation</title><link rel="stylesheet" type="text/css" href="Common_Content/css/default.css" /><link rel="stylesheet" media="print" href="Common_Content/css/print.css" type="text/css" /><meta name="generator" content="publican 2.8" /><meta name="package" content="Fedora_Security_Team-Defensive_Coding-1-en-US-1-1" /><script type="text/javascript" src="../../../../../toc.js"></script><script type="text/javascript">
+ addID('Fedora_Security_Team');
+
+ addID('Fedora_Security_Team.1');
+
+ addID('Fedora_Security_Team.1.books');
+ addID('Fedora_Security_Team.1.Defensive_Coding');
+ </script><link rel="home" href="index.html" title="Defensive Coding" /><link rel="up" href="chap-Defensive_Coding-Tasks-Library_Design.html" title="Chapter 7. Library Design" /><link rel="prev" href="chap-Defensive_Coding-Tasks-Library_Design.html" title="Chapter 7. Library Design" /><link rel="next" href="sect-Defensive_Coding-Tasks-Library_Design-Callbacks.html" title="7.3. Callbacks" /></head><body class="toc_embeded "><div id="tocdiv" class="toc"><iframe id="tocframe" class="toc" src="../../../../toc.html">This is an iframe, to view it upgrade your browser or enable iframe display.</iframe></div><p id="title"><a class="left" href="http://www.fedoraproject.org"><img src="Common_Content/images/image_left.png" alt="Product Site" /></a><a class="right" href="http://docs.fedoraproject.org"><img src="Common_Content/images/image_right.png" alt="Documentation Site" /></a></p><ul class="docnav"><li class="previous"><a accesskey="p" href="chap-Defensive_Coding-T
asks-Library_Design.html"><strong>Prev</strong></a></li><li class="next"><a accesskey="n" href="sect-Defensive_Coding-Tasks-Library_Design-Callbacks.html"><strong>Next</strong></a></li></ul><div class="section" id="idm225469934496"><div class="titlepage"><div><div keep-together.within-column="always"><h2 class="title" id="idm225469934496">7.2. Object orientation</h2></div></div></div><div class="para">
+ Classes should be either designed as base classes, or it should be impossible to use them as base classes (like <code class="literal">final</code> classes in Java). Classes which are not designed for inheritance and are used as base classes nevertheless create potential maintenance hazards because it is difficult to predict how client code will react when calls to virtual methods are added, reordered or removed.
+ </div><div class="para">
+ Virtual member functions can be used as callbacks. See <a class="xref" href="sect-Defensive_Coding-Tasks-Library_Design-Callbacks.html">Section 7.3, “Callbacks”</a> for some of the challenges involved.
+ </div></div><ul class="docnav"><li class="previous"><a accesskey="p" href="chap-Defensive_Coding-Tasks-Library_Design.html"><strong>Prev</strong>Chapter 7. Library Design</a></li><li class="up"><a accesskey="u" href="#"><strong>Up</strong></a></li><li class="home"><a accesskey="h" href="index.html"><strong>Home</strong></a></li><li class="next"><a accesskey="n" href="sect-Defensive_Coding-Tasks-Library_Design-Callbacks.html"><strong>Next</strong>7.3. Callbacks</a></li></ul></body></html>
\ No newline at end of file
diff --git a/public_html/en-US/Fedora_Security_Team/1/html/Defensive_Coding/ch07s04.html b/public_html/en-US/Fedora_Security_Team/1/html/Defensive_Coding/ch07s04.html
new file mode 100644
index 0000000..5e0e4dc
--- /dev/null
+++ b/public_html/en-US/Fedora_Security_Team/1/html/Defensive_Coding/ch07s04.html
@@ -0,0 +1,27 @@
+<?xml version="1.0" encoding="UTF-8" standalone="no"?>
+<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd"><html xmlns="http://www.w3.org/1999/xhtml"><head><meta http-equiv="Content-Type" content="text/html; charset=UTF-8" /><title>7.4. Process attributes</title><link rel="stylesheet" type="text/css" href="Common_Content/css/default.css" /><link rel="stylesheet" media="print" href="Common_Content/css/print.css" type="text/css" /><meta name="generator" content="publican 2.8" /><meta name="package" content="Fedora_Security_Team-Defensive_Coding-1-en-US-1-1" /><script type="text/javascript" src="../../../../../toc.js"></script><script type="text/javascript">
+ addID('Fedora_Security_Team');
+
+ addID('Fedora_Security_Team.1');
+
+ addID('Fedora_Security_Team.1.books');
+ addID('Fedora_Security_Team.1.Defensive_Coding');
+ </script><link rel="home" href="index.html" title="Defensive Coding" /><link rel="up" href="chap-Defensive_Coding-Tasks-Library_Design.html" title="Chapter 7. Library Design" /><link rel="prev" href="sect-Defensive_Coding-Tasks-Library_Design-Callbacks.html" title="7.3. Callbacks" /><link rel="next" href="sect-Defensive_Coding-Tasks-Descriptors.html" title="Chapter 8. File Descriptor Management" /></head><body class="toc_embeded "><div id="tocdiv" class="toc"><iframe id="tocframe" class="toc" src="../../../../toc.html">This is an iframe, to view it upgrade your browser or enable iframe display.</iframe></div><p id="title"><a class="left" href="http://www.fedoraproject.org"><img src="Common_Content/images/image_left.png" alt="Product Site" /></a><a class="right" href="http://docs.fedoraproject.org"><img src="Common_Content/images/image_right.png" alt="Documentation Site" /></a></p><ul class="docnav"><li class="previous"><a accesskey="p" href="sect-Defensive
_Coding-Tasks-Library_Design-Callbacks.html"><strong>Prev</strong></a></li><li class="next"><a accesskey="n" href="sect-Defensive_Coding-Tasks-Descriptors.html"><strong>Next</strong></a></li></ul><div class="section" id="idm225463494608"><div class="titlepage"><div><div keep-together.within-column="always"><h2 class="title" id="idm225463494608">7.4. Process attributes</h2></div></div></div><div class="para">
+ Several attributes are global and affect all code in the process, not just the library that manipulates them.
+ </div><div class="itemizedlist"><ul><li class="listitem"><div class="para">
+ environment variables (see <a class="xref" href="ch11s03.html#sect-Defensive_Coding-Tasks-secure_getenv">Section 11.3.1, “Accessing environment variables”</a>)
+ </div></li><li class="listitem"><div class="para">
+ umask
+ </div></li><li class="listitem"><div class="para">
+ user IDs, group IDs and capabilities
+ </div></li><li class="listitem"><div class="para">
+ current working directory
+ </div></li><li class="listitem"><div class="para">
+ signal handlers, signal masks and signal delivery
+ </div></li><li class="listitem"><div class="para">
+ file locks (especially <code class="function">fcntl</code> locks behave in surprising ways, not just in a multi-threaded environment)
+ </div></li></ul></div><div class="para">
+ Library code should avoid manipulating these global process attributes. It should not rely on environment variables, umask, the current working directory and signal masks because these attributes can be inherted from an untrusted source.
+ </div><div class="para">
+ In addition, there are obvious process-wide aspects such as the virtual memory layout, the set of open files and dynamic shared objects, but with the exception of shared objects, these can be manipulated in a relatively isolated way.
+ </div></div><ul class="docnav"><li class="previous"><a accesskey="p" href="sect-Defensive_Coding-Tasks-Library_Design-Callbacks.html"><strong>Prev</strong>7.3. Callbacks</a></li><li class="up"><a accesskey="u" href="#"><strong>Up</strong></a></li><li class="home"><a accesskey="h" href="index.html"><strong>Home</strong></a></li><li class="next"><a accesskey="n" href="sect-Defensive_Coding-Tasks-Descriptors.html"><strong>Next</strong>Chapter 8. File Descriptor Management</a></li></ul></body></html>
\ No newline at end of file
diff --git a/public_html/en-US/Fedora_Security_Team/1/html/Defensive_Coding/ch10s02.html b/public_html/en-US/Fedora_Security_Team/1/html/Defensive_Coding/ch10s02.html
index ed077dc..b905b3d 100644
--- a/public_html/en-US/Fedora_Security_Team/1/html/Defensive_Coding/ch10s02.html
+++ b/public_html/en-US/Fedora_Security_Team/1/html/Defensive_Coding/ch10s02.html
@@ -1,11 +1,17 @@
<?xml version="1.0" encoding="UTF-8" standalone="no"?>
-<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd"><html xmlns="http://www.w3.org/1999/xhtml"><head><meta http-equiv="Content-Type" content="text/html; charset=UTF-8" /><title>10.2. Protocol design</title><link rel="stylesheet" type="text/css" href="Common_Content/css/default.css" /><link rel="stylesheet" media="print" href="Common_Content/css/print.css" type="text/css" /><meta name="generator" content="publican 2.8" /><meta name="package" content="Fedora_Security_Team-Defensive_Coding-1-en-US--" /><script type="text/javascript" src="../../../../../toc.js"></script><script type="text/javascript">
+<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd"><html xmlns="http://www.w3.org/1999/xhtml"><head><meta http-equiv="Content-Type" content="text/html; charset=UTF-8" /><title>10.2. Named temporary files</title><link rel="stylesheet" type="text/css" href="Common_Content/css/default.css" /><link rel="stylesheet" media="print" href="Common_Content/css/print.css" type="text/css" /><meta name="generator" content="publican 2.8" /><meta name="package" content="Fedora_Security_Team-Defensive_Coding-1-en-US-1-1" /><script type="text/javascript" src="../../../../../toc.js"></script><script type="text/javascript">
addID('Fedora_Security_Team');
addID('Fedora_Security_Team.1');
addID('Fedora_Security_Team.1.books');
addID('Fedora_Security_Team.1.Defensive_Coding');
- </script><link rel="home" href="index.html" title="Defensive Coding" /><link rel="up" href="chap-Defensive_Coding-Tasks-Serialization.html" title="Chapter 10. Serialization and Deserialization" /><link rel="prev" href="chap-Defensive_Coding-Tasks-Serialization.html" title="Chapter 10. Serialization and Deserialization" /><link rel="next" href="ch10s03.html" title="10.3. Library support for deserialization" /></head><body class="toc_embeded "><div id="tocdiv" class="toc"><iframe id="tocframe" class="toc" src="../../../../toc.html">This is an iframe, to view it upgrade your browser or enable iframe display.</iframe></div><p id="title"><a class="left" href="http://www.fedoraproject.org"><img src="Common_Content/images/image_left.png" alt="Product Site" /></a><a class="right" href="http://docs.fedoraproject.org"><img src="Common_Content/images/image_right.png" alt="Documentation Site" /></a></p><ul class="docnav"><li class="previous"><a accesskey="p" href="cha
p-Defensive_Coding-Tasks-Serialization.html"><strong>Prev</strong></a></li><li class="next"><a accesskey="n" href="ch10s03.html"><strong>Next</strong></a></li></ul><div class="section" id="idm217574437568"><div class="titlepage"><div><div keep-together.within-column="always"><h2 class="title" id="idm217574437568">10.2. Protocol design</h2></div></div></div><div class="para">
- Binary formats with explicit length fields are more difficult to parse robustly than those where the length of dynamically-sized elements is derived from sentinel values. A protocol which does not use length fields and can be written in printable ASCII characters simplifies testing and debugging. However, binary protocols with length fields may be more efficient to parse.
- </div></div><ul class="docnav"><li class="previous"><a accesskey="p" href="chap-Defensive_Coding-Tasks-Serialization.html"><strong>Prev</strong>Chapter 10. Serialization and Deserialization</a></li><li class="up"><a accesskey="u" href="#"><strong>Up</strong></a></li><li class="home"><a accesskey="h" href="index.html"><strong>Home</strong></a></li><li class="next"><a accesskey="n" href="ch10s03.html"><strong>Next</strong>10.3. Library support for deserialization</a></li></ul></body></html>
\ No newline at end of file
+ </script><link rel="home" href="index.html" title="Defensive Coding" /><link rel="up" href="chap-Defensive_Coding-Tasks-Temporary_Files.html" title="Chapter 10. Temporary files" /><link rel="prev" href="chap-Defensive_Coding-Tasks-Temporary_Files.html" title="Chapter 10. Temporary files" /><link rel="next" href="ch10s03.html" title="10.3. Temporary files without names" /></head><body class="toc_embeded "><div id="tocdiv" class="toc"><iframe id="tocframe" class="toc" src="../../../../toc.html">This is an iframe, to view it upgrade your browser or enable iframe display.</iframe></div><p id="title"><a class="left" href="http://www.fedoraproject.org"><img src="Common_Content/images/image_left.png" alt="Product Site" /></a><a class="right" href="http://docs.fedoraproject.org"><img src="Common_Content/images/image_right.png" alt="Documentation Site" /></a></p><ul class="docnav"><li class="previous"><a accesskey="p" href="chap-Defensive_Coding-Tasks-Temporary_Fil
es.html"><strong>Prev</strong></a></li><li class="next"><a accesskey="n" href="ch10s03.html"><strong>Next</strong></a></li></ul><div class="section" id="idm225497184560"><div class="titlepage"><div><div keep-together.within-column="always"><h2 class="title" id="idm225497184560">10.2. Named temporary files</h2></div></div></div><div class="para">
+ The <code class="function">mkostemp</code> function creates a named temporary file. You should specify the <code class="literal">O_CLOEXEC</code> flag to avoid file descriptor leaks to subprocesses. (Applications which do not use multiple threads can also use <code class="function">mkstemp</code>, but libraries should use <code class="function">mkostemp</code>.) For determining the directory part of the file name pattern, see <a class="xref" href="chap-Defensive_Coding-Tasks-Temporary_Files.html#chap-Defensive_Coding-Tasks-Temporary_Files-Location">Section 10.1, “Obtaining the location of temporary directory”</a>.
+ </div><div class="para">
+ The file is not removed automatically. It is not safe to rename or delete the file before processing, or transform the name in any way (for example, by adding a file extension). If you need multiple temporary files, call <code class="function">mkostemp</code> multiple times. Do not create additional file names derived from the name provided by a previous <code class="function">mkostemp</code> call. However, it is safe to close the descriptor returned by <code class="function">mkostemp</code> and reopen the file using the generated name.
+ </div><div class="para">
+ The Python class <code class="literal">tempfile.NamedTemporaryFile</code> provides similar functionality, except that the file is deleted automatically by default. Note that you may have to use the <code class="literal">file</code> attribute to obtain the actual file object because some programming interfaces cannot deal with file-like objects. The C function <code class="function">mkostemp</code> is also available as <code class="function">tempfile.mkstemp</code>.
+ </div><div class="para">
+ In Java, you can use the <code class="function">java.io.File.createTempFile(String, String, File)</code> function, using the temporary file location determined according to <a class="xref" href="chap-Defensive_Coding-Tasks-Temporary_Files.html#chap-Defensive_Coding-Tasks-Temporary_Files-Location">Section 10.1, “Obtaining the location of temporary directory”</a>. Do not use <code class="function">java.io.File.deleteOnExit()</code> to delete temporary files, and do not register a shutdown hook for each temporary file you create. In both cases, the deletion hint cannot be removed from the system if you delete the temporary file prior to termination of the VM, causing a memory leak.
+ </div></div><ul class="docnav"><li class="previous"><a accesskey="p" href="chap-Defensive_Coding-Tasks-Temporary_Files.html"><strong>Prev</strong>Chapter 10. Temporary files</a></li><li class="up"><a accesskey="u" href="#"><strong>Up</strong></a></li><li class="home"><a accesskey="h" href="index.html"><strong>Home</strong></a></li><li class="next"><a accesskey="n" href="ch10s03.html"><strong>Next</strong>10.3. Temporary files without names</a></li></ul></body></html>
\ No newline at end of file
diff --git a/public_html/en-US/Fedora_Security_Team/1/html/Defensive_Coding/ch10s03.html b/public_html/en-US/Fedora_Security_Team/1/html/Defensive_Coding/ch10s03.html
index 4dbf116..13347c2 100644
--- a/public_html/en-US/Fedora_Security_Team/1/html/Defensive_Coding/ch10s03.html
+++ b/public_html/en-US/Fedora_Security_Team/1/html/Defensive_Coding/ch10s03.html
@@ -1,27 +1,17 @@
<?xml version="1.0" encoding="UTF-8" standalone="no"?>
-<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd"><html xmlns="http://www.w3.org/1999/xhtml"><head><meta http-equiv="Content-Type" content="text/html; charset=UTF-8" /><title>10.3. Library support for deserialization</title><link rel="stylesheet" type="text/css" href="Common_Content/css/default.css" /><link rel="stylesheet" media="print" href="Common_Content/css/print.css" type="text/css" /><meta name="generator" content="publican 2.8" /><meta name="package" content="Fedora_Security_Team-Defensive_Coding-1-en-US--" /><script type="text/javascript" src="../../../../../toc.js"></script><script type="text/javascript">
+<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd"><html xmlns="http://www.w3.org/1999/xhtml"><head><meta http-equiv="Content-Type" content="text/html; charset=UTF-8" /><title>10.3. Temporary files without names</title><link rel="stylesheet" type="text/css" href="Common_Content/css/default.css" /><link rel="stylesheet" media="print" href="Common_Content/css/print.css" type="text/css" /><meta name="generator" content="publican 2.8" /><meta name="package" content="Fedora_Security_Team-Defensive_Coding-1-en-US-1-1" /><script type="text/javascript" src="../../../../../toc.js"></script><script type="text/javascript">
addID('Fedora_Security_Team');
addID('Fedora_Security_Team.1');
addID('Fedora_Security_Team.1.books');
addID('Fedora_Security_Team.1.Defensive_Coding');
- </script><link rel="home" href="index.html" title="Defensive Coding" /><link rel="up" href="chap-Defensive_Coding-Tasks-Serialization.html" title="Chapter 10. Serialization and Deserialization" /><link rel="prev" href="ch10s02.html" title="10.2. Protocol design" /><link rel="next" href="sect-Defensive_Coding-Tasks-Serialization-XML.html" title="10.4. XML serialization" /></head><body class="toc_embeded "><div id="tocdiv" class="toc"><iframe id="tocframe" class="toc" src="../../../../toc.html">This is an iframe, to view it upgrade your browser or enable iframe display.</iframe></div><p id="title"><a class="left" href="http://www.fedoraproject.org"><img src="Common_Content/images/image_left.png" alt="Product Site" /></a><a class="right" href="http://docs.fedoraproject.org"><img src="Common_Content/images/image_right.png" alt="Documentation Site" /></a></p><ul class="docnav"><li class="previous"><a accesskey="p" href="ch10s02.html"><strong>Prev</strong></a></l
i><li class="next"><a accesskey="n" href="sect-Defensive_Coding-Tasks-Serialization-XML.html"><strong>Next</strong></a></li></ul><div class="section" id="idm217619318032"><div class="titlepage"><div><div keep-together.within-column="always"><h2 class="title" id="idm217619318032">10.3. Library support for deserialization</h2></div></div></div><div class="para">
- For some languages, generic libraries are available which allow to serialize and deserialize user-defined objects. The deserialization part comes in one of two flavors, depending on the library. The first kind uses type information in the data stream to control which objects are instantiated. The second kind uses type definitions supplied by the programmer. The first one allows arbitrary object instantiation, the second one generally does not.
+ </script><link rel="home" href="index.html" title="Defensive Coding" /><link rel="up" href="chap-Defensive_Coding-Tasks-Temporary_Files.html" title="Chapter 10. Temporary files" /><link rel="prev" href="ch10s02.html" title="10.2. Named temporary files" /><link rel="next" href="chap-Defensive_Coding-Tasks-Temporary_Directory.html" title="10.4. Temporary directories" /></head><body class="toc_embeded "><div id="tocdiv" class="toc"><iframe id="tocframe" class="toc" src="../../../../toc.html">This is an iframe, to view it upgrade your browser or enable iframe display.</iframe></div><p id="title"><a class="left" href="http://www.fedoraproject.org"><img src="Common_Content/images/image_left.png" alt="Product Site" /></a><a class="right" href="http://docs.fedoraproject.org"><img src="Common_Content/images/image_right.png" alt="Documentation Site" /></a></p><ul class="docnav"><li class="previous"><a accesskey="p" href="ch10s02.html"><strong>Prev</strong></a></li><l
i class="next"><a accesskey="n" href="chap-Defensive_Coding-Tasks-Temporary_Directory.html"><strong>Next</strong></a></li></ul><div class="section" id="idm225460352288"><div class="titlepage"><div><div keep-together.within-column="always"><h2 class="title" id="idm225460352288">10.3. Temporary files without names</h2></div></div></div><div class="para">
+ The <code class="function">tmpfile</code> function creates a temporary file and immediately deletes it, while keeping the file open. As a result, the file lacks a name and its space is deallocated as soon as the file descriptor is closed (including the implicit close when the process terminates). This avoids cluttering the temporary directory with orphaned files.
</div><div class="para">
- The following serialization frameworks are in the first category, are known to be unsafe, and must not be used for untrusted data:
- </div><div class="itemizedlist"><ul><li class="listitem"><div class="para">
- Python's <span class="package">pickle</span> and <span class="package">cPickle</span> modules
- </div></li><li class="listitem"><div class="para">
- Perl's <span class="package">Storable</span> package
- </div></li><li class="listitem"><div class="para">
- Java serialization (<span class="type">java.io.ObjectInputStream</span>), even if encoded in other formats (as with <span class="type">java.beans.XMLDecoder</span>)
- </div></li><li class="listitem"><div class="para">
- PHP serialization (<code class="function">unserialize</code>)
- </div></li><li class="listitem"><div class="para">
- Most implementations of YAML
- </div></li></ul></div><div class="para">
- When using a type-directed deserialization format where the types of the deserialized objects are specified by the programmer, make sure that the objects which can be instantiated cannot perform any destructive actions in their destructors, even when the data members have been manipulated.
+ Alternatively, if the maximum size of the temporary file is known beforehand, the <code class="function">fmemopen</code> function can be used to create a <code class="literal">FILE *</code> object which is backed by memory.
</div><div class="para">
- In general, JSON decoders do not suffer from this problem. But you must not use the <code class="function">eval</code> function to parse JSON objects in Javascript; even with the regular expression filter from RFC 4627, there are still information leaks remaining. JSON-based formats can still turn out risky if they serve as an encoding form for any if the serialization frameworks listed above.
- </div></div><ul class="docnav"><li class="previous"><a accesskey="p" href="ch10s02.html"><strong>Prev</strong>10.2. Protocol design</a></li><li class="up"><a accesskey="u" href="#"><strong>Up</strong></a></li><li class="home"><a accesskey="h" href="index.html"><strong>Home</strong></a></li><li class="next"><a accesskey="n" href="sect-Defensive_Coding-Tasks-Serialization-XML.html"><strong>Next</strong>10.4. XML serialization</a></li></ul></body></html>
\ No newline at end of file
+ In Python, unnamed temporary files are provided by the <code class="literal">tempfile.TemporaryFile</code> class, and the <code class="literal">tempfile.SpooledTemporaryFile</code> class provides a way to avoid creation of small temporary files.
+ </div><div class="para">
+ Java does not support unnamed temporary files.
+ </div></div><ul class="docnav"><li class="previous"><a accesskey="p" href="ch10s02.html"><strong>Prev</strong>10.2. Named temporary files</a></li><li class="up"><a accesskey="u" href="#"><strong>Up</strong></a></li><li class="home"><a accesskey="h" href="index.html"><strong>Home</strong></a></li><li class="next"><a accesskey="n" href="chap-Defensive_Coding-Tasks-Temporary_Directory.html"><strong>Next</strong>10.4. Temporary directories</a></li></ul></body></html>
\ No newline at end of file
diff --git a/public_html/en-US/Fedora_Security_Team/1/html/Defensive_Coding/ch10s05.html b/public_html/en-US/Fedora_Security_Team/1/html/Defensive_Coding/ch10s05.html
index 856a0af..2fa8c10 100644
--- a/public_html/en-US/Fedora_Security_Team/1/html/Defensive_Coding/ch10s05.html
+++ b/public_html/en-US/Fedora_Security_Team/1/html/Defensive_Coding/ch10s05.html
@@ -1,15 +1,23 @@
<?xml version="1.0" encoding="UTF-8" standalone="no"?>
-<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd"><html xmlns="http://www.w3.org/1999/xhtml"><head><meta http-equiv="Content-Type" content="text/html; charset=UTF-8" /><title>10.5. Protocol Encoders</title><link rel="stylesheet" type="text/css" href="Common_Content/css/default.css" /><link rel="stylesheet" media="print" href="Common_Content/css/print.css" type="text/css" /><meta name="generator" content="publican 2.8" /><meta name="package" content="Fedora_Security_Team-Defensive_Coding-1-en-US--" /><script type="text/javascript" src="../../../../../toc.js"></script><script type="text/javascript">
+<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd"><html xmlns="http://www.w3.org/1999/xhtml"><head><meta http-equiv="Content-Type" content="text/html; charset=UTF-8" /><title>10.5. Compensating for unsafe file creation</title><link rel="stylesheet" type="text/css" href="Common_Content/css/default.css" /><link rel="stylesheet" media="print" href="Common_Content/css/print.css" type="text/css" /><meta name="generator" content="publican 2.8" /><meta name="package" content="Fedora_Security_Team-Defensive_Coding-1-en-US-1-1" /><script type="text/javascript" src="../../../../../toc.js"></script><script type="text/javascript">
addID('Fedora_Security_Team');
addID('Fedora_Security_Team.1');
addID('Fedora_Security_Team.1.books');
addID('Fedora_Security_Team.1.Defensive_Coding');
- </script><link rel="home" href="index.html" title="Defensive Coding" /><link rel="up" href="chap-Defensive_Coding-Tasks-Serialization.html" title="Chapter 10. Serialization and Deserialization" /><link rel="prev" href="sect-Defensive_Coding-Tasks-Serialization-XML-OpenJDK_Parse-Other.html" title="10.4.7.3. Other XML parsers in OpenJDK" /><link rel="next" href="chap-Defensive_Coding-Tasks-Cryptography.html" title="Chapter 11. Cryptography" /></head><body class="toc_embeded "><div id="tocdiv" class="toc"><iframe id="tocframe" class="toc" src="../../../../toc.html">This is an iframe, to view it upgrade your browser or enable iframe display.</iframe></div><p id="title"><a class="left" href="http://www.fedoraproject.org"><img src="Common_Content/images/image_left.png" alt="Product Site" /></a><a class="right" href="http://docs.fedoraproject.org"><img src="Common_Content/images/image_right.png" alt="Documentation Site" /></a></p><ul class="docnav"><li class="pre
vious"><a accesskey="p" href="sect-Defensive_Coding-Tasks-Serialization-XML-OpenJDK_Parse-Other.html"><strong>Prev</strong></a></li><li class="next"><a accesskey="n" href="chap-Defensive_Coding-Tasks-Cryptography.html"><strong>Next</strong></a></li></ul><div class="section" id="idm217646545984"><div class="titlepage"><div><div keep-together.within-column="always"><h2 class="title" id="idm217646545984">10.5. Protocol Encoders</h2></div></div></div><div class="para">
- For protocol encoders, you should write bytes to a buffer which grows as needed, using an exponential sizing policy. Explicit lengths can be patched in later, once they are known. Allocating the required number of bytes upfront typically requires separate code to compute the final size, which must be kept in sync with the actual encoding step, or vulnerabilities may result. In multi-threaded code, parts of the object being deserialized might change, so that the computed size is out of date.
- </div><div class="para">
- You should avoid copying data directly from a received packet during encoding, disregarding the format. Propagating malformed data could enable attacks on other recipients of that data.
- </div><div class="para">
- When using C or C++ and copying whole data structures directly into the output, make sure that you do not leak information in padding bytes between fields or at the end of the <code class="literal">struct</code>.
- </div></div><ul class="docnav"><li class="previous"><a accesskey="p" href="sect-Defensive_Coding-Tasks-Serialization-XML-OpenJDK_Parse-Other.html"><strong>Prev</strong>10.4.7.3. Other XML parsers in OpenJDK</a></li><li class="up"><a accesskey="u" href="#"><strong>Up</strong></a></li><li class="home"><a accesskey="h" href="index.html"><strong>Home</strong></a></li><li class="next"><a accesskey="n" href="chap-Defensive_Coding-Tasks-Cryptography.html"><strong>Next</strong>Chapter 11. Cryptography</a></li></ul></body></html>
\ No newline at end of file
+ </script><link rel="home" href="index.html" title="Defensive Coding" /><link rel="up" href="chap-Defensive_Coding-Tasks-Temporary_Files.html" title="Chapter 10. Temporary files" /><link rel="prev" href="chap-Defensive_Coding-Tasks-Temporary_Directory.html" title="10.4. Temporary directories" /><link rel="next" href="sect-Defensive_Coding-Tasks-Processes.html" title="Chapter 11. Processes" /></head><body class="toc_embeded "><div id="tocdiv" class="toc"><iframe id="tocframe" class="toc" src="../../../../toc.html">This is an iframe, to view it upgrade your browser or enable iframe display.</iframe></div><p id="title"><a class="left" href="http://www.fedoraproject.org"><img src="Common_Content/images/image_left.png" alt="Product Site" /></a><a class="right" href="http://docs.fedoraproject.org"><img src="Common_Content/images/image_right.png" alt="Documentation Site" /></a></p><ul class="docnav"><li class="previous"><a accesskey="p" href="chap-Defensive_Coding
-Tasks-Temporary_Directory.html"><strong>Prev</strong></a></li><li class="next"><a accesskey="n" href="sect-Defensive_Coding-Tasks-Processes.html"><strong>Next</strong></a></li></ul><div class="section" id="idm225474037360"><div class="titlepage"><div><div keep-together.within-column="always"><h2 class="title" id="idm225474037360">10.5. Compensating for unsafe file creation</h2></div></div></div><div class="para">
+ There are two ways to make a function or program which excepts a file name safe for use with temporary files. See <a class="xref" href="sect-Defensive_Coding-Tasks-Processes.html#sect-Defensive_Coding-Tasks-Processes-Creation">Section 11.1, “Safe process creation”</a>, for details on subprocess creation.
+ </div><div class="itemizedlist"><ul><li class="listitem"><div class="para">
+ Create a temporary directory and place the file there. If possible, run the program in a subprocess which uses the temporary directory as its current directory, with a restricted environment. Use generated names for all files in that temporary directory. (See <a class="xref" href="chap-Defensive_Coding-Tasks-Temporary_Directory.html">Section 10.4, “Temporary directories”</a>.)
+ </div></li><li class="listitem"><div class="para">
+ Create the temporary file and pass the generated file name to the function or program. This only works if the function or program can cope with a zero-length existing file. It is safe only under additional assumptions:
+ </div><div class="itemizedlist"><ul><li class="listitem"><div class="para">
+ The function or program must not create additional files whose name is derived from the specified file name or are otherwise predictable.
+ </div></li><li class="listitem"><div class="para">
+ The function or program must not delete the file before processing it.
+ </div></li><li class="listitem"><div class="para">
+ It must not access any existing files in the same directory.
+ </div></li></ul></div><div class="para">
+ It is often difficult to check whether these additional assumptions are matched, therefore this approach is not recommended.
+ </div></li></ul></div></div><ul class="docnav"><li class="previous"><a accesskey="p" href="chap-Defensive_Coding-Tasks-Temporary_Directory.html"><strong>Prev</strong>10.4. Temporary directories</a></li><li class="up"><a accesskey="u" href="#"><strong>Up</strong></a></li><li class="home"><a accesskey="h" href="index.html"><strong>Home</strong></a></li><li class="next"><a accesskey="n" href="sect-Defensive_Coding-Tasks-Processes.html"><strong>Next</strong>Chapter 11. Processes</a></li></ul></body></html>
\ No newline at end of file
diff --git a/public_html/en-US/Fedora_Security_Team/1/html/Defensive_Coding/ch11s02.html b/public_html/en-US/Fedora_Security_Team/1/html/Defensive_Coding/ch11s02.html
index d9c84dc..2873e98 100644
--- a/public_html/en-US/Fedora_Security_Team/1/html/Defensive_Coding/ch11s02.html
+++ b/public_html/en-US/Fedora_Security_Team/1/html/Defensive_Coding/ch11s02.html
@@ -1,31 +1,21 @@
<?xml version="1.0" encoding="UTF-8" standalone="no"?>
-<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd"><html xmlns="http://www.w3.org/1999/xhtml"><head><meta http-equiv="Content-Type" content="text/html; charset=UTF-8" /><title>11.2. Randomness</title><link rel="stylesheet" type="text/css" href="Common_Content/css/default.css" /><link rel="stylesheet" media="print" href="Common_Content/css/print.css" type="text/css" /><meta name="generator" content="publican 2.8" /><meta name="package" content="Fedora_Security_Team-Defensive_Coding-1-en-US--" /><script type="text/javascript" src="../../../../../toc.js"></script><script type="text/javascript">
+<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd"><html xmlns="http://www.w3.org/1999/xhtml"><head><meta http-equiv="Content-Type" content="text/html; charset=UTF-8" /><title>11.2. Handling child process termination</title><link rel="stylesheet" type="text/css" href="Common_Content/css/default.css" /><link rel="stylesheet" media="print" href="Common_Content/css/print.css" type="text/css" /><meta name="generator" content="publican 2.8" /><meta name="package" content="Fedora_Security_Team-Defensive_Coding-1-en-US-1-1" /><script type="text/javascript" src="../../../../../toc.js"></script><script type="text/javascript">
addID('Fedora_Security_Team');
addID('Fedora_Security_Team.1');
addID('Fedora_Security_Team.1.books');
addID('Fedora_Security_Team.1.Defensive_Coding');
- </script><link rel="home" href="index.html" title="Defensive Coding" /><link rel="up" href="chap-Defensive_Coding-Tasks-Cryptography.html" title="Chapter 11. Cryptography" /><link rel="prev" href="chap-Defensive_Coding-Tasks-Cryptography.html" title="Chapter 11. Cryptography" /><link rel="next" href="pt03.html" title="Part III. Implementing Security Features" /></head><body class="toc_embeded "><div id="tocdiv" class="toc"><iframe id="tocframe" class="toc" src="../../../../toc.html">This is an iframe, to view it upgrade your browser or enable iframe display.</iframe></div><p id="title"><a class="left" href="http://www.fedoraproject.org"><img src="Common_Content/images/image_left.png" alt="Product Site" /></a><a class="right" href="http://docs.fedoraproject.org"><img src="Common_Content/images/image_right.png" alt="Documentation Site" /></a></p><ul class="docnav"><li class="previous"><a accesskey="p" href="chap-Defensive_Coding-Tasks-Cryptography.html"><st
rong>Prev</strong></a></li><li class="next"><a accesskey="n" href="pt03.html"><strong>Next</strong></a></li></ul><div class="section" id="idm217615478096"><div class="titlepage"><div><div keep-together.within-column="always"><h2 class="title" id="idm217615478096">11.2. Randomness</h2></div></div></div><div class="para">
- The following facilities can be used to generate unpredictable and non-repeating values. When these functions are used without special safeguards, each individual random value should be at least 12 bytes long.
+ </script><link rel="home" href="index.html" title="Defensive Coding" /><link rel="up" href="sect-Defensive_Coding-Tasks-Processes.html" title="Chapter 11. Processes" /><link rel="prev" href="sect-Defensive_Coding-Tasks-Processes.html" title="Chapter 11. Processes" /><link rel="next" href="ch11s03.html" title="11.3. SUID/SGID processes" /></head><body class="toc_embeded "><div id="tocdiv" class="toc"><iframe id="tocframe" class="toc" src="../../../../toc.html">This is an iframe, to view it upgrade your browser or enable iframe display.</iframe></div><p id="title"><a class="left" href="http://www.fedoraproject.org"><img src="Common_Content/images/image_left.png" alt="Product Site" /></a><a class="right" href="http://docs.fedoraproject.org"><img src="Common_Content/images/image_right.png" alt="Documentation Site" /></a></p><ul class="docnav"><li class="previous"><a accesskey="p" href="sect-Defensive_Coding-Tasks-Processes.html"><strong>Prev</strong></a></li><
li class="next"><a accesskey="n" href="ch11s03.html"><strong>Next</strong></a></li></ul><div class="section" id="idm225473202752"><div class="titlepage"><div><div keep-together.within-column="always"><h2 class="title" id="idm225473202752">11.2. Handling child process termination</h2></div></div></div><div class="para">
+ When child processes terminate, the parent process is signalled. A stub of the terminated processes (a <span class="emphasis"><em>zombie</em></span>, shown as <code class="literal"><defunct></code> by <span class="application"><strong>ps</strong></span>) is kept around until the status information is collected (<span class="emphasis"><em>reaped</em></span>) by the parent process. Over the years, several interfaces for this have been invented:
</div><div class="itemizedlist"><ul><li class="listitem"><div class="para">
- <code class="function">PK11_GenerateRandom</code> in the NSS library (usable for high data rates)
+ The parent process calls <code class="function">wait</code>, <code class="function">waitpid</code>, <code class="function">waitid</code>, <code class="function">wait3</code> or <code class="function">wait4</code>, without specifying a process ID. This will deliver any matching process ID. This approach is typically used from within event loops.
</div></li><li class="listitem"><div class="para">
- <code class="function">RAND_bytes</code> in the OpenSSL library (usable for high data rates)
+ The parent process calls <code class="function">waitpid</code>, <code class="function">waitid</code>, or <code class="function">wait4</code>, with a specific process ID. Only data for the specific process ID is returned. This is typically used in code which spawns a single subprocess in a synchronous manner.
</div></li><li class="listitem"><div class="para">
- <code class="function">gnutls_rnd</code> in GNUTLS, with <code class="literal">GNUTLS_RND_RANDOM</code> as the first argument (usable for high data rates)
- </div></li><li class="listitem"><div class="para">
- <span class="type">java.security.SecureRandom</span> in Java (usable for high data rates)
- </div></li><li class="listitem"><div class="para">
- <code class="function">os.urandom</code> in Python
- </div></li><li class="listitem"><div class="para">
- Reading from the <code class="filename">/dev/urandom</code> character device
+ The parent process installs a handler for the <code class="literal">SIGCHLD</code> signal, using <code class="function">sigaction</code>, and specifies to the <code class="literal">SA_NOCLDWAIT</code> flag. This approach could be used by event loops as well.
</div></li></ul></div><div class="para">
- All these functions should be non-blocking, and they should not wait until physical randomness becomes available. (Some cryptography providers for Java can cause <span class="type">java.security.SecureRandom</span> to block, however.) Those functions which do not obtain all bits directly from <code class="filename">/dev/urandom</code> are suitable for high data rates because they do not deplete the system-wide entropy pool.
- </div><div class="important"><div class="admonition_header"><h2>Difficult to use API</h2></div><div class="admonition"><div class="para">
- Both <code class="function">RAND_bytes</code> and <code class="function">PK11_GenerateRandom</code> have three-state return values (with conflicting meanings). Careful error checking is required. Please review the documentation when using these functions.
- </div></div></div><div class="para">
- Other sources of randomness should be considered predictable.
+ None of these approaches can be used to wait for child process terminated in a completely thread-safe manner. The parent process might execute an event loop in another thread, which could pick up the termination signal. This means that libraries typically cannot make free use of child processes (for example, to run problematic code with reduced privileges in a separate address space).
</div><div class="para">
- Generating randomness for cryptographic keys in long-term use may need different steps and is best left to cryptographic libraries.
- </div></div><ul class="docnav"><li class="previous"><a accesskey="p" href="chap-Defensive_Coding-Tasks-Cryptography.html"><strong>Prev</strong>Chapter 11. Cryptography</a></li><li class="up"><a accesskey="u" href="#"><strong>Up</strong></a></li><li class="home"><a accesskey="h" href="index.html"><strong>Home</strong></a></li><li class="next"><a accesskey="n" href="pt03.html"><strong>Next</strong>Part III. Implementing Security Features</a></li></ul></body></html>
\ No newline at end of file
+ At the moment, the parent process should explicitly wait for termination of the child process using <code class="function">waitpid</code> or <code class="function">waitid</code>, and hope that the status is not collected by an event loop first.
+ </div></div><ul class="docnav"><li class="previous"><a accesskey="p" href="sect-Defensive_Coding-Tasks-Processes.html"><strong>Prev</strong>Chapter 11. Processes</a></li><li class="up"><a accesskey="u" href="#"><strong>Up</strong></a></li><li class="home"><a accesskey="h" href="index.html"><strong>Home</strong></a></li><li class="next"><a accesskey="n" href="ch11s03.html"><strong>Next</strong>11.3. SUID/SGID processes</a></li></ul></body></html>
\ No newline at end of file
diff --git a/public_html/en-US/Fedora_Security_Team/1/html/Defensive_Coding/ch11s03.html b/public_html/en-US/Fedora_Security_Team/1/html/Defensive_Coding/ch11s03.html
new file mode 100644
index 0000000..dc53a24
--- /dev/null
+++ b/public_html/en-US/Fedora_Security_Team/1/html/Defensive_Coding/ch11s03.html
@@ -0,0 +1,41 @@
+<?xml version="1.0" encoding="UTF-8" standalone="no"?>
+<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd"><html xmlns="http://www.w3.org/1999/xhtml"><head><meta http-equiv="Content-Type" content="text/html; charset=UTF-8" /><title>11.3. SUID/SGID processes</title><link rel="stylesheet" type="text/css" href="Common_Content/css/default.css" /><link rel="stylesheet" media="print" href="Common_Content/css/print.css" type="text/css" /><meta name="generator" content="publican 2.8" /><meta name="package" content="Fedora_Security_Team-Defensive_Coding-1-en-US-1-1" /><script type="text/javascript" src="../../../../../toc.js"></script><script type="text/javascript">
+ addID('Fedora_Security_Team');
+
+ addID('Fedora_Security_Team.1');
+
+ addID('Fedora_Security_Team.1.books');
+ addID('Fedora_Security_Team.1.Defensive_Coding');
+ </script><link rel="home" href="index.html" title="Defensive Coding" /><link rel="up" href="sect-Defensive_Coding-Tasks-Processes.html" title="Chapter 11. Processes" /><link rel="prev" href="ch11s02.html" title="11.2. Handling child process termination" /><link rel="next" href="sect-Defensive_Coding-Tasks-Processes-Daemons.html" title="11.4. Daemons" /></head><body class="toc_embeded "><div id="tocdiv" class="toc"><iframe id="tocframe" class="toc" src="../../../../toc.html">This is an iframe, to view it upgrade your browser or enable iframe display.</iframe></div><p id="title"><a class="left" href="http://www.fedoraproject.org"><img src="Common_Content/images/image_left.png" alt="Product Site" /></a><a class="right" href="http://docs.fedoraproject.org"><img src="Common_Content/images/image_right.png" alt="Documentation Site" /></a></p><ul class="docnav"><li class="previous"><a accesskey="p" href="ch11s02.html"><strong>Prev</strong></a></li><li class="next">
<a accesskey="n" href="sect-Defensive_Coding-Tasks-Processes-Daemons.html"><strong>Next</strong></a></li></ul><div class="section" id="idm225439706160"><div class="titlepage"><div><div keep-together.within-column="always"><h2 class="title" id="idm225439706160">11.3. <code class="literal">SUID</code>/<code class="literal">SGID</code> processes</h2></div></div></div><div class="para">
+ Programs can be marked in the file system to indicate to the kernel that a trust transition should happen if the program is run. The <code class="literal">SUID</code> file permission bit indicates that an executable should run with the effective user ID equal to the owner of the executable file. Similarly, with the <code class="literal">SGID</code> bit, the effective group ID is set to the group of the executable file.
+ </div><div class="para">
+ Linux supports <span class="emphasis"><em>fscaps</em></span>, which can grant additional capabilities to a process in a finer-grained manner. Additional mechanisms can be provided by loadable security modules.
+ </div><div class="para">
+ When such a trust transition has happened, the process runs in a potentially hostile environment. Additional care is necessary not to rely on any untrusted information. These concerns also apply to libraries which can be linked into such processes.
+ </div><div class="section" id="sect-Defensive_Coding-Tasks-secure_getenv"><div class="titlepage"><div><div keep-together.within-column="always"><h3 class="title">11.3.1. Accessing environment variables</h3></div></div></div><div class="para">
+ The following steps are required so that a program does not accidentally pick up untrusted data from environment variables.
+ </div><div class="itemizedlist"><ul><li class="listitem"><div class="para">
+ Compile your C/C++ sources with <code class="literal">-D_GNU_SOURCE</code>. The Autoconf macro <code class="literal">AC_GNU_SOURCE</code> ensures this.
+ </div></li><li class="listitem"><div class="para">
+ Check for the presence of the <code class="function">secure_getenv</code> and <code class="function">__secure_getenv</code> function. The Autoconf directive <code class="literal">AC_CHECK_FUNCS([__secure_getenv secure_getenv])</code> performs these checks.
+ </div></li><li class="listitem"><div class="para">
+ Arrange for a proper definition of the <code class="function">secure_getenv</code> function. See <a class="xref" href="ch11s03.html#ex-Defensive_Coding-Tasks-secure_getenv">Example 11.1, “Obtaining a definition for <code class="function">secure_getenv</code>”</a>.
+ </div></li><li class="listitem"><div class="para">
+ Use <code class="function">secure_getenv</code> instead of <code class="function">getenv</code> to obtain the value of critical environment variables. <code class="function">secure_getenv</code> will pretend the variable has not bee set if the process environment is not trusted.
+ </div></li></ul></div><div class="para">
+ Critical environment variables are debugging flags, configuration file locations, plug-in and log file locations, and anything else that might be used to bypass security restrictions or cause a privileged process to behave in an unexpected way.
+ </div><div class="para">
+ Either the <code class="function">secure_getenv</code> function or the <code class="function">__secure_getenv</code> is available from GNU libc.
+ </div><div class="example" id="ex-Defensive_Coding-Tasks-secure_getenv"><h6>Example 11.1. Obtaining a definition for <code class="function">secure_getenv</code></h6><div class="example-contents"><pre class="programlisting">
+
+<span class="perl_Others">#include <stdlib.h></span><span class="perl_Others"></span>
+<span class="perl_Others"></span>
+<span class="perl_Others">#ifndef HAVE_SECURE_GETENV</span><span class="perl_Others"></span>
+<span class="perl_Others"></span><span class="perl_Others"># ifdef HAVE__SECURE_GETENV</span><span class="perl_Others"></span>
+<span class="perl_Others"></span><span class="perl_Others"># define secure_getenv __secure_getenv</span><span class="perl_Others"></span>
+<span class="perl_Others"></span><span class="perl_Others"># else</span><span class="perl_Others"></span>
+<span class="perl_Others"></span><span class="perl_Others"># error neither secure_getenv nor __secure_getenv are available</span><span class="perl_Others"></span>
+<span class="perl_Others"></span><span class="perl_Others"># endif</span><span class="perl_Others"></span>
+<span class="perl_Others"></span><span class="perl_Others">#endif</span><span class="perl_Others"></span>
+<span class="perl_Others"></span>
+</pre></div></div><br class="example-break" /></div></div><ul class="docnav"><li class="previous"><a accesskey="p" href="ch11s02.html"><strong>Prev</strong>11.2. Handling child process termination</a></li><li class="up"><a accesskey="u" href="#"><strong>Up</strong></a></li><li class="home"><a accesskey="h" href="index.html"><strong>Home</strong></a></li><li class="next"><a accesskey="n" href="sect-Defensive_Coding-Tasks-Processes-Daemons.html"><strong>Next</strong>11.4. Daemons</a></li></ul></body></html>
\ No newline at end of file
diff --git a/public_html/en-US/Fedora_Security_Team/1/html/Defensive_Coding/ch11s05.html b/public_html/en-US/Fedora_Security_Team/1/html/Defensive_Coding/ch11s05.html
new file mode 100644
index 0000000..0443834
--- /dev/null
+++ b/public_html/en-US/Fedora_Security_Team/1/html/Defensive_Coding/ch11s05.html
@@ -0,0 +1,15 @@
+<?xml version="1.0" encoding="UTF-8" standalone="no"?>
+<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd"><html xmlns="http://www.w3.org/1999/xhtml"><head><meta http-equiv="Content-Type" content="text/html; charset=UTF-8" /><title>11.5. Semantics of command line arguments</title><link rel="stylesheet" type="text/css" href="Common_Content/css/default.css" /><link rel="stylesheet" media="print" href="Common_Content/css/print.css" type="text/css" /><meta name="generator" content="publican 2.8" /><meta name="package" content="Fedora_Security_Team-Defensive_Coding-1-en-US-1-1" /><script type="text/javascript" src="../../../../../toc.js"></script><script type="text/javascript">
+ addID('Fedora_Security_Team');
+
+ addID('Fedora_Security_Team.1');
+
+ addID('Fedora_Security_Team.1.books');
+ addID('Fedora_Security_Team.1.Defensive_Coding');
+ </script><link rel="home" href="index.html" title="Defensive Coding" /><link rel="up" href="sect-Defensive_Coding-Tasks-Processes.html" title="Chapter 11. Processes" /><link rel="prev" href="sect-Defensive_Coding-Tasks-Processes-Daemons.html" title="11.4. Daemons" /><link rel="next" href="sect-Defensive_Coding-Tasks-Processes-Fork-Parallel.html" title="11.6. fork as a primitive for parallelism" /></head><body class="toc_embeded "><div id="tocdiv" class="toc"><iframe id="tocframe" class="toc" src="../../../../toc.html">This is an iframe, to view it upgrade your browser or enable iframe display.</iframe></div><p id="title"><a class="left" href="http://www.fedoraproject.org"><img src="Common_Content/images/image_left.png" alt="Product Site" /></a><a class="right" href="http://docs.fedoraproject.org"><img src="Common_Content/images/image_right.png" alt="Documentation Site" /></a></p><ul class="docnav"><li class="previous"><a accesskey="p" href="sect-Defensive_C
oding-Tasks-Processes-Daemons.html"><strong>Prev</strong></a></li><li class="next"><a accesskey="n" href="sect-Defensive_Coding-Tasks-Processes-Fork-Parallel.html"><strong>Next</strong></a></li></ul><div class="section" id="idm225471110432"><div class="titlepage"><div><div keep-together.within-column="always"><h2 class="title" id="idm225471110432">11.5. Semantics of command line arguments</h2></div></div></div><div class="para">
+ After process creation and option processing, it is up to the child process to interpret the arguments. Arguments can be file names, host names, or URLs, and many other things. URLs can refer to the local network, some server on the Internet, or to the local file system. Some applications even accept arbitrary code in arguments (for example, <span class="application"><strong>python</strong></span> with the <code class="option">-c</code> option).
+ </div><div class="para">
+ Similar concerns apply to environment variables, the contents of the current directory and its subdirectories.
+ </div><div class="para">
+ Consequently, careful analysis is required if it is safe to pass untrusted data to another program.
+ </div></div><ul class="docnav"><li class="previous"><a accesskey="p" href="sect-Defensive_Coding-Tasks-Processes-Daemons.html"><strong>Prev</strong>11.4. Daemons</a></li><li class="up"><a accesskey="u" href="#"><strong>Up</strong></a></li><li class="home"><a accesskey="h" href="index.html"><strong>Home</strong></a></li><li class="next"><a accesskey="n" href="sect-Defensive_Coding-Tasks-Processes-Fork-Parallel.html"><strong>Next</strong>11.6. fork as a primitive for parallelism</a></li></ul></body></html>
\ No newline at end of file
diff --git a/public_html/en-US/Fedora_Security_Team/1/html/Defensive_Coding/ch12s02.html b/public_html/en-US/Fedora_Security_Team/1/html/Defensive_Coding/ch12s02.html
new file mode 100644
index 0000000..4d2bb80
--- /dev/null
+++ b/public_html/en-US/Fedora_Security_Team/1/html/Defensive_Coding/ch12s02.html
@@ -0,0 +1,13 @@
+<?xml version="1.0" encoding="UTF-8" standalone="no"?>
+<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd"><html xmlns="http://www.w3.org/1999/xhtml"><head><meta http-equiv="Content-Type" content="text/html; charset=UTF-8" /><title>12.2. Protocol design</title><link rel="stylesheet" type="text/css" href="Common_Content/css/default.css" /><link rel="stylesheet" media="print" href="Common_Content/css/print.css" type="text/css" /><meta name="generator" content="publican 2.8" /><meta name="package" content="Fedora_Security_Team-Defensive_Coding-1-en-US-1-1" /><script type="text/javascript" src="../../../../../toc.js"></script><script type="text/javascript">
+ addID('Fedora_Security_Team');
+
+ addID('Fedora_Security_Team.1');
+
+ addID('Fedora_Security_Team.1.books');
+ addID('Fedora_Security_Team.1.Defensive_Coding');
+ </script><link rel="home" href="index.html" title="Defensive Coding" /><link rel="up" href="chap-Defensive_Coding-Tasks-Serialization.html" title="Chapter 12. Serialization and Deserialization" /><link rel="prev" href="chap-Defensive_Coding-Tasks-Serialization.html" title="Chapter 12. Serialization and Deserialization" /><link rel="next" href="sect-Defensive_Coding-Tasks-Serialization-Fragmentation.html" title="12.3. Fragmentation" /></head><body class="toc_embeded "><div id="tocdiv" class="toc"><iframe id="tocframe" class="toc" src="../../../../toc.html">This is an iframe, to view it upgrade your browser or enable iframe display.</iframe></div><p id="title"><a class="left" href="http://www.fedoraproject.org"><img src="Common_Content/images/image_left.png" alt="Product Site" /></a><a class="right" href="http://docs.fedoraproject.org"><img src="Common_Content/images/image_right.png" alt="Documentation Site" /></a></p><ul class="docnav"><li class="previous">
<a accesskey="p" href="chap-Defensive_Coding-Tasks-Serialization.html"><strong>Prev</strong></a></li><li class="next"><a accesskey="n" href="sect-Defensive_Coding-Tasks-Serialization-Fragmentation.html"><strong>Next</strong></a></li></ul><div class="section" id="idm225471012320"><div class="titlepage"><div><div keep-together.within-column="always"><h2 class="title" id="idm225471012320">12.2. Protocol design</h2></div></div></div><div class="para">
+ Binary formats with explicit length fields are more difficult to parse robustly than those where the length of dynamically-sized elements is derived from sentinel values. A protocol which does not use length fields and can be written in printable ASCII characters simplifies testing and debugging. However, binary protocols with length fields may be more efficient to parse.
+ </div><div class="para">
+ In new datagram-oriented protocols, unique numbers such as sequence numbers or identifiers for fragment reassembly (see <a class="xref" href="sect-Defensive_Coding-Tasks-Serialization-Fragmentation.html">Section 12.3, “Fragmentation”</a>) should be at least 64 bits large, and really should not be smaller than 32 bits in size. Protocols should not permit fragments with overlapping contents.
+ </div></div><ul class="docnav"><li class="previous"><a accesskey="p" href="chap-Defensive_Coding-Tasks-Serialization.html"><strong>Prev</strong>Chapter 12. Serialization and Deserialization</a></li><li class="up"><a accesskey="u" href="#"><strong>Up</strong></a></li><li class="home"><a accesskey="h" href="index.html"><strong>Home</strong></a></li><li class="next"><a accesskey="n" href="sect-Defensive_Coding-Tasks-Serialization-Fragmentation.html"><strong>Next</strong>12.3. Fragmentation</a></li></ul></body></html>
\ No newline at end of file
diff --git a/public_html/en-US/Fedora_Security_Team/1/html/Defensive_Coding/ch12s04.html b/public_html/en-US/Fedora_Security_Team/1/html/Defensive_Coding/ch12s04.html
new file mode 100644
index 0000000..2a4425b
--- /dev/null
+++ b/public_html/en-US/Fedora_Security_Team/1/html/Defensive_Coding/ch12s04.html
@@ -0,0 +1,27 @@
+<?xml version="1.0" encoding="UTF-8" standalone="no"?>
+<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd"><html xmlns="http://www.w3.org/1999/xhtml"><head><meta http-equiv="Content-Type" content="text/html; charset=UTF-8" /><title>12.4. Library support for deserialization</title><link rel="stylesheet" type="text/css" href="Common_Content/css/default.css" /><link rel="stylesheet" media="print" href="Common_Content/css/print.css" type="text/css" /><meta name="generator" content="publican 2.8" /><meta name="package" content="Fedora_Security_Team-Defensive_Coding-1-en-US-1-1" /><script type="text/javascript" src="../../../../../toc.js"></script><script type="text/javascript">
+ addID('Fedora_Security_Team');
+
+ addID('Fedora_Security_Team.1');
+
+ addID('Fedora_Security_Team.1.books');
+ addID('Fedora_Security_Team.1.Defensive_Coding');
+ </script><link rel="home" href="index.html" title="Defensive Coding" /><link rel="up" href="chap-Defensive_Coding-Tasks-Serialization.html" title="Chapter 12. Serialization and Deserialization" /><link rel="prev" href="sect-Defensive_Coding-Tasks-Serialization-Fragmentation.html" title="12.3. Fragmentation" /><link rel="next" href="sect-Defensive_Coding-Tasks-Serialization-XML.html" title="12.5. XML serialization" /></head><body class="toc_embeded "><div id="tocdiv" class="toc"><iframe id="tocframe" class="toc" src="../../../../toc.html">This is an iframe, to view it upgrade your browser or enable iframe display.</iframe></div><p id="title"><a class="left" href="http://www.fedoraproject.org"><img src="Common_Content/images/image_left.png" alt="Product Site" /></a><a class="right" href="http://docs.fedoraproject.org"><img src="Common_Content/images/image_right.png" alt="Documentation Site" /></a></p><ul class="docnav"><li class="previous"><a accesskey="p" hr
ef="sect-Defensive_Coding-Tasks-Serialization-Fragmentation.html"><strong>Prev</strong></a></li><li class="next"><a accesskey="n" href="sect-Defensive_Coding-Tasks-Serialization-XML.html"><strong>Next</strong></a></li></ul><div class="section" id="idm225494883520"><div class="titlepage"><div><div keep-together.within-column="always"><h2 class="title" id="idm225494883520">12.4. Library support for deserialization</h2></div></div></div><div class="para">
+ For some languages, generic libraries are available which allow to serialize and deserialize user-defined objects. The deserialization part comes in one of two flavors, depending on the library. The first kind uses type information in the data stream to control which objects are instantiated. The second kind uses type definitions supplied by the programmer. The first one allows arbitrary object instantiation, the second one generally does not.
+ </div><div class="para">
+ The following serialization frameworks are in the first category, are known to be unsafe, and must not be used for untrusted data:
+ </div><div class="itemizedlist"><ul><li class="listitem"><div class="para">
+ Python's <span class="package">pickle</span> and <span class="package">cPickle</span> modules, and wrappers such as <span class="package">shelve</span>
+ </div></li><li class="listitem"><div class="para">
+ Perl's <span class="package">Storable</span> package
+ </div></li><li class="listitem"><div class="para">
+ Java serialization (<span class="type">java.io.ObjectInputStream</span>), even if encoded in other formats (as with <span class="type">java.beans.XMLDecoder</span>)
+ </div></li><li class="listitem"><div class="para">
+ PHP serialization (<code class="function">unserialize</code>)
+ </div></li><li class="listitem"><div class="para">
+ Most implementations of YAML
+ </div></li></ul></div><div class="para">
+ When using a type-directed deserialization format where the types of the deserialized objects are specified by the programmer, make sure that the objects which can be instantiated cannot perform any destructive actions in their destructors, even when the data members have been manipulated.
+ </div><div class="para">
+ In general, JSON decoders do not suffer from this problem. But you must not use the <code class="function">eval</code> function to parse JSON objects in Javascript; even with the regular expression filter from RFC 4627, there are still information leaks remaining. JSON-based formats can still turn out risky if they serve as an encoding form for any if the serialization frameworks listed above.
+ </div></div><ul class="docnav"><li class="previous"><a accesskey="p" href="sect-Defensive_Coding-Tasks-Serialization-Fragmentation.html"><strong>Prev</strong>12.3. Fragmentation</a></li><li class="up"><a accesskey="u" href="#"><strong>Up</strong></a></li><li class="home"><a accesskey="h" href="index.html"><strong>Home</strong></a></li><li class="next"><a accesskey="n" href="sect-Defensive_Coding-Tasks-Serialization-XML.html"><strong>Next</strong>12.5. XML serialization</a></li></ul></body></html>
\ No newline at end of file
diff --git a/public_html/en-US/Fedora_Security_Team/1/html/Defensive_Coding/ch12s06.html b/public_html/en-US/Fedora_Security_Team/1/html/Defensive_Coding/ch12s06.html
new file mode 100644
index 0000000..ac9d45c
--- /dev/null
+++ b/public_html/en-US/Fedora_Security_Team/1/html/Defensive_Coding/ch12s06.html
@@ -0,0 +1,15 @@
+<?xml version="1.0" encoding="UTF-8" standalone="no"?>
+<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd"><html xmlns="http://www.w3.org/1999/xhtml"><head><meta http-equiv="Content-Type" content="text/html; charset=UTF-8" /><title>12.6. Protocol Encoders</title><link rel="stylesheet" type="text/css" href="Common_Content/css/default.css" /><link rel="stylesheet" media="print" href="Common_Content/css/print.css" type="text/css" /><meta name="generator" content="publican 2.8" /><meta name="package" content="Fedora_Security_Team-Defensive_Coding-1-en-US-1-1" /><script type="text/javascript" src="../../../../../toc.js"></script><script type="text/javascript">
+ addID('Fedora_Security_Team');
+
+ addID('Fedora_Security_Team.1');
+
+ addID('Fedora_Security_Team.1.books');
+ addID('Fedora_Security_Team.1.Defensive_Coding');
+ </script><link rel="home" href="index.html" title="Defensive Coding" /><link rel="up" href="chap-Defensive_Coding-Tasks-Serialization.html" title="Chapter 12. Serialization and Deserialization" /><link rel="prev" href="sect-Defensive_Coding-Tasks-Serialization-XML-OpenJDK_Parse-Other.html" title="12.5.7.3. Other XML parsers in OpenJDK" /><link rel="next" href="chap-Defensive_Coding-Tasks-Cryptography.html" title="Chapter 13. Cryptography" /></head><body class="toc_embeded "><div id="tocdiv" class="toc"><iframe id="tocframe" class="toc" src="../../../../toc.html">This is an iframe, to view it upgrade your browser or enable iframe display.</iframe></div><p id="title"><a class="left" href="http://www.fedoraproject.org"><img src="Common_Content/images/image_left.png" alt="Product Site" /></a><a class="right" href="http://docs.fedoraproject.org"><img src="Common_Content/images/image_right.png" alt="Documentation Site" /></a></p><ul class="docnav"><li class="pre
vious"><a accesskey="p" href="sect-Defensive_Coding-Tasks-Serialization-XML-OpenJDK_Parse-Other.html"><strong>Prev</strong></a></li><li class="next"><a accesskey="n" href="chap-Defensive_Coding-Tasks-Cryptography.html"><strong>Next</strong></a></li></ul><div class="section" id="idm225489001840"><div class="titlepage"><div><div keep-together.within-column="always"><h2 class="title" id="idm225489001840">12.6. Protocol Encoders</h2></div></div></div><div class="para">
+ For protocol encoders, you should write bytes to a buffer which grows as needed, using an exponential sizing policy. Explicit lengths can be patched in later, once they are known. Allocating the required number of bytes upfront typically requires separate code to compute the final size, which must be kept in sync with the actual encoding step, or vulnerabilities may result. In multi-threaded code, parts of the object being deserialized might change, so that the computed size is out of date.
+ </div><div class="para">
+ You should avoid copying data directly from a received packet during encoding, disregarding the format. Propagating malformed data could enable attacks on other recipients of that data.
+ </div><div class="para">
+ When using C or C++ and copying whole data structures directly into the output, make sure that you do not leak information in padding bytes between fields or at the end of the <code class="literal">struct</code>.
+ </div></div><ul class="docnav"><li class="previous"><a accesskey="p" href="sect-Defensive_Coding-Tasks-Serialization-XML-OpenJDK_Parse-Other.html"><strong>Prev</strong>12.5.7.3. Other XML parsers in OpenJDK</a></li><li class="up"><a accesskey="u" href="#"><strong>Up</strong></a></li><li class="home"><a accesskey="h" href="index.html"><strong>Home</strong></a></li><li class="next"><a accesskey="n" href="chap-Defensive_Coding-Tasks-Cryptography.html"><strong>Next</strong>Chapter 13. Cryptography</a></li></ul></body></html>
\ No newline at end of file
diff --git a/public_html/en-US/Fedora_Security_Team/1/html/Defensive_Coding/ch13s02.html b/public_html/en-US/Fedora_Security_Team/1/html/Defensive_Coding/ch13s02.html
new file mode 100644
index 0000000..ebbe1e4
--- /dev/null
+++ b/public_html/en-US/Fedora_Security_Team/1/html/Defensive_Coding/ch13s02.html
@@ -0,0 +1,31 @@
+<?xml version="1.0" encoding="UTF-8" standalone="no"?>
+<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd"><html xmlns="http://www.w3.org/1999/xhtml"><head><meta http-equiv="Content-Type" content="text/html; charset=UTF-8" /><title>13.2. Randomness</title><link rel="stylesheet" type="text/css" href="Common_Content/css/default.css" /><link rel="stylesheet" media="print" href="Common_Content/css/print.css" type="text/css" /><meta name="generator" content="publican 2.8" /><meta name="package" content="Fedora_Security_Team-Defensive_Coding-1-en-US-1-1" /><script type="text/javascript" src="../../../../../toc.js"></script><script type="text/javascript">
+ addID('Fedora_Security_Team');
+
+ addID('Fedora_Security_Team.1');
+
+ addID('Fedora_Security_Team.1.books');
+ addID('Fedora_Security_Team.1.Defensive_Coding');
+ </script><link rel="home" href="index.html" title="Defensive Coding" /><link rel="up" href="chap-Defensive_Coding-Tasks-Cryptography.html" title="Chapter 13. Cryptography" /><link rel="prev" href="chap-Defensive_Coding-Tasks-Cryptography.html" title="Chapter 13. Cryptography" /><link rel="next" href="chap-Defensive_Coding-Tasks-Packaging.html" title="Chapter 14. RPM packaging" /></head><body class="toc_embeded "><div id="tocdiv" class="toc"><iframe id="tocframe" class="toc" src="../../../../toc.html">This is an iframe, to view it upgrade your browser or enable iframe display.</iframe></div><p id="title"><a class="left" href="http://www.fedoraproject.org"><img src="Common_Content/images/image_left.png" alt="Product Site" /></a><a class="right" href="http://docs.fedoraproject.org"><img src="Common_Content/images/image_right.png" alt="Documentation Site" /></a></p><ul class="docnav"><li class="previous"><a accesskey="p" href="chap-Defensive_Coding-Tasks-Cryp
tography.html"><strong>Prev</strong></a></li><li class="next"><a accesskey="n" href="chap-Defensive_Coding-Tasks-Packaging.html"><strong>Next</strong></a></li></ul><div class="section" id="idm225461877616"><div class="titlepage"><div><div keep-together.within-column="always"><h2 class="title" id="idm225461877616">13.2. Randomness</h2></div></div></div><div class="para">
+ The following facilities can be used to generate unpredictable and non-repeating values. When these functions are used without special safeguards, each individual random value should be at least 12 bytes long.
+ </div><div class="itemizedlist"><ul><li class="listitem"><div class="para">
+ <code class="function">PK11_GenerateRandom</code> in the NSS library (usable for high data rates)
+ </div></li><li class="listitem"><div class="para">
+ <code class="function">RAND_bytes</code> in the OpenSSL library (usable for high data rates)
+ </div></li><li class="listitem"><div class="para">
+ <code class="function">gnutls_rnd</code> in GNUTLS, with <code class="literal">GNUTLS_RND_RANDOM</code> as the first argument (usable for high data rates)
+ </div></li><li class="listitem"><div class="para">
+ <span class="type">java.security.SecureRandom</span> in Java (usable for high data rates)
+ </div></li><li class="listitem"><div class="para">
+ <code class="function">os.urandom</code> in Python
+ </div></li><li class="listitem"><div class="para">
+ Reading from the <code class="filename">/dev/urandom</code> character device
+ </div></li></ul></div><div class="para">
+ All these functions should be non-blocking, and they should not wait until physical randomness becomes available. (Some cryptography providers for Java can cause <span class="type">java.security.SecureRandom</span> to block, however.) Those functions which do not obtain all bits directly from <code class="filename">/dev/urandom</code> are suitable for high data rates because they do not deplete the system-wide entropy pool.
+ </div><div class="important"><div class="admonition_header"><h2>Difficult to use API</h2></div><div class="admonition"><div class="para">
+ Both <code class="function">RAND_bytes</code> and <code class="function">PK11_GenerateRandom</code> have three-state return values (with conflicting meanings). Careful error checking is required. Please review the documentation when using these functions.
+ </div></div></div><div class="para">
+ Other sources of randomness should be considered predictable.
+ </div><div class="para">
+ Generating randomness for cryptographic keys in long-term use may need different steps and is best left to cryptographic libraries.
+ </div></div><ul class="docnav"><li class="previous"><a accesskey="p" href="chap-Defensive_Coding-Tasks-Cryptography.html"><strong>Prev</strong>Chapter 13. Cryptography</a></li><li class="up"><a accesskey="u" href="#"><strong>Up</strong></a></li><li class="home"><a accesskey="h" href="index.html"><strong>Home</strong></a></li><li class="next"><a accesskey="n" href="chap-Defensive_Coding-Tasks-Packaging.html"><strong>Next</strong>Chapter 14. RPM packaging</a></li></ul></body></html>
\ No newline at end of file
diff --git a/public_html/en-US/Fedora_Security_Team/1/html/Defensive_Coding/chap-Defensive_Coding-Authentication.html b/public_html/en-US/Fedora_Security_Team/1/html/Defensive_Coding/chap-Defensive_Coding-Authentication.html
index 22450a1..254ab47 100644
--- a/public_html/en-US/Fedora_Security_Team/1/html/Defensive_Coding/chap-Defensive_Coding-Authentication.html
+++ b/public_html/en-US/Fedora_Security_Team/1/html/Defensive_Coding/chap-Defensive_Coding-Authentication.html
@@ -1,12 +1,12 @@
<?xml version="1.0" encoding="UTF-8" standalone="no"?>
-<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd"><html xmlns="http://www.w3.org/1999/xhtml"><head><meta http-equiv="Content-Type" content="text/html; charset=UTF-8" /><title>Chapter 12. Authentication and Authorization</title><link rel="stylesheet" type="text/css" href="Common_Content/css/default.css" /><link rel="stylesheet" media="print" href="Common_Content/css/print.css" type="text/css" /><meta name="generator" content="publican 2.8" /><meta name="package" content="Fedora_Security_Team-Defensive_Coding-1-en-US--" /><script type="text/javascript" src="../../../../../toc.js"></script><script type="text/javascript">
+<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd"><html xmlns="http://www.w3.org/1999/xhtml"><head><meta http-equiv="Content-Type" content="text/html; charset=UTF-8" /><title>Chapter 15. Authentication and Authorization</title><link rel="stylesheet" type="text/css" href="Common_Content/css/default.css" /><link rel="stylesheet" media="print" href="Common_Content/css/print.css" type="text/css" /><meta name="generator" content="publican 2.8" /><meta name="package" content="Fedora_Security_Team-Defensive_Coding-1-en-US-1-1" /><script type="text/javascript" src="../../../../../toc.js"></script><script type="text/javascript">
addID('Fedora_Security_Team');
addID('Fedora_Security_Team.1');
addID('Fedora_Security_Team.1.books');
addID('Fedora_Security_Team.1.Defensive_Coding');
- </script><link rel="home" href="index.html" title="Defensive Coding" /><link rel="up" href="pt03.html" title="Part III. Implementing Security Features" /><link rel="prev" href="pt03.html" title="Part III. Implementing Security Features" /><link rel="next" href="sect-Defensive_Coding-Authentication-Host_based.html" title="12.2. Host-based authentication" /></head><body class="toc_embeded "><div id="tocdiv" class="toc"><iframe id="tocframe" class="toc" src="../../../../toc.html">This is an iframe, to view it upgrade your browser or enable iframe display.</iframe></div><p id="title"><a class="left" href="http://www.fedoraproject.org"><img src="Common_Content/images/image_left.png" alt="Product Site" /></a><a class="right" href="http://docs.fedoraproject.org"><img src="Common_Content/images/image_right.png" alt="Documentation Site" /></a></p><ul class="docnav"><li class="previous"><a accesskey="p" href="pt03.html"><strong>Prev</strong></a></li><li class="next"
><a accesskey="n" href="sect-Defensive_Coding-Authentication-Host_based.html"><strong>Next</strong></a></li></ul><div xml:lang="en-US" class="chapter" id="chap-Defensive_Coding-Authentication" lang="en-US"><div class="titlepage"><div><div><h2 class="title">Chapter 12. Authentication and Authorization</h2></div></div></div><div class="toc"><dl class="toc"><dt><span class="section"><a href="chap-Defensive_Coding-Authentication.html#sect-Defensive_Coding-Authentication-Server">12.1. Authenticating servers</a></span></dt><dt><span class="section"><a href="sect-Defensive_Coding-Authentication-Host_based.html">12.2. Host-based authentication</a></span></dt><dt><span class="section"><a href="sect-Defensive_Coding-Authentication-UNIX_Domain.html">12.3. UNIX domain socket authentication</a></span></dt><dt><span class="section"><a href="sect-Defensive_Coding-Authentication-Netlink.html">12.4. <code class="literal">AF_NETLINK</code> authentication of origin</a></span></dt></dl></div>
<div class="section" id="sect-Defensive_Coding-Authentication-Server"><div class="titlepage"><div><div keep-together.within-column="always"><h2 class="title">12.1. Authenticating servers</h2></div></div></div><div class="para">
+ </script><link rel="home" href="index.html" title="Defensive Coding" /><link rel="up" href="pt03.html" title="Part III. Implementing Security Features" /><link rel="prev" href="pt03.html" title="Part III. Implementing Security Features" /><link rel="next" href="sect-Defensive_Coding-Authentication-Host_based.html" title="15.2. Host-based authentication" /></head><body class="toc_embeded "><div id="tocdiv" class="toc"><iframe id="tocframe" class="toc" src="../../../../toc.html">This is an iframe, to view it upgrade your browser or enable iframe display.</iframe></div><p id="title"><a class="left" href="http://www.fedoraproject.org"><img src="Common_Content/images/image_left.png" alt="Product Site" /></a><a class="right" href="http://docs.fedoraproject.org"><img src="Common_Content/images/image_right.png" alt="Documentation Site" /></a></p><ul class="docnav"><li class="previous"><a accesskey="p" href="pt03.html"><strong>Prev</strong></a></li><li class="next"
><a accesskey="n" href="sect-Defensive_Coding-Authentication-Host_based.html"><strong>Next</strong></a></li></ul><div xml:lang="en-US" class="chapter" id="chap-Defensive_Coding-Authentication" lang="en-US"><div class="titlepage"><div><div><h2 class="title">Chapter 15. Authentication and Authorization</h2></div></div></div><div class="toc"><dl class="toc"><dt><span class="section"><a href="chap-Defensive_Coding-Authentication.html#sect-Defensive_Coding-Authentication-Server">15.1. Authenticating servers</a></span></dt><dt><span class="section"><a href="sect-Defensive_Coding-Authentication-Host_based.html">15.2. Host-based authentication</a></span></dt><dt><span class="section"><a href="sect-Defensive_Coding-Authentication-UNIX_Domain.html">15.3. UNIX domain socket authentication</a></span></dt><dt><span class="section"><a href="sect-Defensive_Coding-Authentication-Netlink.html">15.4. <code class="literal">AF_NETLINK</code> authentication of origin</a></span></dt></dl></div>
<div class="section" id="sect-Defensive_Coding-Authentication-Server"><div class="titlepage"><div><div keep-together.within-column="always"><h2 class="title">15.1. Authenticating servers</h2></div></div></div><div class="para">
When connecting to a server, a client has to make sure that it is actually talking to the server it expects. There are two different aspects, securing the network path, and making sure that the expected user runs the process on the target host. There are several ways to ensure that:
</div><div class="itemizedlist"><ul><li class="listitem"><div class="para">
The server uses a TLS certificate which is valid according to the web browser public key infrastructure, and the client verifies the certificate and the host name.
@@ -17,7 +17,7 @@
</div></li><li class="listitem"><div class="para">
Port numbers less than 1024 (<span class="emphasis"><em>trusted ports</em></span>) can only be used by <code class="literal">root</code>, so if a UDP or TCP server is running on the local host and it uses a trusted port, its identity is assured. (Not all operating systems enforce the trusted ports concept, and the network might not be trusted, so it is only useful on the local system.)
</div></li></ul></div><div class="para">
- TLS (<a class="xref" href="chap-Defensive_Coding-TLS.html">Chapter 13, <em>Transport Layer Security</em></a>) is the recommended way for securing connections over untrusted networks.
+ TLS (<a class="xref" href="chap-Defensive_Coding-TLS.html">Chapter 16, <em>Transport Layer Security</em></a>) is the recommended way for securing connections over untrusted networks.
</div><div class="para">
If the server port number is 1024 is higher, a local user can impersonate the process by binding to this socket, perhaps after crashing the real server by exploiting a denial-of-service vulnerability.
- </div></div></div><ul class="docnav"><li class="previous"><a accesskey="p" href="pt03.html"><strong>Prev</strong>Part III. Implementing Security Features</a></li><li class="up"><a accesskey="u" href="#"><strong>Up</strong></a></li><li class="home"><a accesskey="h" href="index.html"><strong>Home</strong></a></li><li class="next"><a accesskey="n" href="sect-Defensive_Coding-Authentication-Host_based.html"><strong>Next</strong>12.2. Host-based authentication</a></li></ul></body></html>
\ No newline at end of file
+ </div></div></div><ul class="docnav"><li class="previous"><a accesskey="p" href="pt03.html"><strong>Prev</strong>Part III. Implementing Security Features</a></li><li class="up"><a accesskey="u" href="#"><strong>Up</strong></a></li><li class="home"><a accesskey="h" href="index.html"><strong>Home</strong></a></li><li class="next"><a accesskey="n" href="sect-Defensive_Coding-Authentication-Host_based.html"><strong>Next</strong>15.2. Host-based authentication</a></li></ul></body></html>
\ No newline at end of file
diff --git a/public_html/en-US/Fedora_Security_Team/1/html/Defensive_Coding/chap-Defensive_Coding-C.html b/public_html/en-US/Fedora_Security_Team/1/html/Defensive_Coding/chap-Defensive_Coding-C.html
index 6a06a4f..68f7426 100644
--- a/public_html/en-US/Fedora_Security_Team/1/html/Defensive_Coding/chap-Defensive_Coding-C.html
+++ b/public_html/en-US/Fedora_Security_Team/1/html/Defensive_Coding/chap-Defensive_Coding-C.html
@@ -1,12 +1,12 @@
<?xml version="1.0" encoding="UTF-8" standalone="no"?>
-<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd"><html xmlns="http://www.w3.org/1999/xhtml"><head><meta http-equiv="Content-Type" content="text/html; charset=UTF-8" /><title>Chapter 1. The C Programming Language</title><link rel="stylesheet" type="text/css" href="Common_Content/css/default.css" /><link rel="stylesheet" media="print" href="Common_Content/css/print.css" type="text/css" /><meta name="generator" content="publican 2.8" /><meta name="package" content="Fedora_Security_Team-Defensive_Coding-1-en-US--" /><script type="text/javascript" src="../../../../../toc.js"></script><script type="text/javascript">
+<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd"><html xmlns="http://www.w3.org/1999/xhtml"><head><meta http-equiv="Content-Type" content="text/html; charset=UTF-8" /><title>Chapter 1. The C Programming Language</title><link rel="stylesheet" type="text/css" href="Common_Content/css/default.css" /><link rel="stylesheet" media="print" href="Common_Content/css/print.css" type="text/css" /><meta name="generator" content="publican 2.8" /><meta name="package" content="Fedora_Security_Team-Defensive_Coding-1-en-US-1-1" /><script type="text/javascript" src="../../../../../toc.js"></script><script type="text/javascript">
addID('Fedora_Security_Team');
addID('Fedora_Security_Team.1');
addID('Fedora_Security_Team.1.books');
addID('Fedora_Security_Team.1.Defensive_Coding');
- </script><link rel="home" href="index.html" title="Defensive Coding" /><link rel="up" href="pt01.html" title="Part I. Programming Languages" /><link rel="prev" href="pt01.html" title="Part I. Programming Languages" /><link rel="next" href="sect-Defensive_Coding-C-Libc.html" title="1.2. The C standard library" /></head><body class="toc_embeded "><div id="tocdiv" class="toc"><iframe id="tocframe" class="toc" src="../../../../toc.html">This is an iframe, to view it upgrade your browser or enable iframe display.</iframe></div><p id="title"><a class="left" href="http://www.fedoraproject.org"><img src="Common_Content/images/image_left.png" alt="Product Site" /></a><a class="right" href="http://docs.fedoraproject.org"><img src="Common_Content/images/image_right.png" alt="Documentation Site" /></a></p><ul class="docnav"><li class="previous"><a accesskey="p" href="pt01.html"><strong>Prev</strong></a></li><li class="next"><a accesskey="n" href="sect-Defensive_Coding
-C-Libc.html"><strong>Next</strong></a></li></ul><div xml:lang="en-US" class="chapter" id="chap-Defensive_Coding-C" lang="en-US"><div class="titlepage"><div><div><h2 class="title">Chapter 1. The C Programming Language</h2></div></div></div><div class="toc"><dl class="toc"><dt><span class="section"><a href="chap-Defensive_Coding-C.html#sect-Defensive_Coding-C-Language">1.1. The core language</a></span></dt><dd><dl><dt><span class="section"><a href="chap-Defensive_Coding-C.html#sect-Defensive_Coding-C-Undefined">1.1.1. Undefined behavior</a></span></dt><dt><span class="section"><a href="chap-Defensive_Coding-C.html#sect-Defensive_Coding-C-Pointers">1.1.2. Recommendations for pointers and array handling</a></span></dt><dt><span class="section"><a href="chap-Defensive_Coding-C.html#sect-Defensive_Coding-C-Arithmetic">1.1.3. Recommendations for integer arithmetic</a></span></dt></dl></dd><dt><span class="section"><a href="sect-Defensive_Coding-C-Libc.html">1.2. The C standard l
ibrary</a></span></dt><dd><dl><dt><span class="section"><a href="sect-Defensive_Coding-C-Libc.html#sect-Defensive_Coding-C-Absolutely-Banned">1.2.1. Absolutely banned interfaces</a></span></dt><dt><span class="section"><a href="sect-Defensive_Coding-C-Avoid.html">1.2.2. Functions to avoid</a></span></dt><dt><span class="section"><a href="sect-Defensive_Coding-C-String-Functions-Length.html">1.2.3. String Functions With Explicit Length Arguments</a></span></dt></dl></dd><dt><span class="section"><a href="sect-Defensive_Coding-C-Allocators.html">1.3. Memory allocators</a></span></dt><dd><dl><dt><span class="section"><a href="sect-Defensive_Coding-C-Allocators.html#idm217614761120">1.3.1. <code class="function">malloc</code> and related functions</a></span></dt><dt><span class="section"><a href="sect-Defensive_Coding-C-Allocators-alloca.html">1.3.2. <code class="function">alloca</code> and other forms of stack-based allocation</a></span></dt><dt><span class="section"><a href="s
ect-Defensive_Coding-C-Allocators-Arrays.html">1.3.3. Array allocation</a></span></dt><dt><span class="section"><a href="ch01s03s04.html">1.3.4. Custom memory allocators</a></span></dt><dt><span class="section"><a href="ch01s03s05.html">1.3.5. Conservative garbage collection</a></span></dt></dl></dd><dt><span class="section"><a href="sect-Defensive_Coding-C-Other.html">1.4. Other C-related topics</a></span></dt><dd><dl><dt><span class="section"><a href="sect-Defensive_Coding-C-Other.html#sect-Defensive_Coding-C-Wrapper-Functions">1.4.1. Wrapper functions</a></span></dt></dl></dd></dl></div><div xml:lang="en-US" class="section" id="sect-Defensive_Coding-C-Language" lang="en-US"><div class="titlepage"><div><div keep-together.within-column="always"><h2 class="title">1.1. The core language</h2></div></div></div><div class="para">
+ </script><link rel="home" href="index.html" title="Defensive Coding" /><link rel="up" href="pt01.html" title="Part I. Programming Languages" /><link rel="prev" href="pt01.html" title="Part I. Programming Languages" /><link rel="next" href="sect-Defensive_Coding-C-Libc.html" title="1.2. The C standard library" /></head><body class="toc_embeded "><div id="tocdiv" class="toc"><iframe id="tocframe" class="toc" src="../../../../toc.html">This is an iframe, to view it upgrade your browser or enable iframe display.</iframe></div><p id="title"><a class="left" href="http://www.fedoraproject.org"><img src="Common_Content/images/image_left.png" alt="Product Site" /></a><a class="right" href="http://docs.fedoraproject.org"><img src="Common_Content/images/image_right.png" alt="Documentation Site" /></a></p><ul class="docnav"><li class="previous"><a accesskey="p" href="pt01.html"><strong>Prev</strong></a></li><li class="next"><a accesskey="n" href="sect-Defensive_Coding
-C-Libc.html"><strong>Next</strong></a></li></ul><div xml:lang="en-US" class="chapter" id="chap-Defensive_Coding-C" lang="en-US"><div class="titlepage"><div><div><h2 class="title">Chapter 1. The C Programming Language</h2></div></div></div><div class="toc"><dl class="toc"><dt><span class="section"><a href="chap-Defensive_Coding-C.html#sect-Defensive_Coding-C-Language">1.1. The core language</a></span></dt><dd><dl><dt><span class="section"><a href="chap-Defensive_Coding-C.html#sect-Defensive_Coding-C-Undefined">1.1.1. Undefined behavior</a></span></dt><dt><span class="section"><a href="chap-Defensive_Coding-C.html#sect-Defensive_Coding-C-Pointers">1.1.2. Recommendations for pointers and array handling</a></span></dt><dt><span class="section"><a href="chap-Defensive_Coding-C.html#sect-Defensive_Coding-C-Arithmetic">1.1.3. Recommendations for integer arithmetic</a></span></dt><dt><span class="section"><a href="chap-Defensive_Coding-C.html#sect-Defensive_Coding-C-Globals">1.1.
4. Global variables</a></span></dt></dl></dd><dt><span class="section"><a href="sect-Defensive_Coding-C-Libc.html">1.2. The C standard library</a></span></dt><dd><dl><dt><span class="section"><a href="sect-Defensive_Coding-C-Libc.html#sect-Defensive_Coding-C-Absolutely-Banned">1.2.1. Absolutely banned interfaces</a></span></dt><dt><span class="section"><a href="sect-Defensive_Coding-C-Avoid.html">1.2.2. Functions to avoid</a></span></dt><dt><span class="section"><a href="sect-Defensive_Coding-C-String-Functions-Length.html">1.2.3. String Functions With Explicit Length Arguments</a></span></dt></dl></dd><dt><span class="section"><a href="sect-Defensive_Coding-C-Allocators.html">1.3. Memory allocators</a></span></dt><dd><dl><dt><span class="section"><a href="sect-Defensive_Coding-C-Allocators.html#idm225470719360">1.3.1. <code class="function">malloc</code> and related functions</a></span></dt><dt><span class="section"><a href="sect-Defensive_Coding-C-Allocators-alloca.html">1
.3.2. <code class="function">alloca</code> and other forms of stack-based allocation</a></span></dt><dt><span class="section"><a href="sect-Defensive_Coding-C-Allocators-Arrays.html">1.3.3. Array allocation</a></span></dt><dt><span class="section"><a href="sect-Defensive_Coding-C-Allocators-Custom.html">1.3.4. Custom memory allocators</a></span></dt><dt><span class="section"><a href="ch01s03s05.html">1.3.5. Conservative garbage collection</a></span></dt></dl></dd><dt><span class="section"><a href="sect-Defensive_Coding-C-Other.html">1.4. Other C-related topics</a></span></dt><dd><dl><dt><span class="section"><a href="sect-Defensive_Coding-C-Other.html#sect-Defensive_Coding-C-Wrapper-Functions">1.4.1. Wrapper functions</a></span></dt></dl></dd></dl></div><div xml:lang="en-US" class="section" id="sect-Defensive_Coding-C-Language" lang="en-US"><div class="titlepage"><div><div keep-together.within-column="always"><h2 class="title">1.1. The core language</h2></div></div></div><d
iv class="para">
C provides no memory safety. Most recommendations in this section deal with this aspect of the language.
</div><div class="section" id="sect-Defensive_Coding-C-Undefined"><div class="titlepage"><div><div keep-together.within-column="always"><h3 class="title">1.1.1. Undefined behavior</h3></div></div></div><div class="para">
Some C constructs are defined to be undefined by the C standard. This does not only mean that the standard does not describe what happens when the construct is executed. It also allows optimizing compilers such as GCC to assume that this particular construct is never reached. In some cases, this has caused GCC to optimize security checks away. (This is not a flaw in GCC or the C language. But C certainly has some areas which are more difficult to use than others.)
@@ -91,10 +91,22 @@ add(<span class="perl_DataType">int</span> a, <span class="perl_DataType">int</s
</div><div class="itemizedlist"><ul><li class="listitem"><div class="para">
Use a wider type to perform the calculation, check that the result is within bounds, and convert the result to the original type. All intermediate results must be checked in this way.
</div></li><li class="listitem"><div class="para">
- Perform the calculation in the corresponding unsigned type and use bit fiddling to detect the overflow.
- </div></li><li class="listitem"><div class="para">
- Compute bounds for acceptable input values which are known to avoid overflow, and reject other values. This is the preferred way for overflow checking on multiplications, see <a class="xref" href="chap-Defensive_Coding-C.html#ex-Defensive_Coding-C-Arithmetic-mult">Example 1.3, “Overflow checking for unsigned multiplication”</a>.
- </div></li></ul></div><div class="example" id="ex-Defensive_Coding-C-Arithmetic-mult"><h6>Example 1.3. Overflow checking for unsigned multiplication</h6><div class="example-contents"><pre xml:lang="en-US" class="programlisting" lang="en-US">
+ Perform the calculation in the corresponding unsigned type and use bit fiddling to detect the overflow. <a class="xref" href="chap-Defensive_Coding-C.html#ex-Defensive_Coding-C-Arithmetic-add_unsigned">Example 1.3, “Overflow checking for unsigned addition”</a> shows how to perform an overflow check for unsigned integer addition. For three or more terms, all the intermediate additions have to be checked in this way.
+ </div></li></ul></div><div class="example" id="ex-Defensive_Coding-C-Arithmetic-add_unsigned"><h6>Example 1.3. Overflow checking for unsigned addition</h6><div class="example-contents"><pre xml:lang="en-US" class="programlisting" lang="en-US">
+<span class="perl_DataType">void</span> report_overflow(<span class="perl_DataType">void</span>);
+
+<span class="perl_DataType">unsigned</span>
+add_unsigned(<span class="perl_DataType">unsigned</span> a, <span class="perl_DataType">unsigned</span> b)
+{
+ <span class="perl_DataType">unsigned</span> sum = a + b;
+ <span class="perl_Keyword">if</span> (sum < a) { <span class="perl_Comment">// or sum < b</span><span class="perl_Comment"></span>
+<span class="perl_Comment"></span> report_overflow();
+ }
+ <span class="perl_Keyword">return</span> sum;
+}
+</pre></div></div><br class="example-break" /><div class="itemizedlist"><ul><li class="listitem"><div class="para">
+ Compute bounds for acceptable input values which are known to avoid overflow, and reject other values. This is the preferred way for overflow checking on multiplications, see <a class="xref" href="chap-Defensive_Coding-C.html#ex-Defensive_Coding-C-Arithmetic-mult">Example 1.4, “Overflow checking for unsigned multiplication”</a>.
+ </div></li></ul></div><div class="example" id="ex-Defensive_Coding-C-Arithmetic-mult"><h6>Example 1.4. Overflow checking for unsigned multiplication</h6><div class="example-contents"><pre xml:lang="en-US" class="programlisting" lang="en-US">
<span class="perl_DataType">unsigned</span>
mul(<span class="perl_DataType">unsigned</span> a, <span class="perl_DataType">unsigned</span> b)
{
@@ -104,9 +116,26 @@ mul(<span class="perl_DataType">unsigned</span> a, <span class="perl_DataType">u
<span class="perl_Keyword">return</span> a * b;
}
</pre></div></div><br class="example-break" /><div class="para">
- Basic arithmetic operations a commutative, so for bounds checks, there are two different but mathematically equivalent expressions. Sometimes, one of the expressions results in better code because parts of it can be reduced to a constant. This applies to overflow checks for multiplication <code class="literal">a * b</code> involving a constant <code class="literal">a</code>, where the expression is reduced to <code class="literal">b > C</code> for some constant <code class="literal">C</code> determined at compile time. The other expression, <code class="literal">b && a > ((unsigned)-1) / b</code>, is more difficult to optimize at compile time.
+ Basic arithmetic operations are commutative, so for bounds checks, there are two different but mathematically equivalent expressions. Sometimes, one of the expressions results in better code because parts of it can be reduced to a constant. This applies to overflow checks for multiplication <code class="literal">a * b</code> involving a constant <code class="literal">a</code>, where the expression is reduced to <code class="literal">b > C</code> for some constant <code class="literal">C</code> determined at compile time. The other expression, <code class="literal">b && a > ((unsigned)-1) / b</code>, is more difficult to optimize at compile time.
</div><div class="para">
When a value is converted to a signed integer, GCC always chooses the result based on 2's complement arithmetic. This GCC extension (which is also implemented by other compilers) helps a lot when implementing overflow checks.
</div><div class="para">
+ Sometimes, it is necessary to compare unsigned and signed integer variables. This results in a compiler warning, <span class="emphasis"><em>comparison between signed and unsigned integer expressions</em></span>, because the comparison often gives unexpected results for negative values. When adding a cast, make sure that negative values are covered properly. If the bound is unsigned and the checked quantity is signed, you should cast the checked quantity to an unsigned type as least as wide as either operand type. As a result, negative values will fail the bounds check. (You can still check for negative values separately for clarity, and the compiler will optimize away this redundant check.)
+ </div><div class="para">
Legacy code should be compiled with the <code class="option">-fwrapv</code> GCC option. As a result, GCC will provide 2's complement semantics for integer arithmetic, including defined behavior on integer overflow.
+ </div></div><div class="section" id="sect-Defensive_Coding-C-Globals"><div class="titlepage"><div><div keep-together.within-column="always"><h3 class="title">1.1.4. Global variables</h3></div></div></div><div class="para">
+ Global variables should be avoided because they usually lead to thread safety hazards. In any case, they should be declared <code class="literal">static</code>, so that access is restricted to a single translation unit.
+ </div><div class="para">
+ Global constants are not a problem, but declaring them can be tricky. <a class="xref" href="chap-Defensive_Coding-C.html#ex-Defensive_Coding-C-Globals-String_Array">Example 1.5, “Declaring a constant array of constant strings”</a> shows how to declare a constant array of constant strings. The second <code class="literal">const</code> is needed to make the array constant, and not just the strings. It must be placed after the <code class="literal">*</code>, and not before it.
+ </div><div class="example" id="ex-Defensive_Coding-C-Globals-String_Array"><h6>Example 1.5. Declaring a constant array of constant strings</h6><div class="example-contents"><pre xml:lang="en-US" class="programlisting" lang="en-US">
+<span class="perl_DataType">static</span> <span class="perl_DataType">const</span> <span class="perl_DataType">char</span> *<span class="perl_DataType">const</span> string_list[] = {
+ <span class="perl_String">"first"</span>,
+ <span class="perl_String">"second"</span>,
+ <span class="perl_String">"third"</span>,
+ NULL
+};
+</pre></div></div><br class="example-break" /><div class="para">
+ Sometimes, static variables local to functions are used as a replacement for proper memory management. Unlike non-static local variables, it is possible to return a pointer to static local variables to the caller. But such variables are well-hidden, but effectively global (just as static variables at file scope). It is difficult to add thread safety afterwards if such interfaces are used. Merely dropping the <code class="literal">static</code> keyword in such cases leads to undefined behavior.
+ </div><div class="para">
+ Another source for static local variables is a desire to reduce stack space usage on embedded platforms, where the stack may span only a few hundred bytes. If this is the only reason why the <code class="literal">static</code> keyword is used, it can just be dropped, unless the object is very large (larger than 128 kilobytes on 32 bit platforms). In the latter case, it is recommended to allocate the object using <code class="literal">malloc</code>, to obtain proper array checking, for the same reasons outlined in <a class="xref" href="sect-Defensive_Coding-C-Allocators-alloca.html">Section 1.3.2, “<code class="function">alloca</code> and other forms of stack-based allocation”</a>.
</div></div></div></div><ul class="docnav"><li class="previous"><a accesskey="p" href="pt01.html"><strong>Prev</strong>Part I. Programming Languages</a></li><li class="up"><a accesskey="u" href="#"><strong>Up</strong></a></li><li class="home"><a accesskey="h" href="index.html"><strong>Home</strong></a></li><li class="next"><a accesskey="n" href="sect-Defensive_Coding-C-Libc.html"><strong>Next</strong>1.2. The C standard library</a></li></ul></body></html>
\ No newline at end of file
diff --git a/public_html/en-US/Fedora_Security_Team/1/html/Defensive_Coding/chap-Defensive_Coding-CXX.html b/public_html/en-US/Fedora_Security_Team/1/html/Defensive_Coding/chap-Defensive_Coding-CXX.html
index ffe3a29..20de6a3 100644
--- a/public_html/en-US/Fedora_Security_Team/1/html/Defensive_Coding/chap-Defensive_Coding-CXX.html
+++ b/public_html/en-US/Fedora_Security_Team/1/html/Defensive_Coding/chap-Defensive_Coding-CXX.html
@@ -1,26 +1,26 @@
<?xml version="1.0" encoding="UTF-8" standalone="no"?>
-<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd"><html xmlns="http://www.w3.org/1999/xhtml"><head><meta http-equiv="Content-Type" content="text/html; charset=UTF-8" /><title>Chapter 2. The C++ Programming Language</title><link rel="stylesheet" type="text/css" href="Common_Content/css/default.css" /><link rel="stylesheet" media="print" href="Common_Content/css/print.css" type="text/css" /><meta name="generator" content="publican 2.8" /><meta name="package" content="Fedora_Security_Team-Defensive_Coding-1-en-US--" /><script type="text/javascript" src="../../../../../toc.js"></script><script type="text/javascript">
+<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd"><html xmlns="http://www.w3.org/1999/xhtml"><head><meta http-equiv="Content-Type" content="text/html; charset=UTF-8" /><title>Chapter 2. The C++ Programming Language</title><link rel="stylesheet" type="text/css" href="Common_Content/css/default.css" /><link rel="stylesheet" media="print" href="Common_Content/css/print.css" type="text/css" /><meta name="generator" content="publican 2.8" /><meta name="package" content="Fedora_Security_Team-Defensive_Coding-1-en-US-1-1" /><script type="text/javascript" src="../../../../../toc.js"></script><script type="text/javascript">
addID('Fedora_Security_Team');
addID('Fedora_Security_Team.1');
addID('Fedora_Security_Team.1.books');
addID('Fedora_Security_Team.1.Defensive_Coding');
- </script><link rel="home" href="index.html" title="Defensive Coding" /><link rel="up" href="pt01.html" title="Part I. Programming Languages" /><link rel="prev" href="sect-Defensive_Coding-C-Other.html" title="1.4. Other C-related topics" /><link rel="next" href="sect-Defensive_Coding-CXX-Std.html" title="2.2. The C++ standard library" /></head><body class="toc_embeded "><div id="tocdiv" class="toc"><iframe id="tocframe" class="toc" src="../../../../toc.html">This is an iframe, to view it upgrade your browser or enable iframe display.</iframe></div><p id="title"><a class="left" href="http://www.fedoraproject.org"><img src="Common_Content/images/image_left.png" alt="Product Site" /></a><a class="right" href="http://docs.fedoraproject.org"><img src="Common_Content/images/image_right.png" alt="Documentation Site" /></a></p><ul class="docnav"><li class="previous"><a accesskey="p" href="sect-Defensive_Coding-C-Other.html"><strong>Prev</strong></a></li><li class="
next"><a accesskey="n" href="sect-Defensive_Coding-CXX-Std.html"><strong>Next</strong></a></li></ul><div xml:lang="en-US" class="chapter" id="chap-Defensive_Coding-CXX" lang="en-US"><div class="titlepage"><div><div><h2 class="title">Chapter 2. The C++ Programming Language</h2></div></div></div><div class="toc"><dl class="toc"><dt><span class="section"><a href="chap-Defensive_Coding-CXX.html#sect-Defensive_Coding-CXX-Language">2.1. The core language</a></span></dt><dd><dl><dt><span class="section"><a href="chap-Defensive_Coding-CXX.html#idm217609231952">2.1.1. Array allocation with <code class="literal">operator new[]</code></a></span></dt><dt><span class="section"><a href="chap-Defensive_Coding-CXX.html#idm217629800976">2.1.2. Overloading</a></span></dt><dt><span class="section"><a href="chap-Defensive_Coding-CXX.html#idm217609919680">2.1.3. ABI compatibility and preparing for security updates</a></span></dt><dt><span class="section"><a href="chap-Defensive_Coding-CXX.html
#sect-Defensive_Coding-CXX-Language-CXX11">2.1.4. C++0X and C++11 support</a></span></dt></dl></dd><dt><span class="section"><a href="sect-Defensive_Coding-CXX-Std.html">2.2. The C++ standard library</a></span></dt><dd><dl><dt><span class="section"><a href="sect-Defensive_Coding-CXX-Std.html#idm217623779280">2.2.1. Containers and <code class="literal">operator[]</code></a></span></dt></dl></dd></dl></div><div xml:lang="en-US" class="section" id="sect-Defensive_Coding-CXX-Language" lang="en-US"><div class="titlepage"><div><div keep-together.within-column="always"><h2 class="title">2.1. The core language</h2></div></div></div><div class="para">
+ </script><link rel="home" href="index.html" title="Defensive Coding" /><link rel="up" href="pt01.html" title="Part I. Programming Languages" /><link rel="prev" href="sect-Defensive_Coding-C-Other.html" title="1.4. Other C-related topics" /><link rel="next" href="sect-Defensive_Coding-CXX-Std.html" title="2.2. The C++ standard library" /></head><body class="toc_embeded "><div id="tocdiv" class="toc"><iframe id="tocframe" class="toc" src="../../../../toc.html">This is an iframe, to view it upgrade your browser or enable iframe display.</iframe></div><p id="title"><a class="left" href="http://www.fedoraproject.org"><img src="Common_Content/images/image_left.png" alt="Product Site" /></a><a class="right" href="http://docs.fedoraproject.org"><img src="Common_Content/images/image_right.png" alt="Documentation Site" /></a></p><ul class="docnav"><li class="previous"><a accesskey="p" href="sect-Defensive_Coding-C-Other.html"><strong>Prev</strong></a></li><li class="
next"><a accesskey="n" href="sect-Defensive_Coding-CXX-Std.html"><strong>Next</strong></a></li></ul><div xml:lang="en-US" class="chapter" id="chap-Defensive_Coding-CXX" lang="en-US"><div class="titlepage"><div><div><h2 class="title">Chapter 2. The C++ Programming Language</h2></div></div></div><div class="toc"><dl class="toc"><dt><span class="section"><a href="chap-Defensive_Coding-CXX.html#sect-Defensive_Coding-CXX-Language">2.1. The core language</a></span></dt><dd><dl><dt><span class="section"><a href="chap-Defensive_Coding-CXX.html#idm225451562352">2.1.1. Array allocation with <code class="literal">operator new[]</code></a></span></dt><dt><span class="section"><a href="chap-Defensive_Coding-CXX.html#idm225451560624">2.1.2. Overloading</a></span></dt><dt><span class="section"><a href="chap-Defensive_Coding-CXX.html#idm225451563856">2.1.3. ABI compatibility and preparing for security updates</a></span></dt><dt><span class="section"><a href="chap-Defensive_Coding-CXX.html
#sect-Defensive_Coding-CXX-Language-CXX11">2.1.4. C++0X and C++11 support</a></span></dt></dl></dd><dt><span class="section"><a href="sect-Defensive_Coding-CXX-Std.html">2.2. The C++ standard library</a></span></dt><dd><dl><dt><span class="section"><a href="sect-Defensive_Coding-CXX-Std.html#sect-Defensive_Coding-CXX-Std-Functions">2.2.1. Functions that are difficult to use</a></span></dt><dt><span class="section"><a href="sect-Defensive_Coding-CXX-Std-String.html">2.2.2. String handling with <code class="literal">std::string</code></a></span></dt><dt><span class="section"><a href="sect-Defensive_Coding-CXX-Std-Subscript.html">2.2.3. Containers and <code class="literal">operator[]</code></a></span></dt><dt><span class="section"><a href="sect-Defensive_Coding-CXX-Std-Iterators.html">2.2.4. Iterators</a></span></dt></dl></dd></dl></div><div xml:lang="en-US" class="section" id="sect-Defensive_Coding-CXX-Language" lang="en-US"><div class="titlepage"><div><div keep-together.withi
n-column="always"><h2 class="title">2.1. The core language</h2></div></div></div><div class="para">
C++ includes a large subset of the C language. As far as the C subset is used, the recommendations in <a class="xref" href="chap-Defensive_Coding-C.html">Chapter 1, <em>The C Programming Language</em></a> apply.
- </div><div class="section" id="idm217609231952"><div class="titlepage"><div><div keep-together.within-column="always"><h3 class="title" id="idm217609231952">2.1.1. Array allocation with <code class="literal">operator new[]</code></h3></div></div></div><div class="para">
- For very large values of <code class="literal">n</code>, an expression like <code class="literal">new T[n]</code> can return a pointer to a heap region which is too small. In other words, not all array elements are actually backed with heap memory reserved to the array. Current GCC versions generate code that performs a computation of the form <code class="literal">sizeof(T) * size_t(n) + cookie_size</code>, where <code class="literal">cookie_size</code> is currently at most 8. This computation can overflow, and GCC-generated code does not detect this.
+ </div><div class="section" id="idm225451562352"><div class="titlepage"><div><div keep-together.within-column="always"><h3 class="title" id="idm225451562352">2.1.1. Array allocation with <code class="literal">operator new[]</code></h3></div></div></div><div class="para">
+ For very large values of <code class="literal">n</code>, an expression like <code class="literal">new T[n]</code> can return a pointer to a heap region which is too small. In other words, not all array elements are actually backed with heap memory reserved to the array. Current GCC versions generate code that performs a computation of the form <code class="literal">sizeof(T) * size_t(n) + cookie_size</code>, where <code class="literal">cookie_size</code> is currently at most 8. This computation can overflow, and GCC versions prior to 4.8 generated code which did not detect this. (Fedora 18 was the first release which fixed this in GCC.)
</div><div class="para">
The <code class="literal">std::vector</code> template can be used instead an explicit array allocation. (The GCC implementation detects overflow internally.)
</div><div class="para">
- If there is no alternative to <code class="literal">operator new[]</code>, code which allocates arrays with a variable length must check for overflow manually. For the <code class="literal">new T[n]</code> example, the size check could be <code class="literal">n || (n > 0 && n > (size_t(-1) - 8) / sizeof(T))</code>. (See <a class="xref" href="chap-Defensive_Coding-C.html#sect-Defensive_Coding-C-Arithmetic">Section 1.1.3, “Recommendations for integer arithmetic”</a>.) If there are additional dimensions (which must be constants according to the C++ standard), these should be included as factors in the divisor.
+ If there is no alternative to <code class="literal">operator new[]</code> and the sources will be compiled with older GCC versions, code which allocates arrays with a variable length must check for overflow manually. For the <code class="literal">new T[n]</code> example, the size check could be <code class="literal">n || (n > 0 && n > (size_t(-1) - 8) / sizeof(T))</code>. (See <a class="xref" href="chap-Defensive_Coding-C.html#sect-Defensive_Coding-C-Arithmetic">Section 1.1.3, “Recommendations for integer arithmetic”</a>.) If there are additional dimensions (which must be constants according to the C++ standard), these should be included as factors in the divisor.
</div><div class="para">
- These countermeasures prevent out-of-bounds writes and potential code execution. Very large memory allocations can still lead to a denial of service. <a class="xref" href="chap-Defensive_Coding-Tasks-Serialization.html#sect-Defensive_Coding-Tasks-Serialization-Decoders">Section 10.1, “Recommendations for manually written decoders”</a> contains suggestions for mitigating this problem when processing untrusted data.
+ These countermeasures prevent out-of-bounds writes and potential code execution. Very large memory allocations can still lead to a denial of service. <a class="xref" href="chap-Defensive_Coding-Tasks-Serialization.html#sect-Defensive_Coding-Tasks-Serialization-Decoders">Section 12.1, “Recommendations for manually written decoders”</a> contains suggestions for mitigating this problem when processing untrusted data.
</div><div class="para">
See <a class="xref" href="sect-Defensive_Coding-C-Allocators-Arrays.html">Section 1.3.3, “Array allocation”</a> for array allocation advice for C-style memory allocation.
- </div></div><div class="section" id="idm217629800976"><div class="titlepage"><div><div keep-together.within-column="always"><h3 class="title" id="idm217629800976">2.1.2. Overloading</h3></div></div></div><div class="para">
+ </div></div><div class="section" id="idm225451560624"><div class="titlepage"><div><div keep-together.within-column="always"><h3 class="title" id="idm225451560624">2.1.2. Overloading</h3></div></div></div><div class="para">
Do not overload functions with versions that have different security characteristics. For instance, do not implement a function <code class="function">strcat</code> which works on <span class="type">std::string</span> arguments. Similarly, do not name methods after such functions.
- </div></div><div class="section" id="idm217609919680"><div class="titlepage"><div><div keep-together.within-column="always"><h3 class="title" id="idm217609919680">2.1.3. ABI compatibility and preparing for security updates</h3></div></div></div><div class="para">
+ </div></div><div class="section" id="idm225451563856"><div class="titlepage"><div><div keep-together.within-column="always"><h3 class="title" id="idm225451563856">2.1.3. ABI compatibility and preparing for security updates</h3></div></div></div><div class="para">
A stable binary interface (ABI) is vastly preferred for security updates. Without a stable ABI, all reverse dependencies need recompiling, which can be a lot of work and could even be impossible in some cases. Ideally, a security update only updates a single dynamic shared object, and is picked up automatically after restarting affected processes.
</div><div class="para">
Outside of extremely performance-critical code, you should ensure that a wide range of changes is possible without breaking ABI. Some very basic guidelines are:
diff --git a/public_html/en-US/Fedora_Security_Team/1/html/Defensive_Coding/chap-Defensive_Coding-Go-Error_Handling.html b/public_html/en-US/Fedora_Security_Team/1/html/Defensive_Coding/chap-Defensive_Coding-Go-Error_Handling.html
new file mode 100644
index 0000000..f91ccac
--- /dev/null
+++ b/public_html/en-US/Fedora_Security_Team/1/html/Defensive_Coding/chap-Defensive_Coding-Go-Error_Handling.html
@@ -0,0 +1,55 @@
+<?xml version="1.0" encoding="UTF-8" standalone="no"?>
+<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd"><html xmlns="http://www.w3.org/1999/xhtml"><head><meta http-equiv="Content-Type" content="text/html; charset=UTF-8" /><title>5.2. Error handling</title><link rel="stylesheet" type="text/css" href="Common_Content/css/default.css" /><link rel="stylesheet" media="print" href="Common_Content/css/print.css" type="text/css" /><meta name="generator" content="publican 2.8" /><meta name="package" content="Fedora_Security_Team-Defensive_Coding-1-en-US-1-1" /><script type="text/javascript" src="../../../../../toc.js"></script><script type="text/javascript">
+ addID('Fedora_Security_Team');
+
+ addID('Fedora_Security_Team.1');
+
+ addID('Fedora_Security_Team.1.books');
+ addID('Fedora_Security_Team.1.Defensive_Coding');
+ </script><link rel="home" href="index.html" title="Defensive Coding" /><link rel="up" href="chap-Defensive_Coding-Go.html" title="Chapter 5. The Go Programming Language" /><link rel="prev" href="chap-Defensive_Coding-Go.html" title="Chapter 5. The Go Programming Language" /><link rel="next" href="chap-Defensive_Coding-Go-Garbage_Collector.html" title="5.3. Garbage Collector" /></head><body class="toc_embeded "><div id="tocdiv" class="toc"><iframe id="tocframe" class="toc" src="../../../../toc.html">This is an iframe, to view it upgrade your browser or enable iframe display.</iframe></div><p id="title"><a class="left" href="http://www.fedoraproject.org"><img src="Common_Content/images/image_left.png" alt="Product Site" /></a><a class="right" href="http://docs.fedoraproject.org"><img src="Common_Content/images/image_right.png" alt="Documentation Site" /></a></p><ul class="docnav"><li class="previous"><a accesskey="p" href="chap-Defensive_Coding-Go.html"><str
ong>Prev</strong></a></li><li class="next"><a accesskey="n" href="chap-Defensive_Coding-Go-Garbage_Collector.html"><strong>Next</strong></a></li></ul><div class="section" id="chap-Defensive_Coding-Go-Error_Handling"><div class="titlepage"><div><div keep-together.within-column="always"><h2 class="title">5.2. Error handling</h2></div></div></div><div class="para">
+ Only a few common operations (such as pointer dereference, integer division, array subscripting) trigger exceptions in Go, called <span class="emphasis"><em>panics</em></span>. Most interfaces in the standard library use a separate return value of type <code class="literal">error</code> to signal error.
+ </div><div class="para">
+ Not checking error return values can lead to incorrect operation and data loss (especially in the case of writes, using interfaces such as <code class="literal">io.Writer</code>).
+ </div><div class="para">
+ The correct way to check error return values depends on the function or method being called. In the majority of cases, the first step after calling a function should be an error check against the <code class="literal">nil</code> value, handling any encountered error. See <a class="xref" href="chap-Defensive_Coding-Go-Error_Handling.html#ex-Defensive_Coding-Go-Error_Handling-Regular">Example 5.1, “Regular error handling in Go”</a> for details.
+ </div><div class="example" id="ex-Defensive_Coding-Go-Error_Handling-Regular"><h6>Example 5.1. Regular error handling in Go</h6><div class="example-contents"><pre xml:lang="en-US" class="programlisting" lang="en-US">
+type Processor interface {
+ Process(buf []byte) (message string, err error)
+}
+
+type ErrorHandler interface {
+ Handle(err error)
+}
+
+func RegularError(buf []byte, processor Processor,
+ handler ErrorHandler) (message string, err error) {
+ message, err = processor.Process(buf)
+ <span class="perl_Keyword">if</span> err != nil {
+ handler.Handle(err)
+ <span class="perl_Keyword">return</span> <span class="perl_String">""</span>, err
+ }
+ <span class="perl_Keyword">return</span>
+}
+</pre></div></div><br class="example-break" /><div class="para">
+ However, with <code class="literal">io.Reader</code>, <code class="literal">io.ReaderAt</code> and related interfaces, it is necessary to check for a non-zero number of read bytes first, as shown in <a class="xref" href="chap-Defensive_Coding-Go-Error_Handling.html#ex-Defensive_Coding-Go-Error_Handling-IO">Example 5.2, “Read error handling in Go”</a>. If this pattern is not followed, data loss may occur. This is due to the fact that the <code class="literal">io.Reader</code> interface permits returning both data and an error at the same time.
+ </div><div class="example" id="ex-Defensive_Coding-Go-Error_Handling-IO"><h6>Example 5.2. Read error handling in Go</h6><div class="example-contents"><pre xml:lang="en-US" class="programlisting" lang="en-US">
+func IOError(r io.Reader, buf []byte, processor Processor,
+ handler ErrorHandler) (message string, err error) {
+ n, err := r.Read(buf)
+ <span class="perl_Comment">// First check for available data.</span><span class="perl_Comment"></span>
+<span class="perl_Comment"></span> <span class="perl_Keyword">if</span> n > 0 {
+ message, err = processor.Process(buf[0:n])
+ <span class="perl_Comment">// Regular error handling.</span><span class="perl_Comment"></span>
+<span class="perl_Comment"></span> <span class="perl_Keyword">if</span> err != nil {
+ handler.Handle(err)
+ <span class="perl_Keyword">return</span> <span class="perl_String">""</span>, err
+ }
+ }
+ <span class="perl_Comment">// Then handle any error.</span><span class="perl_Comment"></span>
+<span class="perl_Comment"></span> <span class="perl_Keyword">if</span> err != nil {
+ handler.Handle(err)
+ <span class="perl_Keyword">return</span> <span class="perl_String">""</span>, err
+ }
+ <span class="perl_Keyword">return</span>
+}
+</pre></div></div><br class="example-break" /></div><ul class="docnav"><li class="previous"><a accesskey="p" href="chap-Defensive_Coding-Go.html"><strong>Prev</strong>Chapter 5. The Go Programming Language</a></li><li class="up"><a accesskey="u" href="#"><strong>Up</strong></a></li><li class="home"><a accesskey="h" href="index.html"><strong>Home</strong></a></li><li class="next"><a accesskey="n" href="chap-Defensive_Coding-Go-Garbage_Collector.html"><strong>Next</strong>5.3. Garbage Collector</a></li></ul></body></html>
\ No newline at end of file
diff --git a/public_html/en-US/Fedora_Security_Team/1/html/Defensive_Coding/chap-Defensive_Coding-Go-Garbage_Collector.html b/public_html/en-US/Fedora_Security_Team/1/html/Defensive_Coding/chap-Defensive_Coding-Go-Garbage_Collector.html
new file mode 100644
index 0000000..216f543
--- /dev/null
+++ b/public_html/en-US/Fedora_Security_Team/1/html/Defensive_Coding/chap-Defensive_Coding-Go-Garbage_Collector.html
@@ -0,0 +1,11 @@
+<?xml version="1.0" encoding="UTF-8" standalone="no"?>
+<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd"><html xmlns="http://www.w3.org/1999/xhtml"><head><meta http-equiv="Content-Type" content="text/html; charset=UTF-8" /><title>5.3. Garbage Collector</title><link rel="stylesheet" type="text/css" href="Common_Content/css/default.css" /><link rel="stylesheet" media="print" href="Common_Content/css/print.css" type="text/css" /><meta name="generator" content="publican 2.8" /><meta name="package" content="Fedora_Security_Team-Defensive_Coding-1-en-US-1-1" /><script type="text/javascript" src="../../../../../toc.js"></script><script type="text/javascript">
+ addID('Fedora_Security_Team');
+
+ addID('Fedora_Security_Team.1');
+
+ addID('Fedora_Security_Team.1.books');
+ addID('Fedora_Security_Team.1.Defensive_Coding');
+ </script><link rel="home" href="index.html" title="Defensive Coding" /><link rel="up" href="chap-Defensive_Coding-Go.html" title="Chapter 5. The Go Programming Language" /><link rel="prev" href="chap-Defensive_Coding-Go-Error_Handling.html" title="5.2. Error handling" /><link rel="next" href="chap-Defensive_Coding-Vala.html" title="Chapter 6. The Vala Programming Language" /></head><body class="toc_embeded "><div id="tocdiv" class="toc"><iframe id="tocframe" class="toc" src="../../../../toc.html">This is an iframe, to view it upgrade your browser or enable iframe display.</iframe></div><p id="title"><a class="left" href="http://www.fedoraproject.org"><img src="Common_Content/images/image_left.png" alt="Product Site" /></a><a class="right" href="http://docs.fedoraproject.org"><img src="Common_Content/images/image_right.png" alt="Documentation Site" /></a></p><ul class="docnav"><li class="previous"><a accesskey="p" href="chap-Defensive_Coding-Go-Error_Handli
ng.html"><strong>Prev</strong></a></li><li class="next"><a accesskey="n" href="chap-Defensive_Coding-Vala.html"><strong>Next</strong></a></li></ul><div class="section" id="chap-Defensive_Coding-Go-Garbage_Collector"><div class="titlepage"><div><div keep-together.within-column="always"><h2 class="title">5.3. Garbage Collector</h2></div></div></div><div class="para">
+ Older Go releases (before Go 1.3) use a conservative garbage collector without blacklisting. This means that data blobs can cause retention of unrelated data structures because the data is conservatively interpreted as pointers. This phenomenon can be triggered accidentally on 32-bit architectures and is more likely to occur if the heap grows larger. On 64-bit architectures, it may be possible to trigger it deliberately—it is unlikely to occur spontaneously.
+ </div></div><ul class="docnav"><li class="previous"><a accesskey="p" href="chap-Defensive_Coding-Go-Error_Handling.html"><strong>Prev</strong>5.2. Error handling</a></li><li class="up"><a accesskey="u" href="#"><strong>Up</strong></a></li><li class="home"><a accesskey="h" href="index.html"><strong>Home</strong></a></li><li class="next"><a accesskey="n" href="chap-Defensive_Coding-Vala.html"><strong>Next</strong>Chapter 6. The Vala Programming Language</a></li></ul></body></html>
\ No newline at end of file
diff --git a/public_html/en-US/Fedora_Security_Team/1/html/Defensive_Coding/chap-Defensive_Coding-Go.html b/public_html/en-US/Fedora_Security_Team/1/html/Defensive_Coding/chap-Defensive_Coding-Go.html
new file mode 100644
index 0000000..d2c9e47
--- /dev/null
+++ b/public_html/en-US/Fedora_Security_Team/1/html/Defensive_Coding/chap-Defensive_Coding-Go.html
@@ -0,0 +1,17 @@
+<?xml version="1.0" encoding="UTF-8" standalone="no"?>
+<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd"><html xmlns="http://www.w3.org/1999/xhtml"><head><meta http-equiv="Content-Type" content="text/html; charset=UTF-8" /><title>Chapter 5. The Go Programming Language</title><link rel="stylesheet" type="text/css" href="Common_Content/css/default.css" /><link rel="stylesheet" media="print" href="Common_Content/css/print.css" type="text/css" /><meta name="generator" content="publican 2.8" /><meta name="package" content="Fedora_Security_Team-Defensive_Coding-1-en-US-1-1" /><script type="text/javascript" src="../../../../../toc.js"></script><script type="text/javascript">
+ addID('Fedora_Security_Team');
+
+ addID('Fedora_Security_Team.1');
+
+ addID('Fedora_Security_Team.1.books');
+ addID('Fedora_Security_Team.1.Defensive_Coding');
+ </script><link rel="home" href="index.html" title="Defensive Coding" /><link rel="up" href="pt01.html" title="Part I. Programming Languages" /><link rel="prev" href="ch04s03.html" title="4.3. Sandboxing" /><link rel="next" href="chap-Defensive_Coding-Go-Error_Handling.html" title="5.2. Error handling" /></head><body class="toc_embeded "><div id="tocdiv" class="toc"><iframe id="tocframe" class="toc" src="../../../../toc.html">This is an iframe, to view it upgrade your browser or enable iframe display.</iframe></div><p id="title"><a class="left" href="http://www.fedoraproject.org"><img src="Common_Content/images/image_left.png" alt="Product Site" /></a><a class="right" href="http://docs.fedoraproject.org"><img src="Common_Content/images/image_right.png" alt="Documentation Site" /></a></p><ul class="docnav"><li class="previous"><a accesskey="p" href="ch04s03.html"><strong>Prev</strong></a></li><li class="next"><a accesskey="n" href="chap-Defensive_Coding-Go-Er
ror_Handling.html"><strong>Next</strong></a></li></ul><div xml:lang="en-US" class="chapter" id="chap-Defensive_Coding-Go" lang="en-US"><div class="titlepage"><div><div><h2 class="title">Chapter 5. The Go Programming Language</h2></div></div></div><div class="toc"><dl class="toc"><dt><span class="section"><a href="chap-Defensive_Coding-Go.html#chap-Defensive_Coding-Go-Memory_Safety">5.1. Memory safety</a></span></dt><dt><span class="section"><a href="chap-Defensive_Coding-Go-Error_Handling.html">5.2. Error handling</a></span></dt><dt><span class="section"><a href="chap-Defensive_Coding-Go-Garbage_Collector.html">5.3. Garbage Collector</a></span></dt></dl></div><div class="para">
+ This chapter contains language-specific recommendations for Go.
+ </div><div class="section" id="chap-Defensive_Coding-Go-Memory_Safety"><div class="titlepage"><div><div keep-together.within-column="always"><h2 class="title">5.1. Memory safety</h2></div></div></div><div class="para">
+ Go provides memory safety, but only if the program is not executed in parallel (that is, <code class="envar">GOMAXPROCS</code> is not larger than <code class="literal">1</code>). The reason is that interface values and slices consist of multiple words are not updated atomically. Another thread of execution can observe an inconsistent pairing between type information and stored value (for interfaces) or pointer and length (for slices), and such inconsistency can lead to a memory safety violation.
+ </div><div class="para">
+ Code which does not run in parallel and does not use the <code class="literal">unsafe</code> package (or other packages which expose unsafe constructs) is memory-safe. For example, invalid casts and out-of-range subscripting cause panics and run time.
+ </div><div class="para">
+ Keep in mind that finalization can introduce parallelism because finalizers are executed concurrently, potentially interleaved with the rest of the program.
+ </div></div></div><ul class="docnav"><li class="previous"><a accesskey="p" href="ch04s03.html"><strong>Prev</strong>4.3. Sandboxing</a></li><li class="up"><a accesskey="u" href="#"><strong>Up</strong></a></li><li class="home"><a accesskey="h" href="index.html"><strong>Home</strong></a></li><li class="next"><a accesskey="n" href="chap-Defensive_Coding-Go-Error_Handling.html"><strong>Next</strong>5.2. Error handling</a></li></ul></body></html>
\ No newline at end of file
diff --git a/public_html/en-US/Fedora_Security_Team/1/html/Defensive_Coding/chap-Defensive_Coding-Java.html b/public_html/en-US/Fedora_Security_Team/1/html/Defensive_Coding/chap-Defensive_Coding-Java.html
index 425209d..d51c9ab 100644
--- a/public_html/en-US/Fedora_Security_Team/1/html/Defensive_Coding/chap-Defensive_Coding-Java.html
+++ b/public_html/en-US/Fedora_Security_Team/1/html/Defensive_Coding/chap-Defensive_Coding-Java.html
@@ -1,12 +1,12 @@
<?xml version="1.0" encoding="UTF-8" standalone="no"?>
-<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd"><html xmlns="http://www.w3.org/1999/xhtml"><head><meta http-equiv="Content-Type" content="text/html; charset=UTF-8" /><title>Chapter 3. The Java Programming Language</title><link rel="stylesheet" type="text/css" href="Common_Content/css/default.css" /><link rel="stylesheet" media="print" href="Common_Content/css/print.css" type="text/css" /><meta name="generator" content="publican 2.8" /><meta name="package" content="Fedora_Security_Team-Defensive_Coding-1-en-US--" /><script type="text/javascript" src="../../../../../toc.js"></script><script type="text/javascript">
+<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd"><html xmlns="http://www.w3.org/1999/xhtml"><head><meta http-equiv="Content-Type" content="text/html; charset=UTF-8" /><title>Chapter 3. The Java Programming Language</title><link rel="stylesheet" type="text/css" href="Common_Content/css/default.css" /><link rel="stylesheet" media="print" href="Common_Content/css/print.css" type="text/css" /><meta name="generator" content="publican 2.8" /><meta name="package" content="Fedora_Security_Team-Defensive_Coding-1-en-US-1-1" /><script type="text/javascript" src="../../../../../toc.js"></script><script type="text/javascript">
addID('Fedora_Security_Team');
addID('Fedora_Security_Team.1');
addID('Fedora_Security_Team.1.books');
addID('Fedora_Security_Team.1.Defensive_Coding');
- </script><link rel="home" href="index.html" title="Defensive Coding" /><link rel="up" href="pt01.html" title="Part I. Programming Languages" /><link rel="prev" href="sect-Defensive_Coding-CXX-Std.html" title="2.2. The C++ standard library" /><link rel="next" href="sect-Defensive_Coding-Java-LowLevel.html" title="3.2. Low-level features of the virtual machine" /></head><body class="toc_embeded "><div id="tocdiv" class="toc"><iframe id="tocframe" class="toc" src="../../../../toc.html">This is an iframe, to view it upgrade your browser or enable iframe display.</iframe></div><p id="title"><a class="left" href="http://www.fedoraproject.org"><img src="Common_Content/images/image_left.png" alt="Product Site" /></a><a class="right" href="http://docs.fedoraproject.org"><img src="Common_Content/images/image_right.png" alt="Documentation Site" /></a></p><ul class="docnav"><li class="previous"><a accesskey="p" href="sect-Defensive_Coding-CXX-Std.html"><strong>Prev</st
rong></a></li><li class="next"><a accesskey="n" href="sect-Defensive_Coding-Java-LowLevel.html"><strong>Next</strong></a></li></ul><div xml:lang="en-US" class="chapter" id="chap-Defensive_Coding-Java" lang="en-US"><div class="titlepage"><div><div><h2 class="title">Chapter 3. The Java Programming Language</h2></div></div></div><div class="toc"><dl class="toc"><dt><span class="section"><a href="chap-Defensive_Coding-Java.html#sect-Defensive_Coding-Java-Language">3.1. The core language</a></span></dt><dd><dl><dt><span class="section"><a href="chap-Defensive_Coding-Java.html#sect-Defensive_Coding-Java-Language-ReadArray">3.1.1. Inceasing robustness when reading arrays</a></span></dt><dt><span class="section"><a href="chap-Defensive_Coding-Java.html#sect-Defensive_Coding-Java-Language-Resources">3.1.2. Resource management</a></span></dt><dt><span class="section"><a href="chap-Defensive_Coding-Java.html#sect-Defensive_Coding-Java-Language-Finalizers">3.1.3. Finalizers</a></span>
</dt><dt><span class="section"><a href="chap-Defensive_Coding-Java.html#sect-Defensive_Coding-Java-Language-Exceptions">3.1.4. Recovering from exceptions and errors</a></span></dt></dl></dd><dt><span class="section"><a href="sect-Defensive_Coding-Java-LowLevel.html">3.2. Low-level features of the virtual machine</a></span></dt><dd><dl><dt><span class="section"><a href="sect-Defensive_Coding-Java-LowLevel.html#sect-Defensive_Coding-Java-Reflection">3.2.1. <code class="literal">Reflection and private parts</code></a></span></dt><dt><span class="section"><a href="sect-Defensive_Coding-Java-JNI.html">3.2.2. Java Native Interface (JNI)</a></span></dt><dt><span class="section"><a href="sect-Defensive_Coding-Java-MiscUnsafe.html">3.2.3. <code class="literal">sun.misc.Unsafe</code></a></span></dt></dl></dd><dt><span class="section"><a href="sect-Defensive_Coding-Java-SecurityManager.html">3.3. Interacting with the security manager</a></span></dt><dd><dl><dt><span class="section"><a
href="sect-Defensive_Coding-Java-SecurityManager.html#sect-Defensive_Coding-Java-SecurityManager-Compatible">3.3.1. Security manager compatibility</a></span></dt><dt><span class="section"><a href="sect-Defensive_Coding-Java-SecurityManager-Activate.html">3.3.2. Activating the security manager</a></span></dt><dt><span class="section"><a href="sect-Defensive_Coding-Java-SecurityManager-Unprivileged.html">3.3.3. Reducing trust in code</a></span></dt><dt><span class="section"><a href="sect-Defensive_Coding-Java-SecurityManager-Privileged.html">3.3.4. Re-gaining privileges</a></span></dt></dl></dd></dl></div><div xml:lang="en-US" class="section" id="sect-Defensive_Coding-Java-Language" lang="en-US"><div class="titlepage"><div><div keep-together.within-column="always"><h2 class="title">3.1. The core language</h2></div></div></div><div class="para">
+ </script><link rel="home" href="index.html" title="Defensive Coding" /><link rel="up" href="pt01.html" title="Part I. Programming Languages" /><link rel="prev" href="sect-Defensive_Coding-CXX-Std-Iterators.html" title="2.2.4. Iterators" /><link rel="next" href="sect-Defensive_Coding-Java-LowLevel.html" title="3.2. Low-level features of the virtual machine" /></head><body class="toc_embeded "><div id="tocdiv" class="toc"><iframe id="tocframe" class="toc" src="../../../../toc.html">This is an iframe, to view it upgrade your browser or enable iframe display.</iframe></div><p id="title"><a class="left" href="http://www.fedoraproject.org"><img src="Common_Content/images/image_left.png" alt="Product Site" /></a><a class="right" href="http://docs.fedoraproject.org"><img src="Common_Content/images/image_right.png" alt="Documentation Site" /></a></p><ul class="docnav"><li class="previous"><a accesskey="p" href="sect-Defensive_Coding-CXX-Std-Iterators.html"><strong>P
rev</strong></a></li><li class="next"><a accesskey="n" href="sect-Defensive_Coding-Java-LowLevel.html"><strong>Next</strong></a></li></ul><div xml:lang="en-US" class="chapter" id="chap-Defensive_Coding-Java" lang="en-US"><div class="titlepage"><div><div><h2 class="title">Chapter 3. The Java Programming Language</h2></div></div></div><div class="toc"><dl class="toc"><dt><span class="section"><a href="chap-Defensive_Coding-Java.html#sect-Defensive_Coding-Java-Language">3.1. The core language</a></span></dt><dd><dl><dt><span class="section"><a href="chap-Defensive_Coding-Java.html#sect-Defensive_Coding-Java-Language-ReadArray">3.1.1. Inceasing robustness when reading arrays</a></span></dt><dt><span class="section"><a href="chap-Defensive_Coding-Java.html#sect-Defensive_Coding-Java-Language-Resources">3.1.2. Resource management</a></span></dt><dt><span class="section"><a href="chap-Defensive_Coding-Java.html#sect-Defensive_Coding-Java-Language-Finalizers">3.1.3. Finalizers</a>
</span></dt><dt><span class="section"><a href="chap-Defensive_Coding-Java.html#sect-Defensive_Coding-Java-Language-Exceptions">3.1.4. Recovering from exceptions and errors</a></span></dt></dl></dd><dt><span class="section"><a href="sect-Defensive_Coding-Java-LowLevel.html">3.2. Low-level features of the virtual machine</a></span></dt><dd><dl><dt><span class="section"><a href="sect-Defensive_Coding-Java-LowLevel.html#sect-Defensive_Coding-Java-Reflection">3.2.1. <code class="literal">Reflection and private parts</code></a></span></dt><dt><span class="section"><a href="sect-Defensive_Coding-Java-JNI.html">3.2.2. Java Native Interface (JNI)</a></span></dt><dt><span class="section"><a href="sect-Defensive_Coding-Java-MiscUnsafe.html">3.2.3. <code class="literal">sun.misc.Unsafe</code></a></span></dt></dl></dd><dt><span class="section"><a href="sect-Defensive_Coding-Java-SecurityManager.html">3.3. Interacting with the security manager</a></span></dt><dd><dl><dt><span class="secti
on"><a href="sect-Defensive_Coding-Java-SecurityManager.html#sect-Defensive_Coding-Java-SecurityManager-Compatible">3.3.1. Security manager compatibility</a></span></dt><dt><span class="section"><a href="sect-Defensive_Coding-Java-SecurityManager-Activate.html">3.3.2. Activating the security manager</a></span></dt><dt><span class="section"><a href="sect-Defensive_Coding-Java-SecurityManager-Unprivileged.html">3.3.3. Reducing trust in code</a></span></dt><dt><span class="section"><a href="sect-Defensive_Coding-Java-SecurityManager-Privileged.html">3.3.4. Re-gaining privileges</a></span></dt></dl></dd></dl></div><div xml:lang="en-US" class="section" id="sect-Defensive_Coding-Java-Language" lang="en-US"><div class="titlepage"><div><div keep-together.within-column="always"><h2 class="title">3.1. The core language</h2></div></div></div><div class="para">
Implementations of the Java programming language provide strong memory safety, even in the presence of data races in concurrent code. This prevents a large range of security vulnerabilities from occurring, unless certain low-level features are used; see <a class="xref" href="sect-Defensive_Coding-Java-LowLevel.html">Section 3.2, “Low-level features of the virtual machine”</a>.
</div><div class="section" id="sect-Defensive_Coding-Java-Language-ReadArray"><div class="titlepage"><div><div keep-together.within-column="always"><h3 class="title">3.1.1. Inceasing robustness when reading arrays</h3></div></div></div><div class="para">
External data formats often include arrays, and the data is stored as an integer indicating the number of array elements, followed by this number of elements in the file or protocol data unit. This length specified can be much larger than what is actually available in the data source.
@@ -113,4 +113,4 @@ InputStream in = <span class="perl_Keyword">new</span> BufferedInputStream(<span
The other reason mainly applies to such request dispatching loops: If you do not catch errors, the loop stops looping, resulting in a denial of service.
</div><div class="para">
However, if possible, catching errors should be coupled with a way to signal the requirement of a virtual machine restart.
- </div></div></div></div></div><ul class="docnav"><li class="previous"><a accesskey="p" href="sect-Defensive_Coding-CXX-Std.html"><strong>Prev</strong>2.2. The C++ standard library</a></li><li class="up"><a accesskey="u" href="#"><strong>Up</strong></a></li><li class="home"><a accesskey="h" href="index.html"><strong>Home</strong></a></li><li class="next"><a accesskey="n" href="sect-Defensive_Coding-Java-LowLevel.html"><strong>Next</strong>3.2. Low-level features of the virtual machine</a></li></ul></body></html>
\ No newline at end of file
+ </div></div></div></div></div><ul class="docnav"><li class="previous"><a accesskey="p" href="sect-Defensive_Coding-CXX-Std-Iterators.html"><strong>Prev</strong>2.2.4. Iterators</a></li><li class="up"><a accesskey="u" href="#"><strong>Up</strong></a></li><li class="home"><a accesskey="h" href="index.html"><strong>Home</strong></a></li><li class="next"><a accesskey="n" href="sect-Defensive_Coding-Java-LowLevel.html"><strong>Next</strong>3.2. Low-level features of the virtual machine</a></li></ul></body></html>
\ No newline at end of file
diff --git a/public_html/en-US/Fedora_Security_Team/1/html/Defensive_Coding/chap-Defensive_Coding-Python.html b/public_html/en-US/Fedora_Security_Team/1/html/Defensive_Coding/chap-Defensive_Coding-Python.html
index 8e35fef..b0a7d8f 100644
--- a/public_html/en-US/Fedora_Security_Team/1/html/Defensive_Coding/chap-Defensive_Coding-Python.html
+++ b/public_html/en-US/Fedora_Security_Team/1/html/Defensive_Coding/chap-Defensive_Coding-Python.html
@@ -1,23 +1,23 @@
<?xml version="1.0" encoding="UTF-8" standalone="no"?>
-<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd"><html xmlns="http://www.w3.org/1999/xhtml"><head><meta http-equiv="Content-Type" content="text/html; charset=UTF-8" /><title>Chapter 4. The Python Programming Language</title><link rel="stylesheet" type="text/css" href="Common_Content/css/default.css" /><link rel="stylesheet" media="print" href="Common_Content/css/print.css" type="text/css" /><meta name="generator" content="publican 2.8" /><meta name="package" content="Fedora_Security_Team-Defensive_Coding-1-en-US--" /><script type="text/javascript" src="../../../../../toc.js"></script><script type="text/javascript">
+<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd"><html xmlns="http://www.w3.org/1999/xhtml"><head><meta http-equiv="Content-Type" content="text/html; charset=UTF-8" /><title>Chapter 4. The Python Programming Language</title><link rel="stylesheet" type="text/css" href="Common_Content/css/default.css" /><link rel="stylesheet" media="print" href="Common_Content/css/print.css" type="text/css" /><meta name="generator" content="publican 2.8" /><meta name="package" content="Fedora_Security_Team-Defensive_Coding-1-en-US-1-1" /><script type="text/javascript" src="../../../../../toc.js"></script><script type="text/javascript">
addID('Fedora_Security_Team');
addID('Fedora_Security_Team.1');
addID('Fedora_Security_Team.1.books');
addID('Fedora_Security_Team.1.Defensive_Coding');
- </script><link rel="home" href="index.html" title="Defensive Coding" /><link rel="up" href="pt01.html" title="Part I. Programming Languages" /><link rel="prev" href="sect-Defensive_Coding-Java-SecurityManager-Privileged.html" title="3.3.4. Re-gaining privileges" /><link rel="next" href="ch04s02.html" title="4.2. Run-time compilation and code generation" /></head><body class="toc_embeded "><div id="tocdiv" class="toc"><iframe id="tocframe" class="toc" src="../../../../toc.html">This is an iframe, to view it upgrade your browser or enable iframe display.</iframe></div><p id="title"><a class="left" href="http://www.fedoraproject.org"><img src="Common_Content/images/image_left.png" alt="Product Site" /></a><a class="right" href="http://docs.fedoraproject.org"><img src="Common_Content/images/image_right.png" alt="Documentation Site" /></a></p><ul class="docnav"><li class="previous"><a accesskey="p" href="sect-Defensive_Coding-Java-SecurityManager-Privileged.html
"><strong>Prev</strong></a></li><li class="next"><a accesskey="n" href="ch04s02.html"><strong>Next</strong></a></li></ul><div xml:lang="en-US" class="chapter" id="chap-Defensive_Coding-Python" lang="en-US"><div class="titlepage"><div><div><h2 class="title">Chapter 4. The Python Programming Language</h2></div></div></div><div class="toc"><dl class="toc"><dt><span class="section"><a href="chap-Defensive_Coding-Python.html#idm217625452800">4.1. Dangerous standard library features</a></span></dt><dt><span class="section"><a href="ch04s02.html">4.2. Run-time compilation and code generation</a></span></dt><dt><span class="section"><a href="ch04s03.html">4.3. Sandboxing</a></span></dt></dl></div><div class="para">
+ </script><link rel="home" href="index.html" title="Defensive Coding" /><link rel="up" href="pt01.html" title="Part I. Programming Languages" /><link rel="prev" href="sect-Defensive_Coding-Java-SecurityManager-Privileged.html" title="3.3.4. Re-gaining privileges" /><link rel="next" href="ch04s02.html" title="4.2. Run-time compilation and code generation" /></head><body class="toc_embeded "><div id="tocdiv" class="toc"><iframe id="tocframe" class="toc" src="../../../../toc.html">This is an iframe, to view it upgrade your browser or enable iframe display.</iframe></div><p id="title"><a class="left" href="http://www.fedoraproject.org"><img src="Common_Content/images/image_left.png" alt="Product Site" /></a><a class="right" href="http://docs.fedoraproject.org"><img src="Common_Content/images/image_right.png" alt="Documentation Site" /></a></p><ul class="docnav"><li class="previous"><a accesskey="p" href="sect-Defensive_Coding-Java-SecurityManager-Privileged.html
"><strong>Prev</strong></a></li><li class="next"><a accesskey="n" href="ch04s02.html"><strong>Next</strong></a></li></ul><div xml:lang="en-US" class="chapter" id="chap-Defensive_Coding-Python" lang="en-US"><div class="titlepage"><div><div><h2 class="title">Chapter 4. The Python Programming Language</h2></div></div></div><div class="toc"><dl class="toc"><dt><span class="section"><a href="chap-Defensive_Coding-Python.html#idm225495658016">4.1. Dangerous standard library features</a></span></dt><dt><span class="section"><a href="ch04s02.html">4.2. Run-time compilation and code generation</a></span></dt><dt><span class="section"><a href="ch04s03.html">4.3. Sandboxing</a></span></dt></dl></div><div class="para">
Python provides memory safety by default, so low-level security vulnerabilities are rare and typically needs fixing the Python interpreter or standard library itself.
</div><div class="para">
Other sections with Python-specific advice include:
</div><div class="itemizedlist"><ul><li class="listitem"><div class="para">
- <a class="xref" href="chap-Defensive_Coding-Tasks-Temporary_Files.html">Chapter 8, <em>Temporary files</em></a>
+ <a class="xref" href="chap-Defensive_Coding-Tasks-Temporary_Files.html">Chapter 10, <em>Temporary files</em></a>
</div></li><li class="listitem"><div class="para">
- <a class="xref" href="sect-Defensive_Coding-Tasks-Processes.html#sect-Defensive_Coding-Tasks-Processes-Creation">Section 9.1, “Safe process creation”</a>
+ <a class="xref" href="sect-Defensive_Coding-Tasks-Processes.html#sect-Defensive_Coding-Tasks-Processes-Creation">Section 11.1, “Safe process creation”</a>
</div></li><li class="listitem"><div class="para">
- <a class="xref" href="chap-Defensive_Coding-Tasks-Serialization.html">Chapter 10, <em>Serialization and Deserialization</em></a>, in particular <a class="xref" href="ch10s03.html#sect-Defensive_Coding-Tasks-Serialization-Library">Section 10.3, “Library support for deserialization”</a>
+ <a class="xref" href="chap-Defensive_Coding-Tasks-Serialization.html">Chapter 12, <em>Serialization and Deserialization</em></a>, in particular <a class="xref" href="ch12s04.html#sect-Defensive_Coding-Tasks-Serialization-Library">Section 12.4, “Library support for deserialization”</a>
</div></li><li class="listitem"><div class="para">
- <a class="xref" href="ch11s02.html#sect-Defensive_Coding-Tasks-Cryptography-Randomness">Section 11.2, “Randomness”</a>
- </div></li></ul></div><div class="section" id="idm217625452800"><div class="titlepage"><div><div keep-together.within-column="always"><h2 class="title" id="idm217625452800">4.1. Dangerous standard library features</h2></div></div></div><div class="para">
+ <a class="xref" href="ch13s02.html#sect-Defensive_Coding-Tasks-Cryptography-Randomness">Section 13.2, “Randomness”</a>
+ </div></li></ul></div><div class="section" id="idm225495658016"><div class="titlepage"><div><div keep-together.within-column="always"><h2 class="title" id="idm225495658016">4.1. Dangerous standard library features</h2></div></div></div><div class="para">
Some areas of the standard library, notably the <code class="literal">ctypes</code> module, do not provide memory safety guarantees comparable to the rest of Python. If such functionality is used, the advice in <a class="xref" href="chap-Defensive_Coding-C.html#sect-Defensive_Coding-C-Language">Section 1.1, “The core language”</a> should be followed.
</div></div></div><ul class="docnav"><li class="previous"><a accesskey="p" href="sect-Defensive_Coding-Java-SecurityManager-Privileged.html"><strong>Prev</strong>3.3.4. Re-gaining privileges</a></li><li class="up"><a accesskey="u" href="#"><strong>Up</strong></a></li><li class="home"><a accesskey="h" href="index.html"><strong>Home</strong></a></li><li class="next"><a accesskey="n" href="ch04s02.html"><strong>Next</strong>4.2. Run-time compilation and code generation</a></li></ul></body></html>
\ No newline at end of file
diff --git a/public_html/en-US/Fedora_Security_Team/1/html/Defensive_Coding/chap-Defensive_Coding-TLS.html b/public_html/en-US/Fedora_Security_Team/1/html/Defensive_Coding/chap-Defensive_Coding-TLS.html
index ca74981..410fb21 100644
--- a/public_html/en-US/Fedora_Security_Team/1/html/Defensive_Coding/chap-Defensive_Coding-TLS.html
+++ b/public_html/en-US/Fedora_Security_Team/1/html/Defensive_Coding/chap-Defensive_Coding-TLS.html
@@ -1,14 +1,14 @@
<?xml version="1.0" encoding="UTF-8" standalone="no"?>
-<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd"><html xmlns="http://www.w3.org/1999/xhtml"><head><meta http-equiv="Content-Type" content="text/html; charset=UTF-8" /><title>Chapter 13. Transport Layer Security</title><link rel="stylesheet" type="text/css" href="Common_Content/css/default.css" /><link rel="stylesheet" media="print" href="Common_Content/css/print.css" type="text/css" /><meta name="generator" content="publican 2.8" /><meta name="package" content="Fedora_Security_Team-Defensive_Coding-1-en-US--" /><script type="text/javascript" src="../../../../../toc.js"></script><script type="text/javascript">
+<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd"><html xmlns="http://www.w3.org/1999/xhtml"><head><meta http-equiv="Content-Type" content="text/html; charset=UTF-8" /><title>Chapter 16. Transport Layer Security</title><link rel="stylesheet" type="text/css" href="Common_Content/css/default.css" /><link rel="stylesheet" media="print" href="Common_Content/css/print.css" type="text/css" /><meta name="generator" content="publican 2.8" /><meta name="package" content="Fedora_Security_Team-Defensive_Coding-1-en-US-1-1" /><script type="text/javascript" src="../../../../../toc.js"></script><script type="text/javascript">
addID('Fedora_Security_Team');
addID('Fedora_Security_Team.1');
addID('Fedora_Security_Team.1.books');
addID('Fedora_Security_Team.1.Defensive_Coding');
- </script><link rel="home" href="index.html" title="Defensive Coding" /><link rel="up" href="pt03.html" title="Part III. Implementing Security Features" /><link rel="prev" href="sect-Defensive_Coding-Authentication-Netlink.html" title="12.4. AF_NETLINK authentication of origin" /><link rel="next" href="sect-Defensive_Coding-TLS-Client.html" title="13.2. TLS Clients" /></head><body class="toc_embeded "><div id="tocdiv" class="toc"><iframe id="tocframe" class="toc" src="../../../../toc.html">This is an iframe, to view it upgrade your browser or enable iframe display.</iframe></div><p id="title"><a class="left" href="http://www.fedoraproject.org"><img src="Common_Content/images/image_left.png" alt="Product Site" /></a><a class="right" href="http://docs.fedoraproject.org"><img src="Common_Content/images/image_right.png" alt="Documentation Site" /></a></p><ul class="docnav"><li class="previous"><a accesskey="p" href="sect-Defensive_Coding-Authentication-Netlink.h
tml"><strong>Prev</strong></a></li><li class="next"><a accesskey="n" href="sect-Defensive_Coding-TLS-Client.html"><strong>Next</strong></a></li></ul><div xml:lang="en-US" class="chapter" id="chap-Defensive_Coding-TLS" lang="en-US"><div class="titlepage"><div><div><h2 class="title">Chapter 13. Transport Layer Security</h2></div></div></div><div class="toc"><dl class="toc"><dt><span class="section"><a href="chap-Defensive_Coding-TLS.html#sect-Defensive_Coding-TLS-Pitfalls">13.1. Common Pitfalls</a></span></dt><dd><dl><dt><span class="section"><a href="chap-Defensive_Coding-TLS.html#sect-Defensive_Coding-TLS-OpenSSL">13.1.1. OpenSSL Pitfalls</a></span></dt><dt><span class="section"><a href="chap-Defensive_Coding-TLS.html#sect-Defensive_Coding-TLS-Pitfalls-GNUTLS">13.1.2. GNUTLS Pitfalls</a></span></dt><dt><span class="section"><a href="chap-Defensive_Coding-TLS.html#sect-Defensive_Coding-TLS-Pitfalls-OpenJDK">13.1.3. OpenJDK Pitfalls</a></span></dt><dt><span class="section"><
a href="chap-Defensive_Coding-TLS.html#sect-Defensive_Coding-TLS-Pitfalls-NSS">13.1.4. NSS Pitfalls</a></span></dt></dl></dd><dt><span class="section"><a href="sect-Defensive_Coding-TLS-Client.html">13.2. TLS Clients</a></span></dt><dd><dl><dt><span class="section"><a href="sect-Defensive_Coding-TLS-Client.html#idm217622790960">13.2.1. Implementation TLS Clients With OpenSSL</a></span></dt><dt><span class="section"><a href="sect-Defensive_Coding-TLS-Client-GNUTLS.html">13.2.2. Implementation TLS Clients With GNUTLS</a></span></dt><dt><span class="section"><a href="sect-Defensive_Coding-TLS-Client-OpenJDK.html">13.2.3. Implementing TLS Clients With OpenJDK</a></span></dt><dt><span class="section"><a href="sect-Defensive_Coding-TLS-Client-NSS.html">13.2.4. Implementing TLS Clients With NSS</a></span></dt><dt><span class="section"><a href="sect-Defensive_Coding-TLS-Client-Python.html">13.2.5. Implementing TLS Clients With Python</a></span></dt></dl></dd></dl></div><div class="p
ara">
+ </script><link rel="home" href="index.html" title="Defensive Coding" /><link rel="up" href="pt03.html" title="Part III. Implementing Security Features" /><link rel="prev" href="sect-Defensive_Coding-Authentication-Netlink.html" title="15.4. AF_NETLINK authentication of origin" /><link rel="next" href="sect-Defensive_Coding-TLS-Client.html" title="16.2. TLS Clients" /></head><body class="toc_embeded "><div id="tocdiv" class="toc"><iframe id="tocframe" class="toc" src="../../../../toc.html">This is an iframe, to view it upgrade your browser or enable iframe display.</iframe></div><p id="title"><a class="left" href="http://www.fedoraproject.org"><img src="Common_Content/images/image_left.png" alt="Product Site" /></a><a class="right" href="http://docs.fedoraproject.org"><img src="Common_Content/images/image_right.png" alt="Documentation Site" /></a></p><ul class="docnav"><li class="previous"><a accesskey="p" href="sect-Defensive_Coding-Authentication-Netlink.h
tml"><strong>Prev</strong></a></li><li class="next"><a accesskey="n" href="sect-Defensive_Coding-TLS-Client.html"><strong>Next</strong></a></li></ul><div xml:lang="en-US" class="chapter" id="chap-Defensive_Coding-TLS" lang="en-US"><div class="titlepage"><div><div><h2 class="title">Chapter 16. Transport Layer Security</h2></div></div></div><div class="toc"><dl class="toc"><dt><span class="section"><a href="chap-Defensive_Coding-TLS.html#sect-Defensive_Coding-TLS-Pitfalls">16.1. Common Pitfalls</a></span></dt><dd><dl><dt><span class="section"><a href="chap-Defensive_Coding-TLS.html#sect-Defensive_Coding-TLS-OpenSSL">16.1.1. OpenSSL Pitfalls</a></span></dt><dt><span class="section"><a href="chap-Defensive_Coding-TLS.html#sect-Defensive_Coding-TLS-Pitfalls-GNUTLS">16.1.2. GNUTLS Pitfalls</a></span></dt><dt><span class="section"><a href="chap-Defensive_Coding-TLS.html#sect-Defensive_Coding-TLS-Pitfalls-OpenJDK">16.1.3. OpenJDK Pitfalls</a></span></dt><dt><span class="section"><
a href="chap-Defensive_Coding-TLS.html#sect-Defensive_Coding-TLS-Pitfalls-NSS">16.1.4. NSS Pitfalls</a></span></dt></dl></dd><dt><span class="section"><a href="sect-Defensive_Coding-TLS-Client.html">16.2. TLS Clients</a></span></dt><dd><dl><dt><span class="section"><a href="sect-Defensive_Coding-TLS-Client.html#idm225494367168">16.2.1. Implementation TLS Clients With OpenSSL</a></span></dt><dt><span class="section"><a href="sect-Defensive_Coding-TLS-Client-GNUTLS.html">16.2.2. Implementation TLS Clients With GNUTLS</a></span></dt><dt><span class="section"><a href="sect-Defensive_Coding-TLS-Client-OpenJDK.html">16.2.3. Implementing TLS Clients With OpenJDK</a></span></dt><dt><span class="section"><a href="sect-Defensive_Coding-TLS-Client-NSS.html">16.2.4. Implementing TLS Clients With NSS</a></span></dt><dt><span class="section"><a href="sect-Defensive_Coding-TLS-Client-Python.html">16.2.5. Implementing TLS Clients With Python</a></span></dt></dl></dd></dl></div><div class="p
ara">
Transport Layer Security (TLS, formerly Secure Sockets Layer/SSL) is the recommended way to to protect integrity and confidentiality while data is transferred over an untrusted network connection, and to identify the endpoint.
- </div><div class="section" id="sect-Defensive_Coding-TLS-Pitfalls"><div class="titlepage"><div><div keep-together.within-column="always"><h2 class="title">13.1. Common Pitfalls</h2></div></div></div><div class="para">
+ </div><div class="section" id="sect-Defensive_Coding-TLS-Pitfalls"><div class="titlepage"><div><div keep-together.within-column="always"><h2 class="title">16.1. Common Pitfalls</h2></div></div></div><div class="para">
TLS implementations are difficult to use, and most of them lack a clean API design. The following sections contain implementation-specific advice, and some generic pitfalls are mentioned below.
</div><div class="itemizedlist"><ul><li class="listitem"><div class="para">
Most TLS implementations have questionable default TLS cipher suites. Most of them enable anonymous Diffie-Hellman key exchange (but we generally want servers to authenticate themselves). Many do not disable ciphers which are subject to brute-force attacks because of restricted key lengths. Some even disable all variants of AES in the default configuration.
@@ -18,7 +18,7 @@
The name which is used in certificate validation must match the name provided by the user or configuration file. No host name canonicalization or IP address lookup must be performed.
</div></li><li class="listitem"><div class="para">
The TLS handshake has very poor performance if the TCP Nagle algorithm is active. You should switch on the <code class="literal">TCP_NODELAY</code> socket option (at least for the duration of the handshake), or use the Linux-specific <code class="literal">TCP_CORK</code> option.
- </div><div class="example" id="ex-Defensive_Coding-TLS-Nagle"><h6>Example 13.1. Deactivating the TCP Nagle algorithm</h6><div class="example-contents"><pre xml:lang="en-US" class="programlisting" lang="en-US">
+ </div><div class="example" id="ex-Defensive_Coding-TLS-Nagle"><h6>Example 16.1. Deactivating the TCP Nagle algorithm</h6><div class="example-contents"><pre xml:lang="en-US" class="programlisting" lang="en-US">
<span class="perl_DataType">const</span> <span class="perl_DataType">int</span> val = <span class="perl_Float">1</span>;
<span class="perl_DataType">int</span> ret = setsockopt(sockfd, IPPROTO_TCP, TCP_NODELAY, &val, <span class="perl_Keyword">sizeof</span>(val));
<span class="perl_Keyword">if</span> (ret < 0) {
@@ -32,8 +32,8 @@
</div></li><li class="listitem"><div class="para">
When implementing a server using event-driven programming, it is important to handle the TLS handshake properly because it includes multiple network round-trips which can block when an ordinary TCP <code class="function">accept</code> would not. Otherwise, a client which fails to complete the TLS handshake for some reason will prevent the server from handling input from other clients.
</div></li><li class="listitem"><div class="para">
- Unlike regular file descriptors, TLS connections cannot be passed between processes. Some TLS implementations add additional restrictions, and TLS connections generally cannot be used across <code class="function">fork</code> function calls (see <a class="xref" href="sect-Defensive_Coding-Tasks-Processes-Fork-Parallel.html">Section 9.6, “<code class="function">fork</code> as a primitive for parallelism”</a>).
- </div></li></ul></div><div class="section" id="sect-Defensive_Coding-TLS-OpenSSL"><div class="titlepage"><div><div keep-together.within-column="always"><h3 class="title">13.1.1. OpenSSL Pitfalls</h3></div></div></div><div class="para">
+ Unlike regular file descriptors, TLS connections cannot be passed between processes. Some TLS implementations add additional restrictions, and TLS connections generally cannot be used across <code class="function">fork</code> function calls (see <a class="xref" href="sect-Defensive_Coding-Tasks-Processes-Fork-Parallel.html">Section 11.6, “<code class="function">fork</code> as a primitive for parallelism”</a>).
+ </div></li></ul></div><div class="section" id="sect-Defensive_Coding-TLS-OpenSSL"><div class="titlepage"><div><div keep-together.within-column="always"><h3 class="title">16.1.1. OpenSSL Pitfalls</h3></div></div></div><div class="para">
Some OpenSSL function use <span class="emphasis"><em>tri-state return values</em></span>. Correct error checking is extremely important. Several functions return <code class="literal">int</code> values with the following meaning:
</div><div class="itemizedlist"><ul><li class="listitem"><div class="para">
The value <code class="literal">1</code> indicates success (for example, a successful signature verification).
@@ -44,8 +44,8 @@
</div></li></ul></div><div class="para">
Treating such tri-state return values as booleans can lead to security vulnerabilities. Note that some OpenSSL functions return boolean results or yet another set of status indicators. Each function needs to be checked individually.
</div><div class="para">
- Recovering precise error information is difficult. <a class="xref" href="chap-Defensive_Coding-TLS.html#ex-Defensive_Coding-TLS-OpenSSL-Errors">Example 13.2, “Obtaining OpenSSL error codes”</a> shows how to obtain a more precise error code after a function call on an <code class="literal">SSL</code> object has failed. However, there are still cases where no detailed error information is available (e.g., if <code class="function">SSL_shutdown</code> fails due to a connection teardown by the other end).
- </div><div class="example" id="ex-Defensive_Coding-TLS-OpenSSL-Errors"><h6>Example 13.2. Obtaining OpenSSL error codes</h6><div class="example-contents"><pre xml:lang="en-US" class="programlisting" lang="en-US">
+ Recovering precise error information is difficult. <a class="xref" href="chap-Defensive_Coding-TLS.html#ex-Defensive_Coding-TLS-OpenSSL-Errors">Example 16.2, “Obtaining OpenSSL error codes”</a> shows how to obtain a more precise error code after a function call on an <code class="literal">SSL</code> object has failed. However, there are still cases where no detailed error information is available (e.g., if <code class="function">SSL_shutdown</code> fails due to a connection teardown by the other end).
+ </div><div class="example" id="ex-Defensive_Coding-TLS-OpenSSL-Errors"><h6>Example 16.2. Obtaining OpenSSL error codes</h6><div class="example-contents"><pre xml:lang="en-US" class="programlisting" lang="en-US">
<span class="perl_DataType">static</span> <span class="perl_DataType">void</span> __attribute__((noreturn))
ssl_print_error_and_exit(SSL *ssl, <span class="perl_DataType">const</span> <span class="perl_DataType">char</span> *op, <span class="perl_DataType">int</span> ret)
{
@@ -80,10 +80,12 @@ ssl_print_error_and_exit(SSL *ssl, <span class="perl_DataType">const</span> <spa
</div><div class="para">
The command line tools do not always indicate failure in the exit status of the <span class="application"><strong>openssl</strong></span> process. For instance, a verification failure in <code class="command">openssl verify</code> result in an exit status of zero.
</div><div class="para">
+ OpenSSL command-line commands, such as <code class="command">openssl genrsa</code>, do not ensure that physical entropy is used for key generation—they obtain entropy from <code class="filename">/dev/urandom</code> and other sources, but not from <code class="filename">/dev/random</code>. This can result in weak keys if the system lacks a proper entropy source (e.g., a virtual machine with solid state storage). Depending on local policies, keys generated by these OpenSSL tools should not be used in high-value, critical functions.
+ </div><div class="para">
The OpenSSL server and client applications (<code class="command">openssl s_client</code> and <code class="command">openssl s_server</code>) are debugging tools and should <span class="emphasis"><em>never</em></span> be used as generic clients. For instance, the <span class="application"><strong>s_client</strong></span> tool reacts in a surprisign way to lines starting with <code class="literal">R</code> and <code class="literal">Q</code>.
</div><div class="para">
OpenSSL allows application code to access private key material over documented interfaces. This can significantly increase the part of the code base which has to undergo security certification.
- </div></div><div class="section" id="sect-Defensive_Coding-TLS-Pitfalls-GNUTLS"><div class="titlepage"><div><div keep-together.within-column="always"><h3 class="title">13.1.2. GNUTLS Pitfalls</h3></div></div></div><div class="para">
+ </div></div><div class="section" id="sect-Defensive_Coding-TLS-Pitfalls-GNUTLS"><div class="titlepage"><div><div keep-together.within-column="always"><h3 class="title">16.1.2. GNUTLS Pitfalls</h3></div></div></div><div class="para">
<code class="filename">libgnutls.so.26</code> links to <code class="filename">libpthread.so.0</code>. Loading the threading library too late causes problems, so the main program should be linked with <code class="literal">-lpthread</code> as well. As a result, it can be difficult to use GNUTLS in a plugin which is loaded with the <code class="function">dlopen</code> function. Another side effect is that applications which merely link against GNUTLS (even without actually using it) may incur a substantial overhead because other libraries automatically switch to thread-safe algorithms.
</div><div class="para">
The <code class="function">gnutls_global_init</code> function must be called before using any functionality provided by the library. This function is not thread-safe, so external locking is required, but it is not clear which lock should be used. Omitting the synchronization does not just lead to a memory leak, as it is suggested in the GNUTLS documentation, but to undefined behavior because there is no barrier that would enforce memory ordering.
@@ -91,16 +93,16 @@ ssl_print_error_and_exit(SSL *ssl, <span class="perl_DataType">const</span> <spa
The <code class="function">gnutls_global_deinit</code> function does not actually deallocate all resources allocated by <code class="function">gnutls_global_init</code>. It is currently not thread-safe. Therefore, it is best to avoid calling it altogether.
</div><div class="para">
The X.509 implementation in GNUTLS is rather lenient. For example, it is possible to create and process X.509 version 1 certificates which carry extensions. These certificates are (correctly) rejected by other implementations.
- </div></div><div class="section" id="sect-Defensive_Coding-TLS-Pitfalls-OpenJDK"><div class="titlepage"><div><div keep-together.within-column="always"><h3 class="title">13.1.3. OpenJDK Pitfalls</h3></div></div></div><div class="para">
+ </div></div><div class="section" id="sect-Defensive_Coding-TLS-Pitfalls-OpenJDK"><div class="titlepage"><div><div keep-together.within-column="always"><h3 class="title">16.1.3. OpenJDK Pitfalls</h3></div></div></div><div class="para">
The Java cryptographic framework is highly modular. As a result, when you request an object implementing some cryptographic functionality, you cannot be completely sure that you end up with the well-tested, reviewed implementation in OpenJDK.
</div><div class="para">
OpenJDK (in the source code as published by Oracle) and other implementations of the Java platform require that the system administrator has installed so-called <span class="emphasis"><em>unlimited strength jurisdiction policy files</em></span>. Without this step, it is not possible to use the secure algorithms which offer sufficient cryptographic strength. Most downstream redistributors of OpenJDK remove this requirement.
</div><div class="para">
Some versions of OpenJDK use <code class="filename">/dev/random</code> as the randomness source for nonces and other random data which is needed for TLS operation, but does not actually require physical randomness. As a result, TLS applications can block, waiting for more bits to become available in <code class="filename">/dev/random</code>.
- </div></div><div class="section" id="sect-Defensive_Coding-TLS-Pitfalls-NSS"><div class="titlepage"><div><div keep-together.within-column="always"><h3 class="title">13.1.4. NSS Pitfalls</h3></div></div></div><div class="para">
+ </div></div><div class="section" id="sect-Defensive_Coding-TLS-Pitfalls-NSS"><div class="titlepage"><div><div keep-together.within-column="always"><h3 class="title">16.1.4. NSS Pitfalls</h3></div></div></div><div class="para">
NSS was not designed to be used by other libraries which can be linked into applications without modifying them. There is a lot of global state. There does not seem to be a way to perform required NSS initialization without race conditions.
</div><div class="para">
If the NSPR descriptor is in an unexpected state, the <code class="function">SSL_ForceHandshake</code> function can succeed, but no TLS handshake takes place, the peer is not authenticated, and subsequent data is exchanged in the clear.
</div><div class="para">
NSS disables itself if it detects that the process underwent a <code class="function">fork</code> after the library has been initialized. This behavior is required by the PKCS#11 API specification.
- </div></div></div></div><ul class="docnav"><li class="previous"><a accesskey="p" href="sect-Defensive_Coding-Authentication-Netlink.html"><strong>Prev</strong>12.4. AF_NETLINK authentication of origin</a></li><li class="up"><a accesskey="u" href="#"><strong>Up</strong></a></li><li class="home"><a accesskey="h" href="index.html"><strong>Home</strong></a></li><li class="next"><a accesskey="n" href="sect-Defensive_Coding-TLS-Client.html"><strong>Next</strong>13.2. TLS Clients</a></li></ul></body></html>
\ No newline at end of file
+ </div></div></div></div><ul class="docnav"><li class="previous"><a accesskey="p" href="sect-Defensive_Coding-Authentication-Netlink.html"><strong>Prev</strong>15.4. AF_NETLINK authentication of origin</a></li><li class="up"><a accesskey="u" href="#"><strong>Up</strong></a></li><li class="home"><a accesskey="h" href="index.html"><strong>Home</strong></a></li><li class="next"><a accesskey="n" href="sect-Defensive_Coding-TLS-Client.html"><strong>Next</strong>16.2. TLS Clients</a></li></ul></body></html>
\ No newline at end of file
diff --git a/public_html/en-US/Fedora_Security_Team/1/html/Defensive_Coding/chap-Defensive_Coding-Tasks-Cryptography.html b/public_html/en-US/Fedora_Security_Team/1/html/Defensive_Coding/chap-Defensive_Coding-Tasks-Cryptography.html
index c042511..89a08a8 100644
--- a/public_html/en-US/Fedora_Security_Team/1/html/Defensive_Coding/chap-Defensive_Coding-Tasks-Cryptography.html
+++ b/public_html/en-US/Fedora_Security_Team/1/html/Defensive_Coding/chap-Defensive_Coding-Tasks-Cryptography.html
@@ -1,12 +1,12 @@
<?xml version="1.0" encoding="UTF-8" standalone="no"?>
-<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd"><html xmlns="http://www.w3.org/1999/xhtml"><head><meta http-equiv="Content-Type" content="text/html; charset=UTF-8" /><title>Chapter 11. Cryptography</title><link rel="stylesheet" type="text/css" href="Common_Content/css/default.css" /><link rel="stylesheet" media="print" href="Common_Content/css/print.css" type="text/css" /><meta name="generator" content="publican 2.8" /><meta name="package" content="Fedora_Security_Team-Defensive_Coding-1-en-US--" /><script type="text/javascript" src="../../../../../toc.js"></script><script type="text/javascript">
+<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd"><html xmlns="http://www.w3.org/1999/xhtml"><head><meta http-equiv="Content-Type" content="text/html; charset=UTF-8" /><title>Chapter 13. Cryptography</title><link rel="stylesheet" type="text/css" href="Common_Content/css/default.css" /><link rel="stylesheet" media="print" href="Common_Content/css/print.css" type="text/css" /><meta name="generator" content="publican 2.8" /><meta name="package" content="Fedora_Security_Team-Defensive_Coding-1-en-US-1-1" /><script type="text/javascript" src="../../../../../toc.js"></script><script type="text/javascript">
addID('Fedora_Security_Team');
addID('Fedora_Security_Team.1');
addID('Fedora_Security_Team.1.books');
addID('Fedora_Security_Team.1.Defensive_Coding');
- </script><link rel="home" href="index.html" title="Defensive Coding" /><link rel="up" href="pt02.html" title="Part II. Specific Programming Tasks" /><link rel="prev" href="ch10s05.html" title="10.5. Protocol Encoders" /><link rel="next" href="ch11s02.html" title="11.2. Randomness" /></head><body class="toc_embeded "><div id="tocdiv" class="toc"><iframe id="tocframe" class="toc" src="../../../../toc.html">This is an iframe, to view it upgrade your browser or enable iframe display.</iframe></div><p id="title"><a class="left" href="http://www.fedoraproject.org"><img src="Common_Content/images/image_left.png" alt="Product Site" /></a><a class="right" href="http://docs.fedoraproject.org"><img src="Common_Content/images/image_right.png" alt="Documentation Site" /></a></p><ul class="docnav"><li class="previous"><a accesskey="p" href="ch10s05.html"><strong>Prev</strong></a></li><li class="next"><a accesskey="n" href="ch11s02.html"><strong>Next</strong></a></li></ul
><div xml:lang="en-US" class="chapter" id="chap-Defensive_Coding-Tasks-Cryptography" lang="en-US"><div class="titlepage"><div><div><h2 class="title">Chapter 11. Cryptography</h2></div></div></div><div class="toc"><dl class="toc"><dt><span class="section"><a href="chap-Defensive_Coding-Tasks-Cryptography.html#idm217622866992">11.1. Primitives</a></span></dt><dt><span class="section"><a href="ch11s02.html">11.2. Randomness</a></span></dt></dl></div><div class="section" id="idm217622866992"><div class="titlepage"><div><div keep-together.within-column="always"><h2 class="title" id="idm217622866992">11.1. Primitives</h2></div></div></div><div class="para">
+ </script><link rel="home" href="index.html" title="Defensive Coding" /><link rel="up" href="pt02.html" title="Part II. Specific Programming Tasks" /><link rel="prev" href="ch12s06.html" title="12.6. Protocol Encoders" /><link rel="next" href="ch13s02.html" title="13.2. Randomness" /></head><body class="toc_embeded "><div id="tocdiv" class="toc"><iframe id="tocframe" class="toc" src="../../../../toc.html">This is an iframe, to view it upgrade your browser or enable iframe display.</iframe></div><p id="title"><a class="left" href="http://www.fedoraproject.org"><img src="Common_Content/images/image_left.png" alt="Product Site" /></a><a class="right" href="http://docs.fedoraproject.org"><img src="Common_Content/images/image_right.png" alt="Documentation Site" /></a></p><ul class="docnav"><li class="previous"><a accesskey="p" href="ch12s06.html"><strong>Prev</strong></a></li><li class="next"><a accesskey="n" href="ch13s02.html"><strong>Next</strong></a></li></ul
><div xml:lang="en-US" class="chapter" id="chap-Defensive_Coding-Tasks-Cryptography" lang="en-US"><div class="titlepage"><div><div><h2 class="title">Chapter 13. Cryptography</h2></div></div></div><div class="toc"><dl class="toc"><dt><span class="section"><a href="chap-Defensive_Coding-Tasks-Cryptography.html#idm225455032912">13.1. Primitives</a></span></dt><dt><span class="section"><a href="ch13s02.html">13.2. Randomness</a></span></dt></dl></div><div class="section" id="idm225455032912"><div class="titlepage"><div><div keep-together.within-column="always"><h2 class="title" id="idm225455032912">13.1. Primitives</h2></div></div></div><div class="para">
Choosing from the following cryptographic primitives is recommended:
</div><div class="itemizedlist"><ul><li class="listitem"><div class="para">
RSA with 2048 bit keys and OAEP
@@ -35,5 +35,5 @@
</div></li><li class="listitem"><div class="para">
HMAC-MD5
</div></li></ul></div><div class="important"><div class="admonition_header"><h2>Important</h2></div><div class="admonition"><div class="para">
- These primitives are difficult to use in a secure way. Custom implementation of security protocols should be avoided. For protecting confidentiality and integrity of network transmissions, TLS should be used (<a class="xref" href="chap-Defensive_Coding-TLS.html">Chapter 13, <em>Transport Layer Security</em></a>).
- </div></div></div></div></div><ul class="docnav"><li class="previous"><a accesskey="p" href="ch10s05.html"><strong>Prev</strong>10.5. Protocol Encoders</a></li><li class="up"><a accesskey="u" href="#"><strong>Up</strong></a></li><li class="home"><a accesskey="h" href="index.html"><strong>Home</strong></a></li><li class="next"><a accesskey="n" href="ch11s02.html"><strong>Next</strong>11.2. Randomness</a></li></ul></body></html>
\ No newline at end of file
+ These primitives are difficult to use in a secure way. Custom implementation of security protocols should be avoided. For protecting confidentiality and integrity of network transmissions, TLS should be used (<a class="xref" href="chap-Defensive_Coding-TLS.html">Chapter 16, <em>Transport Layer Security</em></a>).
+ </div></div></div></div></div><ul class="docnav"><li class="previous"><a accesskey="p" href="ch12s06.html"><strong>Prev</strong>12.6. Protocol Encoders</a></li><li class="up"><a accesskey="u" href="#"><strong>Up</strong></a></li><li class="home"><a accesskey="h" href="index.html"><strong>Home</strong></a></li><li class="next"><a accesskey="n" href="ch13s02.html"><strong>Next</strong>13.2. Randomness</a></li></ul></body></html>
\ No newline at end of file
diff --git a/public_html/en-US/Fedora_Security_Team/1/html/Defensive_Coding/chap-Defensive_Coding-Tasks-File_System.html b/public_html/en-US/Fedora_Security_Team/1/html/Defensive_Coding/chap-Defensive_Coding-Tasks-File_System.html
index 374febe..0b30370 100644
--- a/public_html/en-US/Fedora_Security_Team/1/html/Defensive_Coding/chap-Defensive_Coding-Tasks-File_System.html
+++ b/public_html/en-US/Fedora_Security_Team/1/html/Defensive_Coding/chap-Defensive_Coding-Tasks-File_System.html
@@ -1,17 +1,17 @@
<?xml version="1.0" encoding="UTF-8" standalone="no"?>
-<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd"><html xmlns="http://www.w3.org/1999/xhtml"><head><meta http-equiv="Content-Type" content="text/html; charset=UTF-8" /><title>Chapter 7. File system manipulation</title><link rel="stylesheet" type="text/css" href="Common_Content/css/default.css" /><link rel="stylesheet" media="print" href="Common_Content/css/print.css" type="text/css" /><meta name="generator" content="publican 2.8" /><meta name="package" content="Fedora_Security_Team-Defensive_Coding-1-en-US--" /><script type="text/javascript" src="../../../../../toc.js"></script><script type="text/javascript">
+<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd"><html xmlns="http://www.w3.org/1999/xhtml"><head><meta http-equiv="Content-Type" content="text/html; charset=UTF-8" /><title>Chapter 9. File system manipulation</title><link rel="stylesheet" type="text/css" href="Common_Content/css/default.css" /><link rel="stylesheet" media="print" href="Common_Content/css/print.css" type="text/css" /><meta name="generator" content="publican 2.8" /><meta name="package" content="Fedora_Security_Team-Defensive_Coding-1-en-US-1-1" /><script type="text/javascript" src="../../../../../toc.js"></script><script type="text/javascript">
addID('Fedora_Security_Team');
addID('Fedora_Security_Team.1');
addID('Fedora_Security_Team.1.books');
addID('Fedora_Security_Team.1.Defensive_Coding');
- </script><link rel="home" href="index.html" title="Defensive Coding" /><link rel="up" href="pt02.html" title="Part II. Specific Programming Tasks" /><link rel="prev" href="sect-Defensive_Coding-Tasks-Descriptors-Limit.html" title="6.3. Dealing with the select limit" /><link rel="next" href="sect-Defensive_Coding-Tasks-File_System-Foreign.html" title="7.2. Accessing the file system as a different user" /></head><body class="toc_embeded "><div id="tocdiv" class="toc"><iframe id="tocframe" class="toc" src="../../../../toc.html">This is an iframe, to view it upgrade your browser or enable iframe display.</iframe></div><p id="title"><a class="left" href="http://www.fedoraproject.org"><img src="Common_Content/images/image_left.png" alt="Product Site" /></a><a class="right" href="http://docs.fedoraproject.org"><img src="Common_Content/images/image_right.png" alt="Documentation Site" /></a></p><ul class="docnav"><li class="previous"><a accesskey="p" href="sect-Defe
nsive_Coding-Tasks-Descriptors-Limit.html"><strong>Prev</strong></a></li><li class="next"><a accesskey="n" href="sect-Defensive_Coding-Tasks-File_System-Foreign.html"><strong>Next</strong></a></li></ul><div xml:lang="en-US" class="chapter" id="chap-Defensive_Coding-Tasks-File_System" lang="en-US"><div class="titlepage"><div><div><h2 class="title">Chapter 7. File system manipulation</h2></div></div></div><div class="toc"><dl class="toc"><dt><span class="section"><a href="chap-Defensive_Coding-Tasks-File_System.html#sect-Defensive_Coding-Tasks-File_System-Unowned">7.1. Working with files and directories owned by other users</a></span></dt><dt><span class="section"><a href="sect-Defensive_Coding-Tasks-File_System-Foreign.html">7.2. Accessing the file system as a different user</a></span></dt><dt><span class="section"><a href="sect-Defensive_Coding-Tasks-File_System-Limits.html">7.3. File system limits</a></span></dt><dt><span class="section"><a href="sect-Defensive_Coding-Tas
ks-File_System-Features.html">7.4. File system features</a></span></dt><dt><span class="section"><a href="sect-Defensive_Coding-Tasks-File_System-Free_Space.html">7.5. Checking free space</a></span></dt></dl></div><div class="para">
+ </script><link rel="home" href="index.html" title="Defensive Coding" /><link rel="up" href="pt02.html" title="Part II. Specific Programming Tasks" /><link rel="prev" href="sect-Defensive_Coding-Tasks-Descriptors-Limit.html" title="8.3. Dealing with the select limit" /><link rel="next" href="sect-Defensive_Coding-Tasks-File_System-Foreign.html" title="9.2. Accessing the file system as a different user" /></head><body class="toc_embeded "><div id="tocdiv" class="toc"><iframe id="tocframe" class="toc" src="../../../../toc.html">This is an iframe, to view it upgrade your browser or enable iframe display.</iframe></div><p id="title"><a class="left" href="http://www.fedoraproject.org"><img src="Common_Content/images/image_left.png" alt="Product Site" /></a><a class="right" href="http://docs.fedoraproject.org"><img src="Common_Content/images/image_right.png" alt="Documentation Site" /></a></p><ul class="docnav"><li class="previous"><a accesskey="p" href="sect-Defe
nsive_Coding-Tasks-Descriptors-Limit.html"><strong>Prev</strong></a></li><li class="next"><a accesskey="n" href="sect-Defensive_Coding-Tasks-File_System-Foreign.html"><strong>Next</strong></a></li></ul><div xml:lang="en-US" class="chapter" id="chap-Defensive_Coding-Tasks-File_System" lang="en-US"><div class="titlepage"><div><div><h2 class="title">Chapter 9. File system manipulation</h2></div></div></div><div class="toc"><dl class="toc"><dt><span class="section"><a href="chap-Defensive_Coding-Tasks-File_System.html#sect-Defensive_Coding-Tasks-File_System-Unowned">9.1. Working with files and directories owned by other users</a></span></dt><dt><span class="section"><a href="sect-Defensive_Coding-Tasks-File_System-Foreign.html">9.2. Accessing the file system as a different user</a></span></dt><dt><span class="section"><a href="sect-Defensive_Coding-Tasks-File_System-Limits.html">9.3. File system limits</a></span></dt><dt><span class="section"><a href="sect-Defensive_Coding-Tas
ks-File_System-Features.html">9.4. File system features</a></span></dt><dt><span class="section"><a href="sect-Defensive_Coding-Tasks-File_System-Free_Space.html">9.5. Checking free space</a></span></dt></dl></div><div class="para">
In this chapter, we discuss general file system manipulation, with a focus on access files and directories to which an other, potentially untrusted user has write access.
</div><div class="para">
- Temporary files are covered in their own chapter, <a class="xref" href="chap-Defensive_Coding-Tasks-Temporary_Files.html">Chapter 8, <em>Temporary files</em></a>.
- </div><div class="section" id="sect-Defensive_Coding-Tasks-File_System-Unowned"><div class="titlepage"><div><div keep-together.within-column="always"><h2 class="title">7.1. Working with files and directories owned by other users</h2></div></div></div><div class="para">
- Sometimes, it is necessary to operate on files and directories owned by other (potentially untrusted) users. For example, a system administrator could remove the home directory of a user, or a package manager could update a file in a directory which is owned by an application-specific user. This differs from accessing the file system as a specific user; see <a class="xref" href="sect-Defensive_Coding-Tasks-File_System-Foreign.html">Section 7.2, “Accessing the file system as a different user”</a>.
+ Temporary files are covered in their own chapter, <a class="xref" href="chap-Defensive_Coding-Tasks-Temporary_Files.html">Chapter 10, <em>Temporary files</em></a>.
+ </div><div class="section" id="sect-Defensive_Coding-Tasks-File_System-Unowned"><div class="titlepage"><div><div keep-together.within-column="always"><h2 class="title">9.1. Working with files and directories owned by other users</h2></div></div></div><div class="para">
+ Sometimes, it is necessary to operate on files and directories owned by other (potentially untrusted) users. For example, a system administrator could remove the home directory of a user, or a package manager could update a file in a directory which is owned by an application-specific user. This differs from accessing the file system as a specific user; see <a class="xref" href="sect-Defensive_Coding-Tasks-File_System-Foreign.html">Section 9.2, “Accessing the file system as a different user”</a>.
</div><div class="para">
Accessing files across trust boundaries faces several challenges, particularly if an entire directory tree is being traversed:
</div><div class="orderedlist"><ol><li class="listitem"><div class="para">
@@ -38,4 +38,4 @@
There is no workaround against the instability of the file list returned by <code class="function">readdir</code>. Concurrent modification of the directory can result in a list of files being returned which never actually existed on disk.
</div><div class="para">
Hard links and symbolic links can be safely deleted using <code class="function">unlinkat</code> without further checks because deletion only affects the name within the directory tree being processed.
- </div></div></div><ul class="docnav"><li class="previous"><a accesskey="p" href="sect-Defensive_Coding-Tasks-Descriptors-Limit.html"><strong>Prev</strong>6.3. Dealing with the select limit</a></li><li class="up"><a accesskey="u" href="#"><strong>Up</strong></a></li><li class="home"><a accesskey="h" href="index.html"><strong>Home</strong></a></li><li class="next"><a accesskey="n" href="sect-Defensive_Coding-Tasks-File_System-Foreign.html"><strong>Next</strong>7.2. Accessing the file system as a different user</a></li></ul></body></html>
\ No newline at end of file
+ </div></div></div><ul class="docnav"><li class="previous"><a accesskey="p" href="sect-Defensive_Coding-Tasks-Descriptors-Limit.html"><strong>Prev</strong>8.3. Dealing with the select limit</a></li><li class="up"><a accesskey="u" href="#"><strong>Up</strong></a></li><li class="home"><a accesskey="h" href="index.html"><strong>Home</strong></a></li><li class="next"><a accesskey="n" href="sect-Defensive_Coding-Tasks-File_System-Foreign.html"><strong>Next</strong>9.2. Accessing the file system as a different user</a></li></ul></body></html>
\ No newline at end of file
diff --git a/public_html/en-US/Fedora_Security_Team/1/html/Defensive_Coding/chap-Defensive_Coding-Tasks-Library_Design.html b/public_html/en-US/Fedora_Security_Team/1/html/Defensive_Coding/chap-Defensive_Coding-Tasks-Library_Design.html
index 559f51c..d2c9bdc 100644
--- a/public_html/en-US/Fedora_Security_Team/1/html/Defensive_Coding/chap-Defensive_Coding-Tasks-Library_Design.html
+++ b/public_html/en-US/Fedora_Security_Team/1/html/Defensive_Coding/chap-Defensive_Coding-Tasks-Library_Design.html
@@ -1,16 +1,16 @@
<?xml version="1.0" encoding="UTF-8" standalone="no"?>
-<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd"><html xmlns="http://www.w3.org/1999/xhtml"><head><meta http-equiv="Content-Type" content="text/html; charset=UTF-8" /><title>Chapter 5. Library Design</title><link rel="stylesheet" type="text/css" href="Common_Content/css/default.css" /><link rel="stylesheet" media="print" href="Common_Content/css/print.css" type="text/css" /><meta name="generator" content="publican 2.8" /><meta name="package" content="Fedora_Security_Team-Defensive_Coding-1-en-US--" /><script type="text/javascript" src="../../../../../toc.js"></script><script type="text/javascript">
+<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd"><html xmlns="http://www.w3.org/1999/xhtml"><head><meta http-equiv="Content-Type" content="text/html; charset=UTF-8" /><title>Chapter 7. Library Design</title><link rel="stylesheet" type="text/css" href="Common_Content/css/default.css" /><link rel="stylesheet" media="print" href="Common_Content/css/print.css" type="text/css" /><meta name="generator" content="publican 2.8" /><meta name="package" content="Fedora_Security_Team-Defensive_Coding-1-en-US-1-1" /><script type="text/javascript" src="../../../../../toc.js"></script><script type="text/javascript">
addID('Fedora_Security_Team');
addID('Fedora_Security_Team.1');
addID('Fedora_Security_Team.1.books');
addID('Fedora_Security_Team.1.Defensive_Coding');
- </script><link rel="home" href="index.html" title="Defensive Coding" /><link rel="up" href="pt02.html" title="Part II. Specific Programming Tasks" /><link rel="prev" href="pt02.html" title="Part II. Specific Programming Tasks" /><link rel="next" href="ch05s02.html" title="5.2. Object orientation" /></head><body class="toc_embeded "><div id="tocdiv" class="toc"><iframe id="tocframe" class="toc" src="../../../../toc.html">This is an iframe, to view it upgrade your browser or enable iframe display.</iframe></div><p id="title"><a class="left" href="http://www.fedoraproject.org"><img src="Common_Content/images/image_left.png" alt="Product Site" /></a><a class="right" href="http://docs.fedoraproject.org"><img src="Common_Content/images/image_right.png" alt="Documentation Site" /></a></p><ul class="docnav"><li class="previous"><a accesskey="p" href="pt02.html"><strong>Prev</strong></a></li><li class="next"><a accesskey="n" href="ch05s02.html"><strong>Next</strong
></a></li></ul><div xml:lang="en-US" class="chapter" id="chap-Defensive_Coding-Tasks-Library_Design" lang="en-US"><div class="titlepage"><div><div><h2 class="title">Chapter 5. Library Design</h2></div></div></div><div class="toc"><dl class="toc"><dt><span class="section"><a href="chap-Defensive_Coding-Tasks-Library_Design.html#idm217610107056">5.1. State management</a></span></dt><dd><dl><dt><span class="section"><a href="chap-Defensive_Coding-Tasks-Library_Design.html#idm217650952240">5.1.1. Global state</a></span></dt><dt><span class="section"><a href="chap-Defensive_Coding-Tasks-Library_Design.html#idm217599341328">5.1.2. Handles</a></span></dt></dl></dd><dt><span class="section"><a href="ch05s02.html">5.2. Object orientation</a></span></dt><dt><span class="section"><a href="sect-Defensive_Coding-Tasks-Library_Design-Callbacks.html">5.3. Callbacks</a></span></dt><dt><span class="section"><a href="ch05s04.html">5.4. Process attributes</a></span></dt></dl></div><div class
="para">
+ </script><link rel="home" href="index.html" title="Defensive Coding" /><link rel="up" href="pt02.html" title="Part II. Specific Programming Tasks" /><link rel="prev" href="pt02.html" title="Part II. Specific Programming Tasks" /><link rel="next" href="ch07s02.html" title="7.2. Object orientation" /></head><body class="toc_embeded "><div id="tocdiv" class="toc"><iframe id="tocframe" class="toc" src="../../../../toc.html">This is an iframe, to view it upgrade your browser or enable iframe display.</iframe></div><p id="title"><a class="left" href="http://www.fedoraproject.org"><img src="Common_Content/images/image_left.png" alt="Product Site" /></a><a class="right" href="http://docs.fedoraproject.org"><img src="Common_Content/images/image_right.png" alt="Documentation Site" /></a></p><ul class="docnav"><li class="previous"><a accesskey="p" href="pt02.html"><strong>Prev</strong></a></li><li class="next"><a accesskey="n" href="ch07s02.html"><strong>Next</strong
></a></li></ul><div xml:lang="en-US" class="chapter" id="chap-Defensive_Coding-Tasks-Library_Design" lang="en-US"><div class="titlepage"><div><div><h2 class="title">Chapter 7. Library Design</h2></div></div></div><div class="toc"><dl class="toc"><dt><span class="section"><a href="chap-Defensive_Coding-Tasks-Library_Design.html#idm225487651552">7.1. State management</a></span></dt><dd><dl><dt><span class="section"><a href="chap-Defensive_Coding-Tasks-Library_Design.html#idm225491488784">7.1.1. Global state</a></span></dt><dt><span class="section"><a href="chap-Defensive_Coding-Tasks-Library_Design.html#idm225448222624">7.1.2. Handles</a></span></dt></dl></dd><dt><span class="section"><a href="ch07s02.html">7.2. Object orientation</a></span></dt><dt><span class="section"><a href="sect-Defensive_Coding-Tasks-Library_Design-Callbacks.html">7.3. Callbacks</a></span></dt><dt><span class="section"><a href="ch07s04.html">7.4. Process attributes</a></span></dt></dl></div><div class
="para">
Throught this section, the term <span class="emphasis"><em>client code</em></span> refers to applications and other libraries using the library.
- </div><div class="section" id="idm217610107056"><div class="titlepage"><div><div keep-together.within-column="always"><h2 class="title" id="idm217610107056">5.1. State management</h2></div></div></div><div class="para">
+ </div><div class="section" id="idm225487651552"><div class="titlepage"><div><div keep-together.within-column="always"><h2 class="title" id="idm225487651552">7.1. State management</h2></div></div></div><div class="para">
- </div><div class="section" id="idm217650952240"><div class="titlepage"><div><div keep-together.within-column="always"><h3 class="title" id="idm217650952240">5.1.1. Global state</h3></div></div></div><div class="para">
+ </div><div class="section" id="idm225491488784"><div class="titlepage"><div><div keep-together.within-column="always"><h3 class="title" id="idm225491488784">7.1.1. Global state</h3></div></div></div><div class="para">
Global state should be avoided.
</div><div class="para">
If this is impossible, the global state must be protected with a lock. For C/C++, you can use the <code class="function">pthread_mutex_lock</code> and <code class="function">pthread_mutex_unlock</code> functions without linking against <code class="literal">-lpthread</code> because the system provides stubs for non-threaded processes.
@@ -18,7 +18,7 @@
For compatibility with <code class="function">fork</code>, these locks should be acquired and released in helpers registered with <code class="function">pthread_atfork</code>. This function is not available without <code class="literal">-lpthread</code>, so you need to use <code class="function">dlsym</code> or a weak symbol to obtain its address.
</div><div class="para">
If you need <code class="function">fork</code> protection for other reasons, you should store the process ID and compare it to the value returned by <code class="function">getpid</code> each time you access the global state. (<code class="function">getpid</code> is not implemented as a system call and is fast.) If the value changes, you know that you have to re-create the state object. (This needs to be combined with locking, of course.)
- </div></div><div class="section" id="idm217599341328"><div class="titlepage"><div><div keep-together.within-column="always"><h3 class="title" id="idm217599341328">5.1.2. Handles</h3></div></div></div><div class="para">
+ </div></div><div class="section" id="idm225448222624"><div class="titlepage"><div><div keep-together.within-column="always"><h3 class="title" id="idm225448222624">7.1.2. Handles</h3></div></div></div><div class="para">
Library state should be kept behind a curtain. Client code should receive only a handle. In C, the handle can be a pointer to an incomplete <code class="literal">struct</code>. In C++, the handle can be a pointer to an abstract base class, or it can be hidden using the pointer-to-implementation idiom.
</div><div class="para">
The library should provide functions for creating and destroying handles. (In C++, it is possible to use virtual destructors for the latter.) Consistency between creation and destruction of handles is strongly recommended: If the client code created a handle, it is the responsibility of the client code to destroy it. (This is not always possible or convenient, so sometimes, a transfer of ownership has to happen.)
@@ -26,4 +26,4 @@
Using handles ensures that it is possible to change the way the library represents state in a way that is transparent to client code. This is important to facilitate security updates and many other code changes.
</div><div class="para">
It is not always necessary to protect state behind a handle with a lock. This depends on the level of thread safety the library provides.
- </div></div></div></div><ul class="docnav"><li class="previous"><a accesskey="p" href="pt02.html"><strong>Prev</strong>Part II. Specific Programming Tasks</a></li><li class="up"><a accesskey="u" href="#"><strong>Up</strong></a></li><li class="home"><a accesskey="h" href="index.html"><strong>Home</strong></a></li><li class="next"><a accesskey="n" href="ch05s02.html"><strong>Next</strong>5.2. Object orientation</a></li></ul></body></html>
\ No newline at end of file
+ </div></div></div></div><ul class="docnav"><li class="previous"><a accesskey="p" href="pt02.html"><strong>Prev</strong>Part II. Specific Programming Tasks</a></li><li class="up"><a accesskey="u" href="#"><strong>Up</strong></a></li><li class="home"><a accesskey="h" href="index.html"><strong>Home</strong></a></li><li class="next"><a accesskey="n" href="ch07s02.html"><strong>Next</strong>7.2. Object orientation</a></li></ul></body></html>
\ No newline at end of file
diff --git a/public_html/en-US/Fedora_Security_Team/1/html/Defensive_Coding/chap-Defensive_Coding-Tasks-Packaging.html b/public_html/en-US/Fedora_Security_Team/1/html/Defensive_Coding/chap-Defensive_Coding-Tasks-Packaging.html
new file mode 100644
index 0000000..ca6f504
--- /dev/null
+++ b/public_html/en-US/Fedora_Security_Team/1/html/Defensive_Coding/chap-Defensive_Coding-Tasks-Packaging.html
@@ -0,0 +1,73 @@
+<?xml version="1.0" encoding="UTF-8" standalone="no"?>
+<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd"><html xmlns="http://www.w3.org/1999/xhtml"><head><meta http-equiv="Content-Type" content="text/html; charset=UTF-8" /><title>Chapter 14. RPM packaging</title><link rel="stylesheet" type="text/css" href="Common_Content/css/default.css" /><link rel="stylesheet" media="print" href="Common_Content/css/print.css" type="text/css" /><meta name="generator" content="publican 2.8" /><meta name="package" content="Fedora_Security_Team-Defensive_Coding-1-en-US-1-1" /><script type="text/javascript" src="../../../../../toc.js"></script><script type="text/javascript">
+ addID('Fedora_Security_Team');
+
+ addID('Fedora_Security_Team.1');
+
+ addID('Fedora_Security_Team.1.books');
+ addID('Fedora_Security_Team.1.Defensive_Coding');
+ </script><link rel="home" href="index.html" title="Defensive Coding" /><link rel="up" href="pt02.html" title="Part II. Specific Programming Tasks" /><link rel="prev" href="ch13s02.html" title="13.2. Randomness" /><link rel="next" href="sect-Defensive_Coding-Tasks-Packaging-Certificates-Service.html" title="14.2. Generating X.509 self-signed certificates before service start" /></head><body class="toc_embeded "><div id="tocdiv" class="toc"><iframe id="tocframe" class="toc" src="../../../../toc.html">This is an iframe, to view it upgrade your browser or enable iframe display.</iframe></div><p id="title"><a class="left" href="http://www.fedoraproject.org"><img src="Common_Content/images/image_left.png" alt="Product Site" /></a><a class="right" href="http://docs.fedoraproject.org"><img src="Common_Content/images/image_right.png" alt="Documentation Site" /></a></p><ul class="docnav"><li class="previous"><a accesskey="p" href="ch13s02.html"><strong>Prev</strong><
/a></li><li class="next"><a accesskey="n" href="sect-Defensive_Coding-Tasks-Packaging-Certificates-Service.html"><strong>Next</strong></a></li></ul><div xml:lang="en-US" class="chapter" id="chap-Defensive_Coding-Tasks-Packaging" lang="en-US"><div class="titlepage"><div><div><h2 class="title">Chapter 14. RPM packaging</h2></div></div></div><div class="toc"><dl class="toc"><dt><span class="section"><a href="chap-Defensive_Coding-Tasks-Packaging.html#sect-Defensive_Coding-Tasks-Packaging-Certificates">14.1. Generating X.509 self-signed certificates during installation</a></span></dt><dt><span class="section"><a href="sect-Defensive_Coding-Tasks-Packaging-Certificates-Service.html">14.2. Generating X.509 self-signed certificates before service start</a></span></dt></dl></div><div class="para">
+ This chapter deals with security-related concerns around RPM packaging. It has to be read in conjunction with distribution-specific packaging guidelines.
+ </div><div class="section" id="sect-Defensive_Coding-Tasks-Packaging-Certificates"><div class="titlepage"><div><div keep-together.within-column="always"><h2 class="title">14.1. Generating X.509 self-signed certificates during installation</h2></div></div></div><div class="para">
+ Some applications need X.509 certificates for authentication purposes. For example, a single private/public key pair could be used to define cluster membership, enabling authentication and encryption of all intra-cluster communication. (Lack of certification from a CA matters less in such a context.) For such use, generating the key pair at package installation time when preparing system images for use in the cluster is reasonable. For other use cases, it is necessary to generate the key pair before the service is started for the first time, see <a class="xref" href="sect-Defensive_Coding-Tasks-Packaging-Certificates-Service.html">Section 14.2, “Generating X.509 self-signed certificates before service start”</a>.
+ </div><div class="important"><div class="admonition_header"><h2>Important</h2></div><div class="admonition"><div class="para">
+ The way the key is generated may not be suitable for key material of critical value. (<code class="command">openssl genrsa</code> uses, but does not require, entropy from a physical source of randomness, among other things.) Such keys should be stored in a hardware security module if possible, and generated from random bits reserved for this purpose derived from a non-deterministic physical source.
+ </div></div></div><div class="para">
+ In the spec file, we define two RPM variables which contain the names of the files used to store the private and public key, and the user name for the service:
+ </div><div class="informalexample"><pre class="programlisting">
+<span class="perl_Comment"># Name of the user owning the file with the private key</span><span class="perl_Comment"></span>
+<span class="perl_Comment"></span><span class="perl_String">%define</span> tlsuser <span class="perl_String">%</span><span class="perl_Keyword">{name}</span>
+<span class="perl_Comment"># Name of the directory which contains the key and certificate files</span><span class="perl_Comment"></span>
+<span class="perl_Comment"></span><span class="perl_String">%define</span> tlsdir <span class="perl_String">%</span><span class="perl_Keyword">{_sysconfdir}</span>/<span class="perl_String">%</span><span class="perl_Keyword">{name}</span>
+<span class="perl_String">%define</span> tlskey <span class="perl_String">%</span><span class="perl_Keyword">{tlsdir}</span>/<span class="perl_String">%</span><span class="perl_Keyword">{name}</span>.key
+<span class="perl_String">%define</span> tlscert <span class="perl_String">%</span><span class="perl_Keyword">{tlsdir}</span>/<span class="perl_String">%</span><span class="perl_Keyword">{name}</span>.crt
+</pre></div><div class="para">
+ These variables likely need adjustment based on the needs of the package.
+ </div><div class="para">
+ Typically, the file with the private key needs to be owned by the system user which needs to read it, <code class="literal">%{tlsuser}</code> (not <code class="literal">root</code>). In order to avoid races, if the <span class="emphasis"><em>directory</em></span> <code class="literal">%{tlsdir}</code> is <span class="emphasis"><em>owned by the services user</em></span>, you should use the code in <a class="xref" href="chap-Defensive_Coding-Tasks-Packaging.html#ex-Defensive_Coding-Packaging-Certificates-Owned">Example 14.1, “Creating a key pair in a user-owned directory”</a>. The invocation of <span class="application"><strong>su</strong></span> with the <code class="option">-s /bin/bash</code> argument is necessary in case the login shell for the user has been disabled.
+ </div><div class="example" id="ex-Defensive_Coding-Packaging-Certificates-Owned"><h6>Example 14.1. Creating a key pair in a user-owned directory</h6><div class="example-contents"><pre class="programlisting">
+%post
+<span class="perl_Keyword">if</span><span class="perl_Reserved"> [</span> <span class="perl_Others">$1</span> -eq 1<span class="perl_Reserved"> ]</span> ; <span class="perl_Keyword">then</span>
+ <span class="perl_Keyword">if</span> ! <span class="perl_Reserved">test</span> -e %<span class="perl_DataType">{tlskey}</span> ; <span class="perl_Keyword">then</span>
+ <span class="perl_BString">su</span> -s /bin/bash \
+ -c <span class="perl_String">"umask 077 && openssl genrsa -out %{tlskey} 2048 2>/dev/null"</span> \
+ %<span class="perl_DataType">{tlsuser}</span>
+ <span class="perl_Keyword">fi</span>
+ <span class="perl_Keyword">if</span> ! <span class="perl_Reserved">test</span> -e %<span class="perl_DataType">{tlscert}</span> ; <span class="perl_Keyword">then</span>
+ <span class="perl_Others">cn=</span><span class="perl_String">"Automatically generated certificate for the %{tlsuser} service"</span>
+ <span class="perl_Others">req_args=</span><span class="perl_String">"-key %{tlskey} -out %{tlscert} -days 7305 -subj </span><span class="perl_DataType">\"</span><span class="perl_String">/CN=</span><span class="perl_Others">$cn</span><span class="perl_String">/</span><span class="perl_DataType">\"</span><span class="perl_String">"</span>
+ <span class="perl_BString">su</span> -s /bin/bash \
+ -c <span class="perl_String">"openssl req -new -x509 -extensions usr_cert </span><span class="perl_Others">$req_args</span><span class="perl_String">"</span> \
+ %<span class="perl_DataType">{tlsuser}</span>
+ <span class="perl_Keyword">fi</span>
+<span class="perl_Keyword">fi</span>
+
+%files
+%<span class="perl_BString">dir</span> %attr<span class="perl_Keyword">(</span>0755,%<span class="perl_DataType">{tlsuser}</span>,%{tlsuser]<span class="perl_Keyword">)</span> %<span class="perl_DataType">{tlsdir}</span>
+%ghost %attr<span class="perl_Keyword">(</span>0600,%<span class="perl_DataType">{tlsuser},%{tlsuser}</span><span class="perl_Keyword">)</span> %config<span class="perl_Keyword">(</span>noreplace<span class="perl_Keyword">)</span> %<span class="perl_DataType">{tlskey}</span>
+%ghost %attr<span class="perl_Keyword">(</span>0644,%<span class="perl_DataType">{tlsuser},%{tlsuser}</span><span class="perl_Keyword">)</span> %config<span class="perl_Keyword">(</span>noreplace<span class="perl_Keyword">)</span> %<span class="perl_DataType">{tlscert}</span>
+</pre></div></div><br class="example-break" /><div class="para">
+ The files containing the key material are marked as ghost configuration files. This ensures that they are tracked in the RPM database as associated with the package, but RPM will not create them when the package is installed and not verify their contents (the <code class="literal">%ghost</code>), or delete the files when the package is uninstalled (the <code class="literal">%config(noreplace)</code> part).
+ </div><div class="para">
+ If the <span class="emphasis"><em>directory</em></span> <code class="literal">%{tlsdir}</code> <span class="emphasis"><em>is owned by</em></span> <code class="literal">root</code>, use the code in <a class="xref" href="chap-Defensive_Coding-Tasks-Packaging.html#ex-Defensive_Coding-Packaging-Certificates-Unowned">Example 14.2, “Creating a key pair in a <code class="literal">root</code>-owned directory”</a>.
+ </div><div class="example" id="ex-Defensive_Coding-Packaging-Certificates-Unowned"><h6>Example 14.2. Creating a key pair in a <code class="literal">root</code>-owned directory</h6><div class="example-contents"><pre class="programlisting">
+%post
+<span class="perl_Keyword">if</span><span class="perl_Reserved"> [</span> <span class="perl_Others">$1</span> -eq 1<span class="perl_Reserved"> ]</span> ; <span class="perl_Keyword">then</span>
+ <span class="perl_Keyword">if</span> ! <span class="perl_Reserved">test</span> -e %<span class="perl_DataType">{tlskey}</span> ; <span class="perl_Keyword">then</span>
+ <span class="perl_Keyword">(</span><span class="perl_Reserved">umask</span> 077 <span class="perl_Keyword">&&</span> openssl genrsa -out %<span class="perl_DataType">{tlskey}</span> 2048 <span class="perl_Operator">2></span>/dev/null<span class="perl_Keyword">)</span>
+ <span class="perl_BString">chown</span> %<span class="perl_DataType">{tlsuser}</span> %<span class="perl_DataType">{tlskey}</span>
+ <span class="perl_Keyword">fi</span>
+ <span class="perl_Keyword">if</span> ! <span class="perl_Reserved">test</span> -e %<span class="perl_DataType">{tlscert}</span> ; <span class="perl_Keyword">then</span>
+ <span class="perl_Others">cn=</span><span class="perl_String">"Automatically generated certificate for the %{tlsuser} service"</span>
+ openssl req -new -x509 -extensions usr_cert \
+ -key %<span class="perl_DataType">{tlskey}</span> -out %<span class="perl_DataType">{tlscert}</span> -days 7305 -subj <span class="perl_String">"/CN=</span><span class="perl_Others">$cn</span><span class="perl_String">/"</span>
+ <span class="perl_Keyword">fi</span>
+<span class="perl_Keyword">fi</span>
+
+%files
+%<span class="perl_BString">dir</span> %attr<span class="perl_Keyword">(</span>0755,root,root]<span class="perl_Keyword">)</span> %<span class="perl_DataType">{tlsdir}</span>
+%ghost %attr<span class="perl_Keyword">(</span>0600,%<span class="perl_DataType">{tlsuser},%{tlsuser}</span><span class="perl_Keyword">)</span> %config<span class="perl_Keyword">(</span>noreplace<span class="perl_Keyword">)</span> %<span class="perl_DataType">{tlskey}</span>
+%ghost %attr<span class="perl_Keyword">(</span>0644,root,root<span class="perl_Keyword">)</span> %config<span class="perl_Keyword">(</span>noreplace<span class="perl_Keyword">)</span> %<span class="perl_DataType">{tlscert}</span>
+</pre></div></div><br class="example-break" /><div class="para">
+ In order for this to work, the package which generates the keys must require the <span class="application"><strong>openssl</strong></span> package. If the user which owns the key file is generated by a different package, the package generating the certificate must specify a <code class="literal">Requires(pre):</code> on the package which creates the user. This ensures that the user account will exist when it is needed for the <span class="application"><strong>su</strong></span> or <span class="application"><strong>chmod</strong></span> invocation.
+ </div></div></div><ul class="docnav"><li class="previous"><a accesskey="p" href="ch13s02.html"><strong>Prev</strong>13.2. Randomness</a></li><li class="up"><a accesskey="u" href="#"><strong>Up</strong></a></li><li class="home"><a accesskey="h" href="index.html"><strong>Home</strong></a></li><li class="next"><a accesskey="n" href="sect-Defensive_Coding-Tasks-Packaging-Certificates-Service.html"><strong>Next</strong>14.2. Generating X.509 self-signed certificates b...</a></li></ul></body></html>
\ No newline at end of file
diff --git a/public_html/en-US/Fedora_Security_Team/1/html/Defensive_Coding/chap-Defensive_Coding-Tasks-Serialization.html b/public_html/en-US/Fedora_Security_Team/1/html/Defensive_Coding/chap-Defensive_Coding-Tasks-Serialization.html
index 57b165f..90d13dd 100644
--- a/public_html/en-US/Fedora_Security_Team/1/html/Defensive_Coding/chap-Defensive_Coding-Tasks-Serialization.html
+++ b/public_html/en-US/Fedora_Security_Team/1/html/Defensive_Coding/chap-Defensive_Coding-Tasks-Serialization.html
@@ -1,15 +1,15 @@
<?xml version="1.0" encoding="UTF-8" standalone="no"?>
-<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd"><html xmlns="http://www.w3.org/1999/xhtml"><head><meta http-equiv="Content-Type" content="text/html; charset=UTF-8" /><title>Chapter 10. Serialization and Deserialization</title><link rel="stylesheet" type="text/css" href="Common_Content/css/default.css" /><link rel="stylesheet" media="print" href="Common_Content/css/print.css" type="text/css" /><meta name="generator" content="publican 2.8" /><meta name="package" content="Fedora_Security_Team-Defensive_Coding-1-en-US--" /><script type="text/javascript" src="../../../../../toc.js"></script><script type="text/javascript">
+<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd"><html xmlns="http://www.w3.org/1999/xhtml"><head><meta http-equiv="Content-Type" content="text/html; charset=UTF-8" /><title>Chapter 12. Serialization and Deserialization</title><link rel="stylesheet" type="text/css" href="Common_Content/css/default.css" /><link rel="stylesheet" media="print" href="Common_Content/css/print.css" type="text/css" /><meta name="generator" content="publican 2.8" /><meta name="package" content="Fedora_Security_Team-Defensive_Coding-1-en-US-1-1" /><script type="text/javascript" src="../../../../../toc.js"></script><script type="text/javascript">
addID('Fedora_Security_Team');
addID('Fedora_Security_Team.1');
addID('Fedora_Security_Team.1.books');
addID('Fedora_Security_Team.1.Defensive_Coding');
- </script><link rel="home" href="index.html" title="Defensive Coding" /><link rel="up" href="pt02.html" title="Part II. Specific Programming Tasks" /><link rel="prev" href="sect-Defensive_Coding-Tasks-Processes-Fork-Parallel.html" title="9.6. fork as a primitive for parallelism" /><link rel="next" href="ch10s02.html" title="10.2. Protocol design" /></head><body class="toc_embeded "><div id="tocdiv" class="toc"><iframe id="tocframe" class="toc" src="../../../../toc.html">This is an iframe, to view it upgrade your browser or enable iframe display.</iframe></div><p id="title"><a class="left" href="http://www.fedoraproject.org"><img src="Common_Content/images/image_left.png" alt="Product Site" /></a><a class="right" href="http://docs.fedoraproject.org"><img src="Common_Content/images/image_right.png" alt="Documentation Site" /></a></p><ul class="docnav"><li class="previous"><a accesskey="p" href="sect-Defensive_Coding-Tasks-Processes-Fork-Parallel.html"><strong>
Prev</strong></a></li><li class="next"><a accesskey="n" href="ch10s02.html"><strong>Next</strong></a></li></ul><div xml:lang="en-US" class="chapter" id="chap-Defensive_Coding-Tasks-Serialization" lang="en-US"><div class="titlepage"><div><div><h2 class="title">Chapter 10. Serialization and Deserialization</h2></div></div></div><div class="toc"><dl class="toc"><dt><span class="section"><a href="chap-Defensive_Coding-Tasks-Serialization.html#sect-Defensive_Coding-Tasks-Serialization-Decoders">10.1. Recommendations for manually written decoders</a></span></dt><dt><span class="section"><a href="ch10s02.html">10.2. Protocol design</a></span></dt><dt><span class="section"><a href="ch10s03.html">10.3. Library support for deserialization</a></span></dt><dt><span class="section"><a href="sect-Defensive_Coding-Tasks-Serialization-XML.html">10.4. XML serialization</a></span></dt><dd><dl><dt><span class="section"><a href="sect-Defensive_Coding-Tasks-Serialization-XML.html#sect-Defensiv
e_Coding-Tasks-Serialization-XML-External">10.4.1. External references</a></span></dt><dt><span class="section"><a href="sect-Defensive_Coding-Tasks-Serialization-XML-Entities.html">10.4.2. Entity expansion</a></span></dt><dt><span class="section"><a href="sect-Defensive_Coding-Tasks-Serialization-XML-XInclude.html">10.4.3. XInclude processing</a></span></dt><dt><span class="section"><a href="sect-Defensive_Coding-Tasks-Serialization-XML-Validation.html">10.4.4. Algorithmic complexity of XML validation</a></span></dt><dt><span class="section"><a href="sect-Defensive_Coding-Tasks-Serialization-XML-Expat.html">10.4.5. Using Expat for XML parsing</a></span></dt><dt><span class="section"><a href="sect-Defensive_Coding-Tasks-Serialization-Qt.html">10.4.6. Using Qt for XML parsing</a></span></dt><dt><span class="section"><a href="sect-Defensive_Coding-Tasks-Serialization-XML-OpenJDK_Parse.html">10.4.7. Using OpenJDK for XML parsing and validation</a></span></dt></dl></dd><dt><span
class="section"><a href="ch10s05.html">10.5. Protocol Encoders</a></span></dt></dl></div><div class="para">
+ </script><link rel="home" href="index.html" title="Defensive Coding" /><link rel="up" href="pt02.html" title="Part II. Specific Programming Tasks" /><link rel="prev" href="sect-Defensive_Coding-Tasks-Processes-Fork-Parallel.html" title="11.6. fork as a primitive for parallelism" /><link rel="next" href="ch12s02.html" title="12.2. Protocol design" /></head><body class="toc_embeded "><div id="tocdiv" class="toc"><iframe id="tocframe" class="toc" src="../../../../toc.html">This is an iframe, to view it upgrade your browser or enable iframe display.</iframe></div><p id="title"><a class="left" href="http://www.fedoraproject.org"><img src="Common_Content/images/image_left.png" alt="Product Site" /></a><a class="right" href="http://docs.fedoraproject.org"><img src="Common_Content/images/image_right.png" alt="Documentation Site" /></a></p><ul class="docnav"><li class="previous"><a accesskey="p" href="sect-Defensive_Coding-Tasks-Processes-Fork-Parallel.html"><strong
>Prev</strong></a></li><li class="next"><a accesskey="n" href="ch12s02.html"><strong>Next</strong></a></li></ul><div xml:lang="en-US" class="chapter" id="chap-Defensive_Coding-Tasks-Serialization" lang="en-US"><div class="titlepage"><div><div><h2 class="title">Chapter 12. Serialization and Deserialization</h2></div></div></div><div class="toc"><dl class="toc"><dt><span class="section"><a href="chap-Defensive_Coding-Tasks-Serialization.html#sect-Defensive_Coding-Tasks-Serialization-Decoders">12.1. Recommendations for manually written decoders</a></span></dt><dt><span class="section"><a href="ch12s02.html">12.2. Protocol design</a></span></dt><dt><span class="section"><a href="sect-Defensive_Coding-Tasks-Serialization-Fragmentation.html">12.3. Fragmentation</a></span></dt><dd><dl><dt><span class="section"><a href="sect-Defensive_Coding-Tasks-Serialization-Fragmentation.html#sect-Defensive_Coding-Tasks-Serialization-Fragmentation-ID">12.3.1. Fragment IDs</a></span></dt></dl><
/dd><dt><span class="section"><a href="ch12s04.html">12.4. Library support for deserialization</a></span></dt><dt><span class="section"><a href="sect-Defensive_Coding-Tasks-Serialization-XML.html">12.5. XML serialization</a></span></dt><dd><dl><dt><span class="section"><a href="sect-Defensive_Coding-Tasks-Serialization-XML.html#sect-Defensive_Coding-Tasks-Serialization-XML-External">12.5.1. External references</a></span></dt><dt><span class="section"><a href="sect-Defensive_Coding-Tasks-Serialization-XML-Entities.html">12.5.2. Entity expansion</a></span></dt><dt><span class="section"><a href="sect-Defensive_Coding-Tasks-Serialization-XML-XInclude.html">12.5.3. XInclude processing</a></span></dt><dt><span class="section"><a href="sect-Defensive_Coding-Tasks-Serialization-XML-Validation.html">12.5.4. Algorithmic complexity of XML validation</a></span></dt><dt><span class="section"><a href="sect-Defensive_Coding-Tasks-Serialization-XML-Expat.html">12.5.5. Using Expat for XML pa
rsing</a></span></dt><dt><span class="section"><a href="sect-Defensive_Coding-Tasks-Serialization-Qt.html">12.5.6. Using Qt for XML parsing</a></span></dt><dt><span class="section"><a href="sect-Defensive_Coding-Tasks-Serialization-XML-OpenJDK_Parse.html">12.5.7. Using OpenJDK for XML parsing and validation</a></span></dt></dl></dd><dt><span class="section"><a href="ch12s06.html">12.6. Protocol Encoders</a></span></dt></dl></div><div class="para">
Protocol decoders and file format parsers are often the most-exposed part of an application because they are exposed with little or no user interaction and before any authentication and security checks are made. They are also difficult to write robustly in languages which are not memory-safe.
- </div><div class="section" id="sect-Defensive_Coding-Tasks-Serialization-Decoders"><div class="titlepage"><div><div keep-together.within-column="always"><h2 class="title">10.1. Recommendations for manually written decoders</h2></div></div></div><div class="para">
+ </div><div class="section" id="sect-Defensive_Coding-Tasks-Serialization-Decoders"><div class="titlepage"><div><div keep-together.within-column="always"><h2 class="title">12.1. Recommendations for manually written decoders</h2></div></div></div><div class="para">
For C and C++, the advice in <a class="xref" href="chap-Defensive_Coding-C.html#sect-Defensive_Coding-C-Pointers">Section 1.1.2, “Recommendations for pointers and array handling”</a> applies. In addition, avoid non-character pointers directly into input buffers. Pointer misalignment causes crashes on some architectures.
</div><div class="para">
When reading variable-sized objects, do not allocate large amounts of data solely based on the value of a size field. If possible, grow the data structure as more data is read from the source, and stop when no data is available. This helps to avoid denial-of-service attacks where little amounts of input data results in enormous memory allocations during decoding. Alternatively, you can impose reasonable bounds on memory allocations, but some protocols do not permit this.
- </div></div></div><ul class="docnav"><li class="previous"><a accesskey="p" href="sect-Defensive_Coding-Tasks-Processes-Fork-Parallel.html"><strong>Prev</strong>9.6. fork as a primitive for parallelism</a></li><li class="up"><a accesskey="u" href="#"><strong>Up</strong></a></li><li class="home"><a accesskey="h" href="index.html"><strong>Home</strong></a></li><li class="next"><a accesskey="n" href="ch10s02.html"><strong>Next</strong>10.2. Protocol design</a></li></ul></body></html>
\ No newline at end of file
+ </div></div></div><ul class="docnav"><li class="previous"><a accesskey="p" href="sect-Defensive_Coding-Tasks-Processes-Fork-Parallel.html"><strong>Prev</strong>11.6. fork as a primitive for parallelism</a></li><li class="up"><a accesskey="u" href="#"><strong>Up</strong></a></li><li class="home"><a accesskey="h" href="index.html"><strong>Home</strong></a></li><li class="next"><a accesskey="n" href="ch12s02.html"><strong>Next</strong>12.2. Protocol design</a></li></ul></body></html>
\ No newline at end of file
diff --git a/public_html/en-US/Fedora_Security_Team/1/html/Defensive_Coding/chap-Defensive_Coding-Tasks-Temporary_Directory.html b/public_html/en-US/Fedora_Security_Team/1/html/Defensive_Coding/chap-Defensive_Coding-Tasks-Temporary_Directory.html
index 1d20070..d04c5f5 100644
--- a/public_html/en-US/Fedora_Security_Team/1/html/Defensive_Coding/chap-Defensive_Coding-Tasks-Temporary_Directory.html
+++ b/public_html/en-US/Fedora_Security_Team/1/html/Defensive_Coding/chap-Defensive_Coding-Tasks-Temporary_Directory.html
@@ -1,15 +1,15 @@
<?xml version="1.0" encoding="UTF-8" standalone="no"?>
-<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd"><html xmlns="http://www.w3.org/1999/xhtml"><head><meta http-equiv="Content-Type" content="text/html; charset=UTF-8" /><title>8.4. Temporary directories</title><link rel="stylesheet" type="text/css" href="Common_Content/css/default.css" /><link rel="stylesheet" media="print" href="Common_Content/css/print.css" type="text/css" /><meta name="generator" content="publican 2.8" /><meta name="package" content="Fedora_Security_Team-Defensive_Coding-1-en-US--" /><script type="text/javascript" src="../../../../../toc.js"></script><script type="text/javascript">
+<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd"><html xmlns="http://www.w3.org/1999/xhtml"><head><meta http-equiv="Content-Type" content="text/html; charset=UTF-8" /><title>10.4. Temporary directories</title><link rel="stylesheet" type="text/css" href="Common_Content/css/default.css" /><link rel="stylesheet" media="print" href="Common_Content/css/print.css" type="text/css" /><meta name="generator" content="publican 2.8" /><meta name="package" content="Fedora_Security_Team-Defensive_Coding-1-en-US-1-1" /><script type="text/javascript" src="../../../../../toc.js"></script><script type="text/javascript">
addID('Fedora_Security_Team');
addID('Fedora_Security_Team.1');
addID('Fedora_Security_Team.1.books');
addID('Fedora_Security_Team.1.Defensive_Coding');
- </script><link rel="home" href="index.html" title="Defensive Coding" /><link rel="up" href="chap-Defensive_Coding-Tasks-Temporary_Files.html" title="Chapter 8. Temporary files" /><link rel="prev" href="ch08s03.html" title="8.3. Temporary files without names" /><link rel="next" href="ch08s05.html" title="8.5. Compensating for unsafe file creation" /></head><body class="toc_embeded "><div id="tocdiv" class="toc"><iframe id="tocframe" class="toc" src="../../../../toc.html">This is an iframe, to view it upgrade your browser or enable iframe display.</iframe></div><p id="title"><a class="left" href="http://www.fedoraproject.org"><img src="Common_Content/images/image_left.png" alt="Product Site" /></a><a class="right" href="http://docs.fedoraproject.org"><img src="Common_Content/images/image_right.png" alt="Documentation Site" /></a></p><ul class="docnav"><li class="previous"><a accesskey="p" href="ch08s03.html"><strong>Prev</strong></a></li><li class="next"><a a
ccesskey="n" href="ch08s05.html"><strong>Next</strong></a></li></ul><div class="section" id="chap-Defensive_Coding-Tasks-Temporary_Directory"><div class="titlepage"><div><div keep-together.within-column="always"><h2 class="title">8.4. Temporary directories</h2></div></div></div><div class="para">
- The <code class="function">mkdtemp</code> function can be used to create a temporary directory. (For determining the directory part of the file name pattern, see <a class="xref" href="chap-Defensive_Coding-Tasks-Temporary_Files.html#chap-Defensive_Coding-Tasks-Temporary_Files-Location">Section 8.1, “Obtaining the location of temporary directory”</a>.) The directory is not automatically removed. In Python, this function is available as <code class="function">tempfile.mkdtemp</code>. In Java 7, temporary directories can be created using the <code class="function">java.nio.file.Files.createTempDirectory(Path, String, FileAttribute...)</code> function.
+ </script><link rel="home" href="index.html" title="Defensive Coding" /><link rel="up" href="chap-Defensive_Coding-Tasks-Temporary_Files.html" title="Chapter 10. Temporary files" /><link rel="prev" href="ch10s03.html" title="10.3. Temporary files without names" /><link rel="next" href="ch10s05.html" title="10.5. Compensating for unsafe file creation" /></head><body class="toc_embeded "><div id="tocdiv" class="toc"><iframe id="tocframe" class="toc" src="../../../../toc.html">This is an iframe, to view it upgrade your browser or enable iframe display.</iframe></div><p id="title"><a class="left" href="http://www.fedoraproject.org"><img src="Common_Content/images/image_left.png" alt="Product Site" /></a><a class="right" href="http://docs.fedoraproject.org"><img src="Common_Content/images/image_right.png" alt="Documentation Site" /></a></p><ul class="docnav"><li class="previous"><a accesskey="p" href="ch10s03.html"><strong>Prev</strong></a></li><li class="next"><
a accesskey="n" href="ch10s05.html"><strong>Next</strong></a></li></ul><div class="section" id="chap-Defensive_Coding-Tasks-Temporary_Directory"><div class="titlepage"><div><div keep-together.within-column="always"><h2 class="title">10.4. Temporary directories</h2></div></div></div><div class="para">
+ The <code class="function">mkdtemp</code> function can be used to create a temporary directory. (For determining the directory part of the file name pattern, see <a class="xref" href="chap-Defensive_Coding-Tasks-Temporary_Files.html#chap-Defensive_Coding-Tasks-Temporary_Files-Location">Section 10.1, “Obtaining the location of temporary directory”</a>.) The directory is not automatically removed. In Python, this function is available as <code class="function">tempfile.mkdtemp</code>. In Java 7, temporary directories can be created using the <code class="function">java.nio.file.Files.createTempDirectory(Path, String, FileAttribute...)</code> function.
</div><div class="para">
When creating files in the temporary directory, use automatically generated names, e.g., derived from a sequential counter. Files with externally provided names could be picked up in unexpected contexts, and crafted names could actually point outside of the tempoary directory (due to <span class="emphasis"><em>directory traversal</em></span>).
</div><div class="para">
Removing a directory tree in a completely safe manner is complicated. Unless there are overriding performance concerns, the <span class="application"><strong>rm</strong></span> program should be used, with the <code class="option">-rf</code> and <code class="option">--</code> options.
- </div></div><ul class="docnav"><li class="previous"><a accesskey="p" href="ch08s03.html"><strong>Prev</strong>8.3. Temporary files without names</a></li><li class="up"><a accesskey="u" href="#"><strong>Up</strong></a></li><li class="home"><a accesskey="h" href="index.html"><strong>Home</strong></a></li><li class="next"><a accesskey="n" href="ch08s05.html"><strong>Next</strong>8.5. Compensating for unsafe file creation</a></li></ul></body></html>
\ No newline at end of file
+ </div></div><ul class="docnav"><li class="previous"><a accesskey="p" href="ch10s03.html"><strong>Prev</strong>10.3. Temporary files without names</a></li><li class="up"><a accesskey="u" href="#"><strong>Up</strong></a></li><li class="home"><a accesskey="h" href="index.html"><strong>Home</strong></a></li><li class="next"><a accesskey="n" href="ch10s05.html"><strong>Next</strong>10.5. Compensating for unsafe file creation</a></li></ul></body></html>
\ No newline at end of file
diff --git a/public_html/en-US/Fedora_Security_Team/1/html/Defensive_Coding/chap-Defensive_Coding-Tasks-Temporary_Files.html b/public_html/en-US/Fedora_Security_Team/1/html/Defensive_Coding/chap-Defensive_Coding-Tasks-Temporary_Files.html
index 4dc7366..c867811 100644
--- a/public_html/en-US/Fedora_Security_Team/1/html/Defensive_Coding/chap-Defensive_Coding-Tasks-Temporary_Files.html
+++ b/public_html/en-US/Fedora_Security_Team/1/html/Defensive_Coding/chap-Defensive_Coding-Tasks-Temporary_Files.html
@@ -1,17 +1,17 @@
<?xml version="1.0" encoding="UTF-8" standalone="no"?>
-<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd"><html xmlns="http://www.w3.org/1999/xhtml"><head><meta http-equiv="Content-Type" content="text/html; charset=UTF-8" /><title>Chapter 8. Temporary files</title><link rel="stylesheet" type="text/css" href="Common_Content/css/default.css" /><link rel="stylesheet" media="print" href="Common_Content/css/print.css" type="text/css" /><meta name="generator" content="publican 2.8" /><meta name="package" content="Fedora_Security_Team-Defensive_Coding-1-en-US--" /><script type="text/javascript" src="../../../../../toc.js"></script><script type="text/javascript">
+<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd"><html xmlns="http://www.w3.org/1999/xhtml"><head><meta http-equiv="Content-Type" content="text/html; charset=UTF-8" /><title>Chapter 10. Temporary files</title><link rel="stylesheet" type="text/css" href="Common_Content/css/default.css" /><link rel="stylesheet" media="print" href="Common_Content/css/print.css" type="text/css" /><meta name="generator" content="publican 2.8" /><meta name="package" content="Fedora_Security_Team-Defensive_Coding-1-en-US-1-1" /><script type="text/javascript" src="../../../../../toc.js"></script><script type="text/javascript">
addID('Fedora_Security_Team');
addID('Fedora_Security_Team.1');
addID('Fedora_Security_Team.1.books');
addID('Fedora_Security_Team.1.Defensive_Coding');
- </script><link rel="home" href="index.html" title="Defensive Coding" /><link rel="up" href="pt02.html" title="Part II. Specific Programming Tasks" /><link rel="prev" href="sect-Defensive_Coding-Tasks-File_System-Free_Space.html" title="7.5. Checking free space" /><link rel="next" href="ch08s02.html" title="8.2. Named temporary files" /></head><body class="toc_embeded "><div id="tocdiv" class="toc"><iframe id="tocframe" class="toc" src="../../../../toc.html">This is an iframe, to view it upgrade your browser or enable iframe display.</iframe></div><p id="title"><a class="left" href="http://www.fedoraproject.org"><img src="Common_Content/images/image_left.png" alt="Product Site" /></a><a class="right" href="http://docs.fedoraproject.org"><img src="Common_Content/images/image_right.png" alt="Documentation Site" /></a></p><ul class="docnav"><li class="previous"><a accesskey="p" href="sect-Defensive_Coding-Tasks-File_System-Free_Space.html"><strong>Prev</strong>
</a></li><li class="next"><a accesskey="n" href="ch08s02.html"><strong>Next</strong></a></li></ul><div xml:lang="en-US" class="chapter" id="chap-Defensive_Coding-Tasks-Temporary_Files" lang="en-US"><div class="titlepage"><div><div><h2 class="title">Chapter 8. Temporary files</h2></div></div></div><div class="toc"><dl class="toc"><dt><span class="section"><a href="chap-Defensive_Coding-Tasks-Temporary_Files.html#chap-Defensive_Coding-Tasks-Temporary_Files-Location">8.1. Obtaining the location of temporary directory</a></span></dt><dt><span class="section"><a href="ch08s02.html">8.2. Named temporary files</a></span></dt><dt><span class="section"><a href="ch08s03.html">8.3. Temporary files without names</a></span></dt><dt><span class="section"><a href="chap-Defensive_Coding-Tasks-Temporary_Directory.html">8.4. Temporary directories</a></span></dt><dt><span class="section"><a href="ch08s05.html">8.5. Compensating for unsafe file creation</a></span></dt></dl></div><div class="p
ara">
- In this chapter, we describe how to create temporary files and directories, how to remove them, and how to work with programs which do not create files in ways that a safe with a shared directory for temporary files. General file system manipulation is treated in a separate chapter, <a class="xref" href="chap-Defensive_Coding-Tasks-File_System.html">Chapter 7, <em>File system manipulation</em></a>.
+ </script><link rel="home" href="index.html" title="Defensive Coding" /><link rel="up" href="pt02.html" title="Part II. Specific Programming Tasks" /><link rel="prev" href="sect-Defensive_Coding-Tasks-File_System-Free_Space.html" title="9.5. Checking free space" /><link rel="next" href="ch10s02.html" title="10.2. Named temporary files" /></head><body class="toc_embeded "><div id="tocdiv" class="toc"><iframe id="tocframe" class="toc" src="../../../../toc.html">This is an iframe, to view it upgrade your browser or enable iframe display.</iframe></div><p id="title"><a class="left" href="http://www.fedoraproject.org"><img src="Common_Content/images/image_left.png" alt="Product Site" /></a><a class="right" href="http://docs.fedoraproject.org"><img src="Common_Content/images/image_right.png" alt="Documentation Site" /></a></p><ul class="docnav"><li class="previous"><a accesskey="p" href="sect-Defensive_Coding-Tasks-File_System-Free_Space.html"><strong>Prev</strong
></a></li><li class="next"><a accesskey="n" href="ch10s02.html"><strong>Next</strong></a></li></ul><div xml:lang="en-US" class="chapter" id="chap-Defensive_Coding-Tasks-Temporary_Files" lang="en-US"><div class="titlepage"><div><div><h2 class="title">Chapter 10. Temporary files</h2></div></div></div><div class="toc"><dl class="toc"><dt><span class="section"><a href="chap-Defensive_Coding-Tasks-Temporary_Files.html#chap-Defensive_Coding-Tasks-Temporary_Files-Location">10.1. Obtaining the location of temporary directory</a></span></dt><dt><span class="section"><a href="ch10s02.html">10.2. Named temporary files</a></span></dt><dt><span class="section"><a href="ch10s03.html">10.3. Temporary files without names</a></span></dt><dt><span class="section"><a href="chap-Defensive_Coding-Tasks-Temporary_Directory.html">10.4. Temporary directories</a></span></dt><dt><span class="section"><a href="ch10s05.html">10.5. Compensating for unsafe file creation</a></span></dt></dl></div><div c
lass="para">
+ In this chapter, we describe how to create temporary files and directories, how to remove them, and how to work with programs which do not create files in ways that are safe with a shared directory for temporary files. General file system manipulation is treated in a separate chapter, <a class="xref" href="chap-Defensive_Coding-Tasks-File_System.html">Chapter 9, <em>File system manipulation</em></a>.
</div><div class="para">
Secure creation of temporary files has four different aspects.
</div><div class="itemizedlist"><ul><li class="listitem"><div class="para">
- The location of the directory for temporary files must be obtained in a secure manner (that is, untrusted environment variables must be ignored, see <a class="xref" href="ch09s03.html#sect-Defensive_Coding-Tasks-secure_getenv">Section 9.3.1, “Accessing environment variables”</a>).
+ The location of the directory for temporary files must be obtained in a secure manner (that is, untrusted environment variables must be ignored, see <a class="xref" href="ch11s03.html#sect-Defensive_Coding-Tasks-secure_getenv">Section 11.3.1, “Accessing environment variables”</a>).
</div></li><li class="listitem"><div class="para">
A new file must be created. Reusing an existing file must be avoided (the <code class="filename">/tmp</code> race condition). This is tricky because traditionally, system-wide temporary directories shared by all users are used.
</div></li><li class="listitem"><div class="para">
@@ -22,7 +22,7 @@
All functions mentioned below will take care of these aspects.
</div><div class="para">
Traditionally, temporary files are often used to reduce memory usage of programs. More and more systems use RAM-based file systems such as <code class="literal">tmpfs</code> for storing temporary files, to increase performance and decrease wear on Flash storage. As a result, spooling data to temporary files does not result in any memory savings, and the related complexity can be avoided if the data is kept in process memory.
- </div><div class="section" id="chap-Defensive_Coding-Tasks-Temporary_Files-Location"><div class="titlepage"><div><div keep-together.within-column="always"><h2 class="title">8.1. Obtaining the location of temporary directory</h2></div></div></div><div class="para">
+ </div><div class="section" id="chap-Defensive_Coding-Tasks-Temporary_Files-Location"><div class="titlepage"><div><div keep-together.within-column="always"><h2 class="title">10.1. Obtaining the location of temporary directory</h2></div></div></div><div class="para">
Some functions below need the location of a directory which stores temporary files. For C/C++ programs, use the following steps to obtain that directory:
</div><div class="itemizedlist"><ul><li class="listitem"><div class="para">
Use <code class="function">secure_getenv</code> to obtain the value of the <code class="literal">TMPDIR</code> environment variable. If it is set, convert the path to a fully-resolved absolute path, using <code class="literal">realpath(path, NULL)</code>. Check if the new path refers to a directory and is writeable. In this case, use it as the temporary directory.
@@ -32,4 +32,4 @@
In Python, you can use the <code class="varname">tempfile.tempdir</code> variable.
</div><div class="para">
Java does not support SUID/SGID programs, so you can use the <code class="function">java.lang.System.getenv(String)</code> method to obtain the value of the <code class="literal">TMPDIR</code> environment variable, and follow the two steps described above. (Java's default directory selection does not honor <code class="literal">TMPDIR</code>.)
- </div></div></div><ul class="docnav"><li class="previous"><a accesskey="p" href="sect-Defensive_Coding-Tasks-File_System-Free_Space.html"><strong>Prev</strong>7.5. Checking free space</a></li><li class="up"><a accesskey="u" href="#"><strong>Up</strong></a></li><li class="home"><a accesskey="h" href="index.html"><strong>Home</strong></a></li><li class="next"><a accesskey="n" href="ch08s02.html"><strong>Next</strong>8.2. Named temporary files</a></li></ul></body></html>
\ No newline at end of file
+ </div></div></div><ul class="docnav"><li class="previous"><a accesskey="p" href="sect-Defensive_Coding-Tasks-File_System-Free_Space.html"><strong>Prev</strong>9.5. Checking free space</a></li><li class="up"><a accesskey="u" href="#"><strong>Up</strong></a></li><li class="home"><a accesskey="h" href="index.html"><strong>Home</strong></a></li><li class="next"><a accesskey="n" href="ch10s02.html"><strong>Next</strong>10.2. Named temporary files</a></li></ul></body></html>
\ No newline at end of file
diff --git a/public_html/en-US/Fedora_Security_Team/1/html/Defensive_Coding/chap-Defensive_Coding-Vala.html b/public_html/en-US/Fedora_Security_Team/1/html/Defensive_Coding/chap-Defensive_Coding-Vala.html
new file mode 100644
index 0000000..dc00323
--- /dev/null
+++ b/public_html/en-US/Fedora_Security_Team/1/html/Defensive_Coding/chap-Defensive_Coding-Vala.html
@@ -0,0 +1,21 @@
+<?xml version="1.0" encoding="UTF-8" standalone="no"?>
+<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd"><html xmlns="http://www.w3.org/1999/xhtml"><head><meta http-equiv="Content-Type" content="text/html; charset=UTF-8" /><title>Chapter 6. The Vala Programming Language</title><link rel="stylesheet" type="text/css" href="Common_Content/css/default.css" /><link rel="stylesheet" media="print" href="Common_Content/css/print.css" type="text/css" /><meta name="generator" content="publican 2.8" /><meta name="package" content="Fedora_Security_Team-Defensive_Coding-1-en-US-1-1" /><script type="text/javascript" src="../../../../../toc.js"></script><script type="text/javascript">
+ addID('Fedora_Security_Team');
+
+ addID('Fedora_Security_Team.1');
+
+ addID('Fedora_Security_Team.1.books');
+ addID('Fedora_Security_Team.1.Defensive_Coding');
+ </script><link rel="home" href="index.html" title="Defensive Coding" /><link rel="up" href="pt01.html" title="Part I. Programming Languages" /><link rel="prev" href="chap-Defensive_Coding-Go-Garbage_Collector.html" title="5.3. Garbage Collector" /><link rel="next" href="pt02.html" title="Part II. Specific Programming Tasks" /></head><body class="toc_embeded "><div id="tocdiv" class="toc"><iframe id="tocframe" class="toc" src="../../../../toc.html">This is an iframe, to view it upgrade your browser or enable iframe display.</iframe></div><p id="title"><a class="left" href="http://www.fedoraproject.org"><img src="Common_Content/images/image_left.png" alt="Product Site" /></a><a class="right" href="http://docs.fedoraproject.org"><img src="Common_Content/images/image_right.png" alt="Documentation Site" /></a></p><ul class="docnav"><li class="previous"><a accesskey="p" href="chap-Defensive_Coding-Go-Garbage_Collector.html"><strong>Prev</strong></a></li><li clas
s="next"><a accesskey="n" href="pt02.html"><strong>Next</strong></a></li></ul><div xml:lang="en-US" class="chapter" id="chap-Defensive_Coding-Vala" lang="en-US"><div class="titlepage"><div><div><h2 class="title">Chapter 6. The Vala Programming Language</h2></div></div></div><div class="para">
+ Vala is a programming language mainly targeted at GNOME developers.
+ </div><div class="para">
+ Its syntax is inspired by C# (and thus, indirectly, by Java). But unlike C# and Java, Vala does not attempt to provide memory safety: Vala is compiled to C, and the C code is compiled with GCC using typical compiler flags. Basic operations like integer arithmetic are directly mapped to C constructs. As a results, the recommendations in <a class="xref" href="chap-Defensive_Coding-C.html">Chapter 1, <em>The C Programming Language</em></a> apply.
+ </div><div class="para">
+ In particular, the following Vala language constructs can result in undefined behavior at run time:
+ </div><div class="itemizedlist"><ul><li class="listitem"><div class="para">
+ Integer arithmetic, as described in <a class="xref" href="chap-Defensive_Coding-C.html#sect-Defensive_Coding-C-Arithmetic">Section 1.1.3, “Recommendations for integer arithmetic”</a>.
+ </div></li><li class="listitem"><div class="para">
+ Pointer arithmetic, string subscripting and the <code class="literal">substring</code> method on strings (the <code class="literal">string</code> class in the <code class="literal">glib-2.0</code> package) are not range-checked. It is the responsibility of the calling code to ensure that the arguments being passed are valid. This applies even to cases (like <code class="literal">substring</code>) where the implementation would have range information to check the validity of indexes. See <a class="xref" href="chap-Defensive_Coding-C.html#sect-Defensive_Coding-C-Pointers">Section 1.1.2, “Recommendations for pointers and array handling”</a>.
+ </div></li><li class="listitem"><div class="para">
+ Similarly, Vala only performs garbage collection (through reference counting) for <code class="literal">GObject</code> values. For plain C pointers (such as strings), the programmer has to ensure that storage is deallocated once it is no longer needed (to avoid memory leaks), and that storage is not being deallocated while it is still being used (see <a class="xref" href="sect-Defensive_Coding-C-Allocators.html#sect-Defensive_Coding-C-Use-After-Free">Section 1.3.1.1, “Use-after-free errors”</a>).
+ </div></li></ul></div></div><ul class="docnav"><li class="previous"><a accesskey="p" href="chap-Defensive_Coding-Go-Garbage_Collector.html"><strong>Prev</strong>5.3. Garbage Collector</a></li><li class="up"><a accesskey="u" href="#"><strong>Up</strong></a></li><li class="home"><a accesskey="h" href="index.html"><strong>Home</strong></a></li><li class="next"><a accesskey="n" href="pt02.html"><strong>Next</strong>Part II. Specific Programming Tasks</a></li></ul></body></html>
\ No newline at end of file
diff --git a/public_html/en-US/Fedora_Security_Team/1/html/Defensive_Coding/index.html b/public_html/en-US/Fedora_Security_Team/1/html/Defensive_Coding/index.html
index 32f3767..2e3e451 100644
--- a/public_html/en-US/Fedora_Security_Team/1/html/Defensive_Coding/index.html
+++ b/public_html/en-US/Fedora_Security_Team/1/html/Defensive_Coding/index.html
@@ -1,16 +1,16 @@
<?xml version="1.0" encoding="UTF-8" standalone="no"?>
-<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd"><html xmlns="http://www.w3.org/1999/xhtml"><head><meta http-equiv="Content-Type" content="text/html; charset=UTF-8" /><title>Defensive Coding</title><link rel="stylesheet" type="text/css" href="Common_Content/css/default.css" /><link rel="stylesheet" media="print" href="Common_Content/css/print.css" type="text/css" /><meta name="generator" content="publican 2.8" /><meta name="package" content="Fedora_Security_Team-Defensive_Coding-1-en-US--" /><meta name="description" content="This document provides guidelines for improving software security through secure coding. It covers common programming languages and libraries, and focuses on concrete recommendations." /><script type="text/javascript" src="../../../../../toc.js"></script><script type="text/javascript">
+<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd"><html xmlns="http://www.w3.org/1999/xhtml"><head><meta http-equiv="Content-Type" content="text/html; charset=UTF-8" /><title>Defensive Coding</title><link rel="stylesheet" type="text/css" href="Common_Content/css/default.css" /><link rel="stylesheet" media="print" href="Common_Content/css/print.css" type="text/css" /><meta name="generator" content="publican 2.8" /><meta name="package" content="Fedora_Security_Team-Defensive_Coding-1-en-US-1-1" /><meta name="description" content="This document provides guidelines for improving software security through secure coding. It covers common programming languages and libraries, and focuses on concrete recommendations." /><script type="text/javascript" src="../../../../../toc.js"></script><script type="text/javascript">
addID('Fedora_Security_Team');
addID('Fedora_Security_Team.1');
addID('Fedora_Security_Team.1.books');
addID('Fedora_Security_Team.1.Defensive_Coding');
- </script><link rel="home" href="index.html" title="Defensive Coding" /><link rel="next" href="pt01.html" title="Part I. Programming Languages" /></head><body class="toc_embeded "><div id="tocdiv" class="toc"><iframe id="tocframe" class="toc" src="../../../../toc.html">This is an iframe, to view it upgrade your browser or enable iframe display.</iframe></div><p id="title"><a class="left" href="http://www.fedoraproject.org"><img src="Common_Content/images/image_left.png" alt="Product Site" /></a><a class="right" href="http://docs.fedoraproject.org"><img src="Common_Content/images/image_right.png" alt="Documentation Site" /></a></p><ul class="docnav"><li class="previous"></li><li class="next"><a accesskey="n" href="pt01.html"><strong>Next</strong></a></li></ul><div xml:lang="en-US" class="book" id="idm217621944128" lang="en-US"><div class="titlepage"><div><div class="producttitle" font-family="sans-serif,Symbol,ZapfDingbats" font-weight="bold" font-size="12pt" t
ext-align="center"><span class="productname">Fedora Security Team</span> <span class="productnumber"></span></div><div font-family="sans-serif,Symbol,ZapfDingbats" font-weight="bold" font-size="12pt" text-align="center"><h1 id="idm217621944128" class="title">Defensive Coding</h1></div><div font-family="sans-serif,Symbol,ZapfDingbats" font-weight="bold" font-size="12pt" text-align="center"><h2 class="subtitle">A Guide to Improving Software Security</h2></div><p class="edition">Edition </p><div font-family="sans-serif,Symbol,ZapfDingbats" font-weight="bold" font-size="12pt" text-align="center"><h3 class="corpauthor">
+ </script><link rel="home" href="index.html" title="Defensive Coding" /><link rel="next" href="pt01.html" title="Part I. Programming Languages" /></head><body class="toc_embeded "><div id="tocdiv" class="toc"><iframe id="tocframe" class="toc" src="../../../../toc.html">This is an iframe, to view it upgrade your browser or enable iframe display.</iframe></div><p id="title"><a class="left" href="http://www.fedoraproject.org"><img src="Common_Content/images/image_left.png" alt="Product Site" /></a><a class="right" href="http://docs.fedoraproject.org"><img src="Common_Content/images/image_right.png" alt="Documentation Site" /></a></p><ul class="docnav"><li class="previous"></li><li class="next"><a accesskey="n" href="pt01.html"><strong>Next</strong></a></li></ul><div xml:lang="en-US" class="book" id="idm225473330416" lang="en-US"><div class="titlepage"><div><div class="producttitle" font-family="sans-serif,Symbol,ZapfDingbats" font-weight="bold" font-size="12pt" t
ext-align="center"><span class="productname">Fedora Security Team</span> <span class="productnumber"></span></div><div font-family="sans-serif,Symbol,ZapfDingbats" font-weight="bold" font-size="12pt" text-align="center"><h1 id="idm225473330416" class="title">Defensive Coding</h1></div><div font-family="sans-serif,Symbol,ZapfDingbats" font-weight="bold" font-size="12pt" text-align="center"><h2 class="subtitle">A Guide to Improving Software Security</h2></div><p class="edition">Edition 1</p><div font-family="sans-serif,Symbol,ZapfDingbats" font-weight="bold" font-size="12pt" text-align="center"><h3 class="corpauthor">
<span class="inlinemediaobject"><object data="Common_Content/images/title_logo.svg" type="image/svg+xml"> </object></span>
- </h3></div><div font-family="sans-serif,Symbol,ZapfDingbats" font-weight="bold" font-size="12pt" text-align="center"><div xml:lang="en-US" class="authorgroup" lang="en-US"><div class="author"><h3 class="author"><span class="firstname">Florian</span> <span class="surname">Weimer</span></h3><div class="affiliation"><span class="orgname">Red Hat</span> <span class="orgdiv">Product Security Team</span></div><code class="email"><a class="email" href="mailto:fweimer at redhat.com">fweimer at redhat.com</a></code></div></div></div><hr /><div font-family="sans-serif,Symbol,ZapfDingbats" font-weight="bold" font-size="12pt" text-align="center"><div id="idm217650700208" class="legalnotice"><h1 class="legalnotice">Legal Notice</h1><div class="para">
- Copyright <span class="trademark"></span>© 2012 Red Hat, Inc.
+ </h3></div><div font-family="sans-serif,Symbol,ZapfDingbats" font-weight="bold" font-size="12pt" text-align="center"><div xml:lang="en-US" class="authorgroup" lang="en-US"><div class="author"><h3 class="author"><span class="firstname">Florian</span> <span class="surname">Weimer</span></h3><div class="affiliation"><span class="orgname">Red Hat</span> <span class="orgdiv">Product Security Team</span></div><code class="email"><a class="email" href="mailto:fweimer at redhat.com">fweimer at redhat.com</a></code></div></div></div><hr /><div font-family="sans-serif,Symbol,ZapfDingbats" font-weight="bold" font-size="12pt" text-align="center"><div id="idm225459923200" class="legalnotice"><h1 class="legalnotice">Legal Notice</h1><div class="para">
+ Copyright <span class="trademark"></span>© 2012-2014 Red Hat, Inc.
</div><div class="para">
The text of and illustrations in this document are licensed by Red Hat under a Creative Commons Attribution–Share Alike 3.0 Unported license ("CC-BY-SA"). An explanation of CC-BY-SA is available at <a href="http://creativecommons.org/licenses/by-sa/3.0/">http://creativecommons.org/licenses/by-sa/3.0/</a>. The original authors of this document, and Red Hat, designate the Fedora Project as the "Attribution Party" for purposes of CC-BY-SA. In accordance with CC-BY-SA, if you distribute this document or an adaptation of it, you must provide the URL for the original version.
</div><div class="para">
@@ -31,4 +31,4 @@
All other trademarks are the property of their respective owners.
</div></div></div><div font-family="sans-serif,Symbol,ZapfDingbats" font-weight="bold" font-size="12pt" text-align="center"><div class="abstract"><h6>Abstract</h6><div class="para">
This document provides guidelines for improving software security through secure coding. It covers common programming languages and libraries, and focuses on concrete recommendations.
- </div></div></div></div><hr /></div><div class="toc"><dl class="toc"><dt><span class="part"><a href="pt01.html">I. Programming Languages</a></span></dt><dd><dl><dt><span class="chapter"><a href="chap-Defensive_Coding-C.html">1. The C Programming Language</a></span></dt><dd><dl><dt><span class="section"><a href="chap-Defensive_Coding-C.html#sect-Defensive_Coding-C-Language">1.1. The core language</a></span></dt><dd><dl><dt><span class="section"><a href="chap-Defensive_Coding-C.html#sect-Defensive_Coding-C-Undefined">1.1.1. Undefined behavior</a></span></dt><dt><span class="section"><a href="chap-Defensive_Coding-C.html#sect-Defensive_Coding-C-Pointers">1.1.2. Recommendations for pointers and array handling</a></span></dt><dt><span class="section"><a href="chap-Defensive_Coding-C.html#sect-Defensive_Coding-C-Arithmetic">1.1.3. Recommendations for integer arithmetic</a></span></dt></dl></dd><dt><span class="section"><a href="sect-Defensive_Coding-C-Libc.html">1.2. The C stand
ard library</a></span></dt><dd><dl><dt><span class="section"><a href="sect-Defensive_Coding-C-Libc.html#sect-Defensive_Coding-C-Absolutely-Banned">1.2.1. Absolutely banned interfaces</a></span></dt><dt><span class="section"><a href="sect-Defensive_Coding-C-Avoid.html">1.2.2. Functions to avoid</a></span></dt><dt><span class="section"><a href="sect-Defensive_Coding-C-String-Functions-Length.html">1.2.3. String Functions With Explicit Length Arguments</a></span></dt></dl></dd><dt><span class="section"><a href="sect-Defensive_Coding-C-Allocators.html">1.3. Memory allocators</a></span></dt><dd><dl><dt><span class="section"><a href="sect-Defensive_Coding-C-Allocators.html#idm217614761120">1.3.1. <code class="function">malloc</code> and related functions</a></span></dt><dt><span class="section"><a href="sect-Defensive_Coding-C-Allocators-alloca.html">1.3.2. <code class="function">alloca</code> and other forms of stack-based allocation</a></span></dt><dt><span class="section"><a hr
ef="sect-Defensive_Coding-C-Allocators-Arrays.html">1.3.3. Array allocation</a></span></dt><dt><span class="section"><a href="ch01s03s04.html">1.3.4. Custom memory allocators</a></span></dt><dt><span class="section"><a href="ch01s03s05.html">1.3.5. Conservative garbage collection</a></span></dt></dl></dd><dt><span class="section"><a href="sect-Defensive_Coding-C-Other.html">1.4. Other C-related topics</a></span></dt><dd><dl><dt><span class="section"><a href="sect-Defensive_Coding-C-Other.html#sect-Defensive_Coding-C-Wrapper-Functions">1.4.1. Wrapper functions</a></span></dt></dl></dd></dl></dd><dt><span class="chapter"><a href="chap-Defensive_Coding-CXX.html">2. The C++ Programming Language</a></span></dt><dd><dl><dt><span class="section"><a href="chap-Defensive_Coding-CXX.html#sect-Defensive_Coding-CXX-Language">2.1. The core language</a></span></dt><dd><dl><dt><span class="section"><a href="chap-Defensive_Coding-CXX.html#idm217609231952">2.1.1. Array allocation with <code
class="literal">operator new[]</code></a></span></dt><dt><span class="section"><a href="chap-Defensive_Coding-CXX.html#idm217629800976">2.1.2. Overloading</a></span></dt><dt><span class="section"><a href="chap-Defensive_Coding-CXX.html#idm217609919680">2.1.3. ABI compatibility and preparing for security updates</a></span></dt><dt><span class="section"><a href="chap-Defensive_Coding-CXX.html#sect-Defensive_Coding-CXX-Language-CXX11">2.1.4. C++0X and C++11 support</a></span></dt></dl></dd><dt><span class="section"><a href="sect-Defensive_Coding-CXX-Std.html">2.2. The C++ standard library</a></span></dt><dd><dl><dt><span class="section"><a href="sect-Defensive_Coding-CXX-Std.html#idm217623779280">2.2.1. Containers and <code class="literal">operator[]</code></a></span></dt></dl></dd></dl></dd><dt><span class="chapter"><a href="chap-Defensive_Coding-Java.html">3. The Java Programming Language</a></span></dt><dd><dl><dt><span class="section"><a href="chap-Defensive_Coding-Java.htm
l#sect-Defensive_Coding-Java-Language">3.1. The core language</a></span></dt><dd><dl><dt><span class="section"><a href="chap-Defensive_Coding-Java.html#sect-Defensive_Coding-Java-Language-ReadArray">3.1.1. Inceasing robustness when reading arrays</a></span></dt><dt><span class="section"><a href="chap-Defensive_Coding-Java.html#sect-Defensive_Coding-Java-Language-Resources">3.1.2. Resource management</a></span></dt><dt><span class="section"><a href="chap-Defensive_Coding-Java.html#sect-Defensive_Coding-Java-Language-Finalizers">3.1.3. Finalizers</a></span></dt><dt><span class="section"><a href="chap-Defensive_Coding-Java.html#sect-Defensive_Coding-Java-Language-Exceptions">3.1.4. Recovering from exceptions and errors</a></span></dt></dl></dd><dt><span class="section"><a href="sect-Defensive_Coding-Java-LowLevel.html">3.2. Low-level features of the virtual machine</a></span></dt><dd><dl><dt><span class="section"><a href="sect-Defensive_Coding-Java-LowLevel.html#sect-Defensive_
Coding-Java-Reflection">3.2.1. <code class="literal">Reflection and private parts</code></a></span></dt><dt><span class="section"><a href="sect-Defensive_Coding-Java-JNI.html">3.2.2. Java Native Interface (JNI)</a></span></dt><dt><span class="section"><a href="sect-Defensive_Coding-Java-MiscUnsafe.html">3.2.3. <code class="literal">sun.misc.Unsafe</code></a></span></dt></dl></dd><dt><span class="section"><a href="sect-Defensive_Coding-Java-SecurityManager.html">3.3. Interacting with the security manager</a></span></dt><dd><dl><dt><span class="section"><a href="sect-Defensive_Coding-Java-SecurityManager.html#sect-Defensive_Coding-Java-SecurityManager-Compatible">3.3.1. Security manager compatibility</a></span></dt><dt><span class="section"><a href="sect-Defensive_Coding-Java-SecurityManager-Activate.html">3.3.2. Activating the security manager</a></span></dt><dt><span class="section"><a href="sect-Defensive_Coding-Java-SecurityManager-Unprivileged.html">3.3.3. Reducing trust
in code</a></span></dt><dt><span class="section"><a href="sect-Defensive_Coding-Java-SecurityManager-Privileged.html">3.3.4. Re-gaining privileges</a></span></dt></dl></dd></dl></dd><dt><span class="chapter"><a href="chap-Defensive_Coding-Python.html">4. The Python Programming Language</a></span></dt><dd><dl><dt><span class="section"><a href="chap-Defensive_Coding-Python.html#idm217625452800">4.1. Dangerous standard library features</a></span></dt><dt><span class="section"><a href="ch04s02.html">4.2. Run-time compilation and code generation</a></span></dt><dt><span class="section"><a href="ch04s03.html">4.3. Sandboxing</a></span></dt></dl></dd></dl></dd><dt><span class="part"><a href="pt02.html">II. Specific Programming Tasks</a></span></dt><dd><dl><dt><span class="chapter"><a href="chap-Defensive_Coding-Tasks-Library_Design.html">5. Library Design</a></span></dt><dd><dl><dt><span class="section"><a href="chap-Defensive_Coding-Tasks-Library_Design.html#idm217610107056">5.1.
State management</a></span></dt><dd><dl><dt><span class="section"><a href="chap-Defensive_Coding-Tasks-Library_Design.html#idm217650952240">5.1.1. Global state</a></span></dt><dt><span class="section"><a href="chap-Defensive_Coding-Tasks-Library_Design.html#idm217599341328">5.1.2. Handles</a></span></dt></dl></dd><dt><span class="section"><a href="ch05s02.html">5.2. Object orientation</a></span></dt><dt><span class="section"><a href="sect-Defensive_Coding-Tasks-Library_Design-Callbacks.html">5.3. Callbacks</a></span></dt><dt><span class="section"><a href="ch05s04.html">5.4. Process attributes</a></span></dt></dl></dd><dt><span class="chapter"><a href="sect-Defensive_Coding-Tasks-Descriptors.html">6. File Descriptor Management</a></span></dt><dd><dl><dt><span class="section"><a href="sect-Defensive_Coding-Tasks-Descriptors.html#idm217651037600">6.1. Closing descriptors</a></span></dt><dd><dl><dt><span class="section"><a href="sect-Defensive_Coding-Tasks-Descriptors.html#idm21
7622290176">6.1.1. Error handling during descriptor close</a></span></dt><dt><span class="section"><a href="sect-Defensive_Coding-Tasks-Descriptors.html#idm217615274224">6.1.2. Closing descriptors and race conditions</a></span></dt><dt><span class="section"><a href="sect-Defensive_Coding-Tasks-Descriptors.html#idm217617186816">6.1.3. Lingering state after close</a></span></dt></dl></dd><dt><span class="section"><a href="sect-Defensive_Coding-Tasks-Descriptors-Child_Processes.html">6.2. Preventing file descriptor leaks to child processes</a></span></dt><dt><span class="section"><a href="sect-Defensive_Coding-Tasks-Descriptors-Limit.html">6.3. Dealing with the <code class="function">select</code> limit</a></span></dt></dl></dd><dt><span class="chapter"><a href="chap-Defensive_Coding-Tasks-File_System.html">7. File system manipulation</a></span></dt><dd><dl><dt><span class="section"><a href="chap-Defensive_Coding-Tasks-File_System.html#sect-Defensive_Coding-Tasks-File_System-Un
owned">7.1. Working with files and directories owned by other users</a></span></dt><dt><span class="section"><a href="sect-Defensive_Coding-Tasks-File_System-Foreign.html">7.2. Accessing the file system as a different user</a></span></dt><dt><span class="section"><a href="sect-Defensive_Coding-Tasks-File_System-Limits.html">7.3. File system limits</a></span></dt><dt><span class="section"><a href="sect-Defensive_Coding-Tasks-File_System-Features.html">7.4. File system features</a></span></dt><dt><span class="section"><a href="sect-Defensive_Coding-Tasks-File_System-Free_Space.html">7.5. Checking free space</a></span></dt></dl></dd><dt><span class="chapter"><a href="chap-Defensive_Coding-Tasks-Temporary_Files.html">8. Temporary files</a></span></dt><dd><dl><dt><span class="section"><a href="chap-Defensive_Coding-Tasks-Temporary_Files.html#chap-Defensive_Coding-Tasks-Temporary_Files-Location">8.1. Obtaining the location of temporary directory</a></span></dt><dt><span class="sec
tion"><a href="ch08s02.html">8.2. Named temporary files</a></span></dt><dt><span class="section"><a href="ch08s03.html">8.3. Temporary files without names</a></span></dt><dt><span class="section"><a href="chap-Defensive_Coding-Tasks-Temporary_Directory.html">8.4. Temporary directories</a></span></dt><dt><span class="section"><a href="ch08s05.html">8.5. Compensating for unsafe file creation</a></span></dt></dl></dd><dt><span class="chapter"><a href="sect-Defensive_Coding-Tasks-Processes.html">9. Processes</a></span></dt><dd><dl><dt><span class="section"><a href="sect-Defensive_Coding-Tasks-Processes.html#sect-Defensive_Coding-Tasks-Processes-Creation">9.1. Safe process creation</a></span></dt><dd><dl><dt><span class="section"><a href="sect-Defensive_Coding-Tasks-Processes.html#idm217610205904">9.1.1. Obtaining the program path and the command line template</a></span></dt><dt><span class="section"><a href="sect-Defensive_Coding-Tasks-Processes.html#sect-Defensive_Coding-Tasks-
Processes-execve">9.1.2. Bypassing the shell</a></span></dt><dt><span class="section"><a href="sect-Defensive_Coding-Tasks-Processes.html#sect-Defensive_Coding-Tasks-Processes-environ">9.1.3. Specifying the process environment</a></span></dt><dt><span class="section"><a href="sect-Defensive_Coding-Tasks-Processes.html#idm217621505504">9.1.4. Robust argument list processing</a></span></dt><dt><span class="section"><a href="sect-Defensive_Coding-Tasks-Processes.html#sect-Defensive_Coding-Tasks-Processes-Command_Line_Visibility">9.1.5. Passing secrets to subprocesses</a></span></dt></dl></dd><dt><span class="section"><a href="ch09s02.html">9.2. Handling child process termination</a></span></dt><dt><span class="section"><a href="ch09s03.html">9.3. <code class="literal">SUID</code>/<code class="literal">SGID</code> processes</a></span></dt><dd><dl><dt><span class="section"><a href="ch09s03.html#sect-Defensive_Coding-Tasks-secure_getenv">9.3.1. Accessing environment variables</a><
/span></dt></dl></dd><dt><span class="section"><a href="sect-Defensive_Coding-Tasks-Processes-Daemons.html">9.4. Daemons</a></span></dt><dt><span class="section"><a href="ch09s05.html">9.5. Semantics of command line arguments</a></span></dt><dt><span class="section"><a href="sect-Defensive_Coding-Tasks-Processes-Fork-Parallel.html">9.6. <code class="function">fork</code> as a primitive for parallelism</a></span></dt></dl></dd><dt><span class="chapter"><a href="chap-Defensive_Coding-Tasks-Serialization.html">10. Serialization and Deserialization</a></span></dt><dd><dl><dt><span class="section"><a href="chap-Defensive_Coding-Tasks-Serialization.html#sect-Defensive_Coding-Tasks-Serialization-Decoders">10.1. Recommendations for manually written decoders</a></span></dt><dt><span class="section"><a href="ch10s02.html">10.2. Protocol design</a></span></dt><dt><span class="section"><a href="ch10s03.html">10.3. Library support for deserialization</a></span></dt><dt><span class="secti
on"><a href="sect-Defensive_Coding-Tasks-Serialization-XML.html">10.4. XML serialization</a></span></dt><dd><dl><dt><span class="section"><a href="sect-Defensive_Coding-Tasks-Serialization-XML.html#sect-Defensive_Coding-Tasks-Serialization-XML-External">10.4.1. External references</a></span></dt><dt><span class="section"><a href="sect-Defensive_Coding-Tasks-Serialization-XML-Entities.html">10.4.2. Entity expansion</a></span></dt><dt><span class="section"><a href="sect-Defensive_Coding-Tasks-Serialization-XML-XInclude.html">10.4.3. XInclude processing</a></span></dt><dt><span class="section"><a href="sect-Defensive_Coding-Tasks-Serialization-XML-Validation.html">10.4.4. Algorithmic complexity of XML validation</a></span></dt><dt><span class="section"><a href="sect-Defensive_Coding-Tasks-Serialization-XML-Expat.html">10.4.5. Using Expat for XML parsing</a></span></dt><dt><span class="section"><a href="sect-Defensive_Coding-Tasks-Serialization-Qt.html">10.4.6. Using Qt for XML
parsing</a></span></dt><dt><span class="section"><a href="sect-Defensive_Coding-Tasks-Serialization-XML-OpenJDK_Parse.html">10.4.7. Using OpenJDK for XML parsing and validation</a></span></dt></dl></dd><dt><span class="section"><a href="ch10s05.html">10.5. Protocol Encoders</a></span></dt></dl></dd><dt><span class="chapter"><a href="chap-Defensive_Coding-Tasks-Cryptography.html">11. Cryptography</a></span></dt><dd><dl><dt><span class="section"><a href="chap-Defensive_Coding-Tasks-Cryptography.html#idm217622866992">11.1. Primitives</a></span></dt><dt><span class="section"><a href="ch11s02.html">11.2. Randomness</a></span></dt></dl></dd></dl></dd><dt><span class="part"><a href="pt03.html">III. Implementing Security Features</a></span></dt><dd><dl><dt><span class="chapter"><a href="chap-Defensive_Coding-Authentication.html">12. Authentication and Authorization</a></span></dt><dd><dl><dt><span class="section"><a href="chap-Defensive_Coding-Authentication.html#sect-Defensive_Codi
ng-Authentication-Server">12.1. Authenticating servers</a></span></dt><dt><span class="section"><a href="sect-Defensive_Coding-Authentication-Host_based.html">12.2. Host-based authentication</a></span></dt><dt><span class="section"><a href="sect-Defensive_Coding-Authentication-UNIX_Domain.html">12.3. UNIX domain socket authentication</a></span></dt><dt><span class="section"><a href="sect-Defensive_Coding-Authentication-Netlink.html">12.4. <code class="literal">AF_NETLINK</code> authentication of origin</a></span></dt></dl></dd><dt><span class="chapter"><a href="chap-Defensive_Coding-TLS.html">13. Transport Layer Security</a></span></dt><dd><dl><dt><span class="section"><a href="chap-Defensive_Coding-TLS.html#sect-Defensive_Coding-TLS-Pitfalls">13.1. Common Pitfalls</a></span></dt><dd><dl><dt><span class="section"><a href="chap-Defensive_Coding-TLS.html#sect-Defensive_Coding-TLS-OpenSSL">13.1.1. OpenSSL Pitfalls</a></span></dt><dt><span class="section"><a href="chap-Defensive
_Coding-TLS.html#sect-Defensive_Coding-TLS-Pitfalls-GNUTLS">13.1.2. GNUTLS Pitfalls</a></span></dt><dt><span class="section"><a href="chap-Defensive_Coding-TLS.html#sect-Defensive_Coding-TLS-Pitfalls-OpenJDK">13.1.3. OpenJDK Pitfalls</a></span></dt><dt><span class="section"><a href="chap-Defensive_Coding-TLS.html#sect-Defensive_Coding-TLS-Pitfalls-NSS">13.1.4. NSS Pitfalls</a></span></dt></dl></dd><dt><span class="section"><a href="sect-Defensive_Coding-TLS-Client.html">13.2. TLS Clients</a></span></dt><dd><dl><dt><span class="section"><a href="sect-Defensive_Coding-TLS-Client.html#idm217622790960">13.2.1. Implementation TLS Clients With OpenSSL</a></span></dt><dt><span class="section"><a href="sect-Defensive_Coding-TLS-Client-GNUTLS.html">13.2.2. Implementation TLS Clients With GNUTLS</a></span></dt><dt><span class="section"><a href="sect-Defensive_Coding-TLS-Client-OpenJDK.html">13.2.3. Implementing TLS Clients With OpenJDK</a></span></dt><dt><span class="section"><a href=
"sect-Defensive_Coding-TLS-Client-NSS.html">13.2.4. Implementing TLS Clients With NSS</a></span></dt><dt><span class="section"><a href="sect-Defensive_Coding-TLS-Client-Python.html">13.2.5. Implementing TLS Clients With Python</a></span></dt></dl></dd></dl></dd></dl></dd><dt><span class="appendix"><a href="appe-UEFI_Secure_Boot_Guide-Revision_History.html">A. Revision History</a></span></dt></dl></div></div><ul class="docnav"><li class="previous"></li><li class="next"><a accesskey="n" href="pt01.html"><strong>Next</strong>Part I. Programming Languages</a></li></ul></body></html>
\ No newline at end of file
+ </div></div></div></div><hr /></div><div class="toc"><dl class="toc"><dt><span class="part"><a href="pt01.html">I. Programming Languages</a></span></dt><dd><dl><dt><span class="chapter"><a href="chap-Defensive_Coding-C.html">1. The C Programming Language</a></span></dt><dd><dl><dt><span class="section"><a href="chap-Defensive_Coding-C.html#sect-Defensive_Coding-C-Language">1.1. The core language</a></span></dt><dd><dl><dt><span class="section"><a href="chap-Defensive_Coding-C.html#sect-Defensive_Coding-C-Undefined">1.1.1. Undefined behavior</a></span></dt><dt><span class="section"><a href="chap-Defensive_Coding-C.html#sect-Defensive_Coding-C-Pointers">1.1.2. Recommendations for pointers and array handling</a></span></dt><dt><span class="section"><a href="chap-Defensive_Coding-C.html#sect-Defensive_Coding-C-Arithmetic">1.1.3. Recommendations for integer arithmetic</a></span></dt><dt><span class="section"><a href="chap-Defensive_Coding-C.html#sect-Defensive_Coding-C-Globals"
>1.1.4. Global variables</a></span></dt></dl></dd><dt><span class="section"><a href="sect-Defensive_Coding-C-Libc.html">1.2. The C standard library</a></span></dt><dd><dl><dt><span class="section"><a href="sect-Defensive_Coding-C-Libc.html#sect-Defensive_Coding-C-Absolutely-Banned">1.2.1. Absolutely banned interfaces</a></span></dt><dt><span class="section"><a href="sect-Defensive_Coding-C-Avoid.html">1.2.2. Functions to avoid</a></span></dt><dt><span class="section"><a href="sect-Defensive_Coding-C-String-Functions-Length.html">1.2.3. String Functions With Explicit Length Arguments</a></span></dt></dl></dd><dt><span class="section"><a href="sect-Defensive_Coding-C-Allocators.html">1.3. Memory allocators</a></span></dt><dd><dl><dt><span class="section"><a href="sect-Defensive_Coding-C-Allocators.html#idm225470719360">1.3.1. <code class="function">malloc</code> and related functions</a></span></dt><dt><span class="section"><a href="sect-Defensive_Coding-C-Allocators-alloca.ht
ml">1.3.2. <code class="function">alloca</code> and other forms of stack-based allocation</a></span></dt><dt><span class="section"><a href="sect-Defensive_Coding-C-Allocators-Arrays.html">1.3.3. Array allocation</a></span></dt><dt><span class="section"><a href="sect-Defensive_Coding-C-Allocators-Custom.html">1.3.4. Custom memory allocators</a></span></dt><dt><span class="section"><a href="ch01s03s05.html">1.3.5. Conservative garbage collection</a></span></dt></dl></dd><dt><span class="section"><a href="sect-Defensive_Coding-C-Other.html">1.4. Other C-related topics</a></span></dt><dd><dl><dt><span class="section"><a href="sect-Defensive_Coding-C-Other.html#sect-Defensive_Coding-C-Wrapper-Functions">1.4.1. Wrapper functions</a></span></dt></dl></dd></dl></dd><dt><span class="chapter"><a href="chap-Defensive_Coding-CXX.html">2. The C++ Programming Language</a></span></dt><dd><dl><dt><span class="section"><a href="chap-Defensive_Coding-CXX.html#sect-Defensive_Coding-CXX-Languag
e">2.1. The core language</a></span></dt><dd><dl><dt><span class="section"><a href="chap-Defensive_Coding-CXX.html#idm225451562352">2.1.1. Array allocation with <code class="literal">operator new[]</code></a></span></dt><dt><span class="section"><a href="chap-Defensive_Coding-CXX.html#idm225451560624">2.1.2. Overloading</a></span></dt><dt><span class="section"><a href="chap-Defensive_Coding-CXX.html#idm225451563856">2.1.3. ABI compatibility and preparing for security updates</a></span></dt><dt><span class="section"><a href="chap-Defensive_Coding-CXX.html#sect-Defensive_Coding-CXX-Language-CXX11">2.1.4. C++0X and C++11 support</a></span></dt></dl></dd><dt><span class="section"><a href="sect-Defensive_Coding-CXX-Std.html">2.2. The C++ standard library</a></span></dt><dd><dl><dt><span class="section"><a href="sect-Defensive_Coding-CXX-Std.html#sect-Defensive_Coding-CXX-Std-Functions">2.2.1. Functions that are difficult to use</a></span></dt><dt><span class="section"><a href="se
ct-Defensive_Coding-CXX-Std-String.html">2.2.2. String handling with <code class="literal">std::string</code></a></span></dt><dt><span class="section"><a href="sect-Defensive_Coding-CXX-Std-Subscript.html">2.2.3. Containers and <code class="literal">operator[]</code></a></span></dt><dt><span class="section"><a href="sect-Defensive_Coding-CXX-Std-Iterators.html">2.2.4. Iterators</a></span></dt></dl></dd></dl></dd><dt><span class="chapter"><a href="chap-Defensive_Coding-Java.html">3. The Java Programming Language</a></span></dt><dd><dl><dt><span class="section"><a href="chap-Defensive_Coding-Java.html#sect-Defensive_Coding-Java-Language">3.1. The core language</a></span></dt><dd><dl><dt><span class="section"><a href="chap-Defensive_Coding-Java.html#sect-Defensive_Coding-Java-Language-ReadArray">3.1.1. Inceasing robustness when reading arrays</a></span></dt><dt><span class="section"><a href="chap-Defensive_Coding-Java.html#sect-Defensive_Coding-Java-Language-Resources">3.1.2. R
esource management</a></span></dt><dt><span class="section"><a href="chap-Defensive_Coding-Java.html#sect-Defensive_Coding-Java-Language-Finalizers">3.1.3. Finalizers</a></span></dt><dt><span class="section"><a href="chap-Defensive_Coding-Java.html#sect-Defensive_Coding-Java-Language-Exceptions">3.1.4. Recovering from exceptions and errors</a></span></dt></dl></dd><dt><span class="section"><a href="sect-Defensive_Coding-Java-LowLevel.html">3.2. Low-level features of the virtual machine</a></span></dt><dd><dl><dt><span class="section"><a href="sect-Defensive_Coding-Java-LowLevel.html#sect-Defensive_Coding-Java-Reflection">3.2.1. <code class="literal">Reflection and private parts</code></a></span></dt><dt><span class="section"><a href="sect-Defensive_Coding-Java-JNI.html">3.2.2. Java Native Interface (JNI)</a></span></dt><dt><span class="section"><a href="sect-Defensive_Coding-Java-MiscUnsafe.html">3.2.3. <code class="literal">sun.misc.Unsafe</code></a></span></dt></dl></dd><d
t><span class="section"><a href="sect-Defensive_Coding-Java-SecurityManager.html">3.3. Interacting with the security manager</a></span></dt><dd><dl><dt><span class="section"><a href="sect-Defensive_Coding-Java-SecurityManager.html#sect-Defensive_Coding-Java-SecurityManager-Compatible">3.3.1. Security manager compatibility</a></span></dt><dt><span class="section"><a href="sect-Defensive_Coding-Java-SecurityManager-Activate.html">3.3.2. Activating the security manager</a></span></dt><dt><span class="section"><a href="sect-Defensive_Coding-Java-SecurityManager-Unprivileged.html">3.3.3. Reducing trust in code</a></span></dt><dt><span class="section"><a href="sect-Defensive_Coding-Java-SecurityManager-Privileged.html">3.3.4. Re-gaining privileges</a></span></dt></dl></dd></dl></dd><dt><span class="chapter"><a href="chap-Defensive_Coding-Python.html">4. The Python Programming Language</a></span></dt><dd><dl><dt><span class="section"><a href="chap-Defensive_Coding-Python.html#idm22
5495658016">4.1. Dangerous standard library features</a></span></dt><dt><span class="section"><a href="ch04s02.html">4.2. Run-time compilation and code generation</a></span></dt><dt><span class="section"><a href="ch04s03.html">4.3. Sandboxing</a></span></dt></dl></dd><dt><span class="chapter"><a href="chap-Defensive_Coding-Go.html">5. The Go Programming Language</a></span></dt><dd><dl><dt><span class="section"><a href="chap-Defensive_Coding-Go.html#chap-Defensive_Coding-Go-Memory_Safety">5.1. Memory safety</a></span></dt><dt><span class="section"><a href="chap-Defensive_Coding-Go-Error_Handling.html">5.2. Error handling</a></span></dt><dt><span class="section"><a href="chap-Defensive_Coding-Go-Garbage_Collector.html">5.3. Garbage Collector</a></span></dt></dl></dd><dt><span class="chapter"><a href="chap-Defensive_Coding-Vala.html">6. The Vala Programming Language</a></span></dt></dl></dd><dt><span class="part"><a href="pt02.html">II. Specific Programming Tasks</a></span></dt
><dd><dl><dt><span class="chapter"><a href="chap-Defensive_Coding-Tasks-Library_Design.html">7. Library Design</a></span></dt><dd><dl><dt><span class="section"><a href="chap-Defensive_Coding-Tasks-Library_Design.html#idm225487651552">7.1. State management</a></span></dt><dd><dl><dt><span class="section"><a href="chap-Defensive_Coding-Tasks-Library_Design.html#idm225491488784">7.1.1. Global state</a></span></dt><dt><span class="section"><a href="chap-Defensive_Coding-Tasks-Library_Design.html#idm225448222624">7.1.2. Handles</a></span></dt></dl></dd><dt><span class="section"><a href="ch07s02.html">7.2. Object orientation</a></span></dt><dt><span class="section"><a href="sect-Defensive_Coding-Tasks-Library_Design-Callbacks.html">7.3. Callbacks</a></span></dt><dt><span class="section"><a href="ch07s04.html">7.4. Process attributes</a></span></dt></dl></dd><dt><span class="chapter"><a href="sect-Defensive_Coding-Tasks-Descriptors.html">8. File Descriptor Management</a></span></dt
><dd><dl><dt><span class="section"><a href="sect-Defensive_Coding-Tasks-Descriptors.html#idm225440737696">8.1. Closing descriptors</a></span></dt><dd><dl><dt><span class="section"><a href="sect-Defensive_Coding-Tasks-Descriptors.html#idm225454974624">8.1.1. Error handling during descriptor close</a></span></dt><dt><span class="section"><a href="sect-Defensive_Coding-Tasks-Descriptors.html#idm225452561072">8.1.2. Closing descriptors and race conditions</a></span></dt><dt><span class="section"><a href="sect-Defensive_Coding-Tasks-Descriptors.html#idm225462035824">8.1.3. Lingering state after close</a></span></dt></dl></dd><dt><span class="section"><a href="sect-Defensive_Coding-Tasks-Descriptors-Child_Processes.html">8.2. Preventing file descriptor leaks to child processes</a></span></dt><dt><span class="section"><a href="sect-Defensive_Coding-Tasks-Descriptors-Limit.html">8.3. Dealing with the <code class="function">select</code> limit</a></span></dt></dl></dd><dt><span class
="chapter"><a href="chap-Defensive_Coding-Tasks-File_System.html">9. File system manipulation</a></span></dt><dd><dl><dt><span class="section"><a href="chap-Defensive_Coding-Tasks-File_System.html#sect-Defensive_Coding-Tasks-File_System-Unowned">9.1. Working with files and directories owned by other users</a></span></dt><dt><span class="section"><a href="sect-Defensive_Coding-Tasks-File_System-Foreign.html">9.2. Accessing the file system as a different user</a></span></dt><dt><span class="section"><a href="sect-Defensive_Coding-Tasks-File_System-Limits.html">9.3. File system limits</a></span></dt><dt><span class="section"><a href="sect-Defensive_Coding-Tasks-File_System-Features.html">9.4. File system features</a></span></dt><dt><span class="section"><a href="sect-Defensive_Coding-Tasks-File_System-Free_Space.html">9.5. Checking free space</a></span></dt></dl></dd><dt><span class="chapter"><a href="chap-Defensive_Coding-Tasks-Temporary_Files.html">10. Temporary files</a></sp
an></dt><dd><dl><dt><span class="section"><a href="chap-Defensive_Coding-Tasks-Temporary_Files.html#chap-Defensive_Coding-Tasks-Temporary_Files-Location">10.1. Obtaining the location of temporary directory</a></span></dt><dt><span class="section"><a href="ch10s02.html">10.2. Named temporary files</a></span></dt><dt><span class="section"><a href="ch10s03.html">10.3. Temporary files without names</a></span></dt><dt><span class="section"><a href="chap-Defensive_Coding-Tasks-Temporary_Directory.html">10.4. Temporary directories</a></span></dt><dt><span class="section"><a href="ch10s05.html">10.5. Compensating for unsafe file creation</a></span></dt></dl></dd><dt><span class="chapter"><a href="sect-Defensive_Coding-Tasks-Processes.html">11. Processes</a></span></dt><dd><dl><dt><span class="section"><a href="sect-Defensive_Coding-Tasks-Processes.html#sect-Defensive_Coding-Tasks-Processes-Creation">11.1. Safe process creation</a></span></dt><dd><dl><dt><span class="section"><a href
="sect-Defensive_Coding-Tasks-Processes.html#idm225447262352">11.1.1. Obtaining the program path and the command line template</a></span></dt><dt><span class="section"><a href="sect-Defensive_Coding-Tasks-Processes.html#sect-Defensive_Coding-Tasks-Processes-execve">11.1.2. Bypassing the shell</a></span></dt><dt><span class="section"><a href="sect-Defensive_Coding-Tasks-Processes.html#sect-Defensive_Coding-Tasks-Processes-environ">11.1.3. Specifying the process environment</a></span></dt><dt><span class="section"><a href="sect-Defensive_Coding-Tasks-Processes.html#idm225452426368">11.1.4. Robust argument list processing</a></span></dt><dt><span class="section"><a href="sect-Defensive_Coding-Tasks-Processes.html#sect-Defensive_Coding-Tasks-Processes-Command_Line_Visibility">11.1.5. Passing secrets to subprocesses</a></span></dt></dl></dd><dt><span class="section"><a href="ch11s02.html">11.2. Handling child process termination</a></span></dt><dt><span class="section"><a href="c
h11s03.html">11.3. <code class="literal">SUID</code>/<code class="literal">SGID</code> processes</a></span></dt><dd><dl><dt><span class="section"><a href="ch11s03.html#sect-Defensive_Coding-Tasks-secure_getenv">11.3.1. Accessing environment variables</a></span></dt></dl></dd><dt><span class="section"><a href="sect-Defensive_Coding-Tasks-Processes-Daemons.html">11.4. Daemons</a></span></dt><dt><span class="section"><a href="ch11s05.html">11.5. Semantics of command line arguments</a></span></dt><dt><span class="section"><a href="sect-Defensive_Coding-Tasks-Processes-Fork-Parallel.html">11.6. <code class="function">fork</code> as a primitive for parallelism</a></span></dt></dl></dd><dt><span class="chapter"><a href="chap-Defensive_Coding-Tasks-Serialization.html">12. Serialization and Deserialization</a></span></dt><dd><dl><dt><span class="section"><a href="chap-Defensive_Coding-Tasks-Serialization.html#sect-Defensive_Coding-Tasks-Serialization-Decoders">12.1. Recommendations f
or manually written decoders</a></span></dt><dt><span class="section"><a href="ch12s02.html">12.2. Protocol design</a></span></dt><dt><span class="section"><a href="sect-Defensive_Coding-Tasks-Serialization-Fragmentation.html">12.3. Fragmentation</a></span></dt><dd><dl><dt><span class="section"><a href="sect-Defensive_Coding-Tasks-Serialization-Fragmentation.html#sect-Defensive_Coding-Tasks-Serialization-Fragmentation-ID">12.3.1. Fragment IDs</a></span></dt></dl></dd><dt><span class="section"><a href="ch12s04.html">12.4. Library support for deserialization</a></span></dt><dt><span class="section"><a href="sect-Defensive_Coding-Tasks-Serialization-XML.html">12.5. XML serialization</a></span></dt><dd><dl><dt><span class="section"><a href="sect-Defensive_Coding-Tasks-Serialization-XML.html#sect-Defensive_Coding-Tasks-Serialization-XML-External">12.5.1. External references</a></span></dt><dt><span class="section"><a href="sect-Defensive_Coding-Tasks-Serialization-XML-Entities.ht
ml">12.5.2. Entity expansion</a></span></dt><dt><span class="section"><a href="sect-Defensive_Coding-Tasks-Serialization-XML-XInclude.html">12.5.3. XInclude processing</a></span></dt><dt><span class="section"><a href="sect-Defensive_Coding-Tasks-Serialization-XML-Validation.html">12.5.4. Algorithmic complexity of XML validation</a></span></dt><dt><span class="section"><a href="sect-Defensive_Coding-Tasks-Serialization-XML-Expat.html">12.5.5. Using Expat for XML parsing</a></span></dt><dt><span class="section"><a href="sect-Defensive_Coding-Tasks-Serialization-Qt.html">12.5.6. Using Qt for XML parsing</a></span></dt><dt><span class="section"><a href="sect-Defensive_Coding-Tasks-Serialization-XML-OpenJDK_Parse.html">12.5.7. Using OpenJDK for XML parsing and validation</a></span></dt></dl></dd><dt><span class="section"><a href="ch12s06.html">12.6. Protocol Encoders</a></span></dt></dl></dd><dt><span class="chapter"><a href="chap-Defensive_Coding-Tasks-Cryptography.html">13. Cry
ptography</a></span></dt><dd><dl><dt><span class="section"><a href="chap-Defensive_Coding-Tasks-Cryptography.html#idm225455032912">13.1. Primitives</a></span></dt><dt><span class="section"><a href="ch13s02.html">13.2. Randomness</a></span></dt></dl></dd><dt><span class="chapter"><a href="chap-Defensive_Coding-Tasks-Packaging.html">14. RPM packaging</a></span></dt><dd><dl><dt><span class="section"><a href="chap-Defensive_Coding-Tasks-Packaging.html#sect-Defensive_Coding-Tasks-Packaging-Certificates">14.1. Generating X.509 self-signed certificates during installation</a></span></dt><dt><span class="section"><a href="sect-Defensive_Coding-Tasks-Packaging-Certificates-Service.html">14.2. Generating X.509 self-signed certificates before service start</a></span></dt></dl></dd></dl></dd><dt><span class="part"><a href="pt03.html">III. Implementing Security Features</a></span></dt><dd><dl><dt><span class="chapter"><a href="chap-Defensive_Coding-Authentication.html">15. Authentication
and Authorization</a></span></dt><dd><dl><dt><span class="section"><a href="chap-Defensive_Coding-Authentication.html#sect-Defensive_Coding-Authentication-Server">15.1. Authenticating servers</a></span></dt><dt><span class="section"><a href="sect-Defensive_Coding-Authentication-Host_based.html">15.2. Host-based authentication</a></span></dt><dt><span class="section"><a href="sect-Defensive_Coding-Authentication-UNIX_Domain.html">15.3. UNIX domain socket authentication</a></span></dt><dt><span class="section"><a href="sect-Defensive_Coding-Authentication-Netlink.html">15.4. <code class="literal">AF_NETLINK</code> authentication of origin</a></span></dt></dl></dd><dt><span class="chapter"><a href="chap-Defensive_Coding-TLS.html">16. Transport Layer Security</a></span></dt><dd><dl><dt><span class="section"><a href="chap-Defensive_Coding-TLS.html#sect-Defensive_Coding-TLS-Pitfalls">16.1. Common Pitfalls</a></span></dt><dd><dl><dt><span class="section"><a href="chap-Defensive_Co
ding-TLS.html#sect-Defensive_Coding-TLS-OpenSSL">16.1.1. OpenSSL Pitfalls</a></span></dt><dt><span class="section"><a href="chap-Defensive_Coding-TLS.html#sect-Defensive_Coding-TLS-Pitfalls-GNUTLS">16.1.2. GNUTLS Pitfalls</a></span></dt><dt><span class="section"><a href="chap-Defensive_Coding-TLS.html#sect-Defensive_Coding-TLS-Pitfalls-OpenJDK">16.1.3. OpenJDK Pitfalls</a></span></dt><dt><span class="section"><a href="chap-Defensive_Coding-TLS.html#sect-Defensive_Coding-TLS-Pitfalls-NSS">16.1.4. NSS Pitfalls</a></span></dt></dl></dd><dt><span class="section"><a href="sect-Defensive_Coding-TLS-Client.html">16.2. TLS Clients</a></span></dt><dd><dl><dt><span class="section"><a href="sect-Defensive_Coding-TLS-Client.html#idm225494367168">16.2.1. Implementation TLS Clients With OpenSSL</a></span></dt><dt><span class="section"><a href="sect-Defensive_Coding-TLS-Client-GNUTLS.html">16.2.2. Implementation TLS Clients With GNUTLS</a></span></dt><dt><span class="section"><a href="sect
-Defensive_Coding-TLS-Client-OpenJDK.html">16.2.3. Implementing TLS Clients With OpenJDK</a></span></dt><dt><span class="section"><a href="sect-Defensive_Coding-TLS-Client-NSS.html">16.2.4. Implementing TLS Clients With NSS</a></span></dt><dt><span class="section"><a href="sect-Defensive_Coding-TLS-Client-Python.html">16.2.5. Implementing TLS Clients With Python</a></span></dt></dl></dd></dl></dd></dl></dd><dt><span class="appendix"><a href="appe-Defensive_Coding-Revision_History.html">A. Revision History</a></span></dt></dl></div></div><ul class="docnav"><li class="previous"></li><li class="next"><a accesskey="n" href="pt01.html"><strong>Next</strong>Part I. Programming Languages</a></li></ul></body></html>
\ No newline at end of file
diff --git a/public_html/en-US/Fedora_Security_Team/1/html/Defensive_Coding/pt01.html b/public_html/en-US/Fedora_Security_Team/1/html/Defensive_Coding/pt01.html
index 90f24e4..7438708 100644
--- a/public_html/en-US/Fedora_Security_Team/1/html/Defensive_Coding/pt01.html
+++ b/public_html/en-US/Fedora_Security_Team/1/html/Defensive_Coding/pt01.html
@@ -1,9 +1,9 @@
<?xml version="1.0" encoding="UTF-8" standalone="no"?>
-<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd"><html xmlns="http://www.w3.org/1999/xhtml"><head><meta http-equiv="Content-Type" content="text/html; charset=UTF-8" /><title>Part I. Programming Languages</title><link rel="stylesheet" type="text/css" href="Common_Content/css/default.css" /><link rel="stylesheet" media="print" href="Common_Content/css/print.css" type="text/css" /><meta name="generator" content="publican 2.8" /><meta name="package" content="Fedora_Security_Team-Defensive_Coding-1-en-US--" /><script type="text/javascript" src="../../../../../toc.js"></script><script type="text/javascript">
+<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd"><html xmlns="http://www.w3.org/1999/xhtml"><head><meta http-equiv="Content-Type" content="text/html; charset=UTF-8" /><title>Part I. Programming Languages</title><link rel="stylesheet" type="text/css" href="Common_Content/css/default.css" /><link rel="stylesheet" media="print" href="Common_Content/css/print.css" type="text/css" /><meta name="generator" content="publican 2.8" /><meta name="package" content="Fedora_Security_Team-Defensive_Coding-1-en-US-1-1" /><script type="text/javascript" src="../../../../../toc.js"></script><script type="text/javascript">
addID('Fedora_Security_Team');
addID('Fedora_Security_Team.1');
addID('Fedora_Security_Team.1.books');
addID('Fedora_Security_Team.1.Defensive_Coding');
- </script><link rel="home" href="index.html" title="Defensive Coding" /><link rel="up" href="index.html" title="Defensive Coding" /><link rel="prev" href="index.html" title="Defensive Coding" /><link rel="next" href="chap-Defensive_Coding-C.html" title="Chapter 1. The C Programming Language" /></head><body class="toc_embeded "><div id="tocdiv" class="toc"><iframe id="tocframe" class="toc" src="../../../../toc.html">This is an iframe, to view it upgrade your browser or enable iframe display.</iframe></div><p id="title"><a class="left" href="http://www.fedoraproject.org"><img src="Common_Content/images/image_left.png" alt="Product Site" /></a><a class="right" href="http://docs.fedoraproject.org"><img src="Common_Content/images/image_right.png" alt="Documentation Site" /></a></p><ul class="docnav"><li class="previous"><a accesskey="p" href="index.html"><strong>Prev</strong></a></li><li class="next"><a accesskey="n" href="chap-Defensive_Coding-C.html"><strong>Next
</strong></a></li></ul><div class="part" id="idm217621940624"><div class="titlepage"><div><div text-align="center"><h1 class="title">Part I. Programming Languages</h1></div></div></div><div class="toc"><p><strong>Table of Contents</strong></p><dl class="toc"><dt><span class="chapter"><a href="chap-Defensive_Coding-C.html">1. The C Programming Language</a></span></dt><dd><dl><dt><span class="section"><a href="chap-Defensive_Coding-C.html#sect-Defensive_Coding-C-Language">1.1. The core language</a></span></dt><dd><dl><dt><span class="section"><a href="chap-Defensive_Coding-C.html#sect-Defensive_Coding-C-Undefined">1.1.1. Undefined behavior</a></span></dt><dt><span class="section"><a href="chap-Defensive_Coding-C.html#sect-Defensive_Coding-C-Pointers">1.1.2. Recommendations for pointers and array handling</a></span></dt><dt><span class="section"><a href="chap-Defensive_Coding-C.html#sect-Defensive_Coding-C-Arithmetic">1.1.3. Recommendations for integer arithmetic</a></span></
dt></dl></dd><dt><span class="section"><a href="sect-Defensive_Coding-C-Libc.html">1.2. The C standard library</a></span></dt><dd><dl><dt><span class="section"><a href="sect-Defensive_Coding-C-Libc.html#sect-Defensive_Coding-C-Absolutely-Banned">1.2.1. Absolutely banned interfaces</a></span></dt><dt><span class="section"><a href="sect-Defensive_Coding-C-Avoid.html">1.2.2. Functions to avoid</a></span></dt><dt><span class="section"><a href="sect-Defensive_Coding-C-String-Functions-Length.html">1.2.3. String Functions With Explicit Length Arguments</a></span></dt></dl></dd><dt><span class="section"><a href="sect-Defensive_Coding-C-Allocators.html">1.3. Memory allocators</a></span></dt><dd><dl><dt><span class="section"><a href="sect-Defensive_Coding-C-Allocators.html#idm217614761120">1.3.1. <code class="function">malloc</code> and related functions</a></span></dt><dt><span class="section"><a href="sect-Defensive_Coding-C-Allocators-alloca.html">1.3.2. <code class="function">all
oca</code> and other forms of stack-based allocation</a></span></dt><dt><span class="section"><a href="sect-Defensive_Coding-C-Allocators-Arrays.html">1.3.3. Array allocation</a></span></dt><dt><span class="section"><a href="ch01s03s04.html">1.3.4. Custom memory allocators</a></span></dt><dt><span class="section"><a href="ch01s03s05.html">1.3.5. Conservative garbage collection</a></span></dt></dl></dd><dt><span class="section"><a href="sect-Defensive_Coding-C-Other.html">1.4. Other C-related topics</a></span></dt><dd><dl><dt><span class="section"><a href="sect-Defensive_Coding-C-Other.html#sect-Defensive_Coding-C-Wrapper-Functions">1.4.1. Wrapper functions</a></span></dt></dl></dd></dl></dd><dt><span class="chapter"><a href="chap-Defensive_Coding-CXX.html">2. The C++ Programming Language</a></span></dt><dd><dl><dt><span class="section"><a href="chap-Defensive_Coding-CXX.html#sect-Defensive_Coding-CXX-Language">2.1. The core language</a></span></dt><dd><dl><dt><span class="se
ction"><a href="chap-Defensive_Coding-CXX.html#idm217609231952">2.1.1. Array allocation with <code class="literal">operator new[]</code></a></span></dt><dt><span class="section"><a href="chap-Defensive_Coding-CXX.html#idm217629800976">2.1.2. Overloading</a></span></dt><dt><span class="section"><a href="chap-Defensive_Coding-CXX.html#idm217609919680">2.1.3. ABI compatibility and preparing for security updates</a></span></dt><dt><span class="section"><a href="chap-Defensive_Coding-CXX.html#sect-Defensive_Coding-CXX-Language-CXX11">2.1.4. C++0X and C++11 support</a></span></dt></dl></dd><dt><span class="section"><a href="sect-Defensive_Coding-CXX-Std.html">2.2. The C++ standard library</a></span></dt><dd><dl><dt><span class="section"><a href="sect-Defensive_Coding-CXX-Std.html#idm217623779280">2.2.1. Containers and <code class="literal">operator[]</code></a></span></dt></dl></dd></dl></dd><dt><span class="chapter"><a href="chap-Defensive_Coding-Java.html">3. The Java Programmin
g Language</a></span></dt><dd><dl><dt><span class="section"><a href="chap-Defensive_Coding-Java.html#sect-Defensive_Coding-Java-Language">3.1. The core language</a></span></dt><dd><dl><dt><span class="section"><a href="chap-Defensive_Coding-Java.html#sect-Defensive_Coding-Java-Language-ReadArray">3.1.1. Inceasing robustness when reading arrays</a></span></dt><dt><span class="section"><a href="chap-Defensive_Coding-Java.html#sect-Defensive_Coding-Java-Language-Resources">3.1.2. Resource management</a></span></dt><dt><span class="section"><a href="chap-Defensive_Coding-Java.html#sect-Defensive_Coding-Java-Language-Finalizers">3.1.3. Finalizers</a></span></dt><dt><span class="section"><a href="chap-Defensive_Coding-Java.html#sect-Defensive_Coding-Java-Language-Exceptions">3.1.4. Recovering from exceptions and errors</a></span></dt></dl></dd><dt><span class="section"><a href="sect-Defensive_Coding-Java-LowLevel.html">3.2. Low-level features of the virtual machine</a></span></dt>
<dd><dl><dt><span class="section"><a href="sect-Defensive_Coding-Java-LowLevel.html#sect-Defensive_Coding-Java-Reflection">3.2.1. <code class="literal">Reflection and private parts</code></a></span></dt><dt><span class="section"><a href="sect-Defensive_Coding-Java-JNI.html">3.2.2. Java Native Interface (JNI)</a></span></dt><dt><span class="section"><a href="sect-Defensive_Coding-Java-MiscUnsafe.html">3.2.3. <code class="literal">sun.misc.Unsafe</code></a></span></dt></dl></dd><dt><span class="section"><a href="sect-Defensive_Coding-Java-SecurityManager.html">3.3. Interacting with the security manager</a></span></dt><dd><dl><dt><span class="section"><a href="sect-Defensive_Coding-Java-SecurityManager.html#sect-Defensive_Coding-Java-SecurityManager-Compatible">3.3.1. Security manager compatibility</a></span></dt><dt><span class="section"><a href="sect-Defensive_Coding-Java-SecurityManager-Activate.html">3.3.2. Activating the security manager</a></span></dt><dt><span class="sec
tion"><a href="sect-Defensive_Coding-Java-SecurityManager-Unprivileged.html">3.3.3. Reducing trust in code</a></span></dt><dt><span class="section"><a href="sect-Defensive_Coding-Java-SecurityManager-Privileged.html">3.3.4. Re-gaining privileges</a></span></dt></dl></dd></dl></dd><dt><span class="chapter"><a href="chap-Defensive_Coding-Python.html">4. The Python Programming Language</a></span></dt><dd><dl><dt><span class="section"><a href="chap-Defensive_Coding-Python.html#idm217625452800">4.1. Dangerous standard library features</a></span></dt><dt><span class="section"><a href="ch04s02.html">4.2. Run-time compilation and code generation</a></span></dt><dt><span class="section"><a href="ch04s03.html">4.3. Sandboxing</a></span></dt></dl></dd></dl></div></div><ul class="docnav"><li class="previous"><a accesskey="p" href="index.html"><strong>Prev</strong>Defensive Coding</a></li><li class="up"><a accesskey="u" href="#"><strong>Up</strong></a></li><li class="home"><a accesskey="
h" href="index.html"><strong>Home</strong></a></li><li class="next"><a accesskey="n" href="chap-Defensive_Coding-C.html"><strong>Next</strong>Chapter 1. The C Programming Language</a></li></ul></body></html>
\ No newline at end of file
+ </script><link rel="home" href="index.html" title="Defensive Coding" /><link rel="up" href="index.html" title="Defensive Coding" /><link rel="prev" href="index.html" title="Defensive Coding" /><link rel="next" href="chap-Defensive_Coding-C.html" title="Chapter 1. The C Programming Language" /></head><body class="toc_embeded "><div id="tocdiv" class="toc"><iframe id="tocframe" class="toc" src="../../../../toc.html">This is an iframe, to view it upgrade your browser or enable iframe display.</iframe></div><p id="title"><a class="left" href="http://www.fedoraproject.org"><img src="Common_Content/images/image_left.png" alt="Product Site" /></a><a class="right" href="http://docs.fedoraproject.org"><img src="Common_Content/images/image_right.png" alt="Documentation Site" /></a></p><ul class="docnav"><li class="previous"><a accesskey="p" href="index.html"><strong>Prev</strong></a></li><li class="next"><a accesskey="n" href="chap-Defensive_Coding-C.html"><strong>Next
</strong></a></li></ul><div class="part" id="idm225473328864"><div class="titlepage"><div><div text-align="center"><h1 class="title">Part I. Programming Languages</h1></div></div></div><div class="toc"><p><strong>Table of Contents</strong></p><dl class="toc"><dt><span class="chapter"><a href="chap-Defensive_Coding-C.html">1. The C Programming Language</a></span></dt><dd><dl><dt><span class="section"><a href="chap-Defensive_Coding-C.html#sect-Defensive_Coding-C-Language">1.1. The core language</a></span></dt><dd><dl><dt><span class="section"><a href="chap-Defensive_Coding-C.html#sect-Defensive_Coding-C-Undefined">1.1.1. Undefined behavior</a></span></dt><dt><span class="section"><a href="chap-Defensive_Coding-C.html#sect-Defensive_Coding-C-Pointers">1.1.2. Recommendations for pointers and array handling</a></span></dt><dt><span class="section"><a href="chap-Defensive_Coding-C.html#sect-Defensive_Coding-C-Arithmetic">1.1.3. Recommendations for integer arithmetic</a></span></
dt><dt><span class="section"><a href="chap-Defensive_Coding-C.html#sect-Defensive_Coding-C-Globals">1.1.4. Global variables</a></span></dt></dl></dd><dt><span class="section"><a href="sect-Defensive_Coding-C-Libc.html">1.2. The C standard library</a></span></dt><dd><dl><dt><span class="section"><a href="sect-Defensive_Coding-C-Libc.html#sect-Defensive_Coding-C-Absolutely-Banned">1.2.1. Absolutely banned interfaces</a></span></dt><dt><span class="section"><a href="sect-Defensive_Coding-C-Avoid.html">1.2.2. Functions to avoid</a></span></dt><dt><span class="section"><a href="sect-Defensive_Coding-C-String-Functions-Length.html">1.2.3. String Functions With Explicit Length Arguments</a></span></dt></dl></dd><dt><span class="section"><a href="sect-Defensive_Coding-C-Allocators.html">1.3. Memory allocators</a></span></dt><dd><dl><dt><span class="section"><a href="sect-Defensive_Coding-C-Allocators.html#idm225470719360">1.3.1. <code class="function">malloc</code> and related funct
ions</a></span></dt><dt><span class="section"><a href="sect-Defensive_Coding-C-Allocators-alloca.html">1.3.2. <code class="function">alloca</code> and other forms of stack-based allocation</a></span></dt><dt><span class="section"><a href="sect-Defensive_Coding-C-Allocators-Arrays.html">1.3.3. Array allocation</a></span></dt><dt><span class="section"><a href="sect-Defensive_Coding-C-Allocators-Custom.html">1.3.4. Custom memory allocators</a></span></dt><dt><span class="section"><a href="ch01s03s05.html">1.3.5. Conservative garbage collection</a></span></dt></dl></dd><dt><span class="section"><a href="sect-Defensive_Coding-C-Other.html">1.4. Other C-related topics</a></span></dt><dd><dl><dt><span class="section"><a href="sect-Defensive_Coding-C-Other.html#sect-Defensive_Coding-C-Wrapper-Functions">1.4.1. Wrapper functions</a></span></dt></dl></dd></dl></dd><dt><span class="chapter"><a href="chap-Defensive_Coding-CXX.html">2. The C++ Programming Language</a></span></dt><dd><dl>
<dt><span class="section"><a href="chap-Defensive_Coding-CXX.html#sect-Defensive_Coding-CXX-Language">2.1. The core language</a></span></dt><dd><dl><dt><span class="section"><a href="chap-Defensive_Coding-CXX.html#idm225451562352">2.1.1. Array allocation with <code class="literal">operator new[]</code></a></span></dt><dt><span class="section"><a href="chap-Defensive_Coding-CXX.html#idm225451560624">2.1.2. Overloading</a></span></dt><dt><span class="section"><a href="chap-Defensive_Coding-CXX.html#idm225451563856">2.1.3. ABI compatibility and preparing for security updates</a></span></dt><dt><span class="section"><a href="chap-Defensive_Coding-CXX.html#sect-Defensive_Coding-CXX-Language-CXX11">2.1.4. C++0X and C++11 support</a></span></dt></dl></dd><dt><span class="section"><a href="sect-Defensive_Coding-CXX-Std.html">2.2. The C++ standard library</a></span></dt><dd><dl><dt><span class="section"><a href="sect-Defensive_Coding-CXX-Std.html#sect-Defensive_Coding-CXX-Std-Functio
ns">2.2.1. Functions that are difficult to use</a></span></dt><dt><span class="section"><a href="sect-Defensive_Coding-CXX-Std-String.html">2.2.2. String handling with <code class="literal">std::string</code></a></span></dt><dt><span class="section"><a href="sect-Defensive_Coding-CXX-Std-Subscript.html">2.2.3. Containers and <code class="literal">operator[]</code></a></span></dt><dt><span class="section"><a href="sect-Defensive_Coding-CXX-Std-Iterators.html">2.2.4. Iterators</a></span></dt></dl></dd></dl></dd><dt><span class="chapter"><a href="chap-Defensive_Coding-Java.html">3. The Java Programming Language</a></span></dt><dd><dl><dt><span class="section"><a href="chap-Defensive_Coding-Java.html#sect-Defensive_Coding-Java-Language">3.1. The core language</a></span></dt><dd><dl><dt><span class="section"><a href="chap-Defensive_Coding-Java.html#sect-Defensive_Coding-Java-Language-ReadArray">3.1.1. Inceasing robustness when reading arrays</a></span></dt><dt><span class="sectio
n"><a href="chap-Defensive_Coding-Java.html#sect-Defensive_Coding-Java-Language-Resources">3.1.2. Resource management</a></span></dt><dt><span class="section"><a href="chap-Defensive_Coding-Java.html#sect-Defensive_Coding-Java-Language-Finalizers">3.1.3. Finalizers</a></span></dt><dt><span class="section"><a href="chap-Defensive_Coding-Java.html#sect-Defensive_Coding-Java-Language-Exceptions">3.1.4. Recovering from exceptions and errors</a></span></dt></dl></dd><dt><span class="section"><a href="sect-Defensive_Coding-Java-LowLevel.html">3.2. Low-level features of the virtual machine</a></span></dt><dd><dl><dt><span class="section"><a href="sect-Defensive_Coding-Java-LowLevel.html#sect-Defensive_Coding-Java-Reflection">3.2.1. <code class="literal">Reflection and private parts</code></a></span></dt><dt><span class="section"><a href="sect-Defensive_Coding-Java-JNI.html">3.2.2. Java Native Interface (JNI)</a></span></dt><dt><span class="section"><a href="sect-Defensive_Coding-Ja
va-MiscUnsafe.html">3.2.3. <code class="literal">sun.misc.Unsafe</code></a></span></dt></dl></dd><dt><span class="section"><a href="sect-Defensive_Coding-Java-SecurityManager.html">3.3. Interacting with the security manager</a></span></dt><dd><dl><dt><span class="section"><a href="sect-Defensive_Coding-Java-SecurityManager.html#sect-Defensive_Coding-Java-SecurityManager-Compatible">3.3.1. Security manager compatibility</a></span></dt><dt><span class="section"><a href="sect-Defensive_Coding-Java-SecurityManager-Activate.html">3.3.2. Activating the security manager</a></span></dt><dt><span class="section"><a href="sect-Defensive_Coding-Java-SecurityManager-Unprivileged.html">3.3.3. Reducing trust in code</a></span></dt><dt><span class="section"><a href="sect-Defensive_Coding-Java-SecurityManager-Privileged.html">3.3.4. Re-gaining privileges</a></span></dt></dl></dd></dl></dd><dt><span class="chapter"><a href="chap-Defensive_Coding-Python.html">4. The Python Programming Languag
e</a></span></dt><dd><dl><dt><span class="section"><a href="chap-Defensive_Coding-Python.html#idm225495658016">4.1. Dangerous standard library features</a></span></dt><dt><span class="section"><a href="ch04s02.html">4.2. Run-time compilation and code generation</a></span></dt><dt><span class="section"><a href="ch04s03.html">4.3. Sandboxing</a></span></dt></dl></dd><dt><span class="chapter"><a href="chap-Defensive_Coding-Go.html">5. The Go Programming Language</a></span></dt><dd><dl><dt><span class="section"><a href="chap-Defensive_Coding-Go.html#chap-Defensive_Coding-Go-Memory_Safety">5.1. Memory safety</a></span></dt><dt><span class="section"><a href="chap-Defensive_Coding-Go-Error_Handling.html">5.2. Error handling</a></span></dt><dt><span class="section"><a href="chap-Defensive_Coding-Go-Garbage_Collector.html">5.3. Garbage Collector</a></span></dt></dl></dd><dt><span class="chapter"><a href="chap-Defensive_Coding-Vala.html">6. The Vala Programming Language</a></span></dt
></dl></div></div><ul class="docnav"><li class="previous"><a accesskey="p" href="index.html"><strong>Prev</strong>Defensive Coding</a></li><li class="up"><a accesskey="u" href="#"><strong>Up</strong></a></li><li class="home"><a accesskey="h" href="index.html"><strong>Home</strong></a></li><li class="next"><a accesskey="n" href="chap-Defensive_Coding-C.html"><strong>Next</strong>Chapter 1. The C Programming Language</a></li></ul></body></html>
\ No newline at end of file
diff --git a/public_html/en-US/Fedora_Security_Team/1/html/Defensive_Coding/pt02.html b/public_html/en-US/Fedora_Security_Team/1/html/Defensive_Coding/pt02.html
index 8f0a105..3894293 100644
--- a/public_html/en-US/Fedora_Security_Team/1/html/Defensive_Coding/pt02.html
+++ b/public_html/en-US/Fedora_Security_Team/1/html/Defensive_Coding/pt02.html
@@ -1,9 +1,9 @@
<?xml version="1.0" encoding="UTF-8" standalone="no"?>
-<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd"><html xmlns="http://www.w3.org/1999/xhtml"><head><meta http-equiv="Content-Type" content="text/html; charset=UTF-8" /><title>Part II. Specific Programming Tasks</title><link rel="stylesheet" type="text/css" href="Common_Content/css/default.css" /><link rel="stylesheet" media="print" href="Common_Content/css/print.css" type="text/css" /><meta name="generator" content="publican 2.8" /><meta name="package" content="Fedora_Security_Team-Defensive_Coding-1-en-US--" /><script type="text/javascript" src="../../../../../toc.js"></script><script type="text/javascript">
+<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd"><html xmlns="http://www.w3.org/1999/xhtml"><head><meta http-equiv="Content-Type" content="text/html; charset=UTF-8" /><title>Part II. Specific Programming Tasks</title><link rel="stylesheet" type="text/css" href="Common_Content/css/default.css" /><link rel="stylesheet" media="print" href="Common_Content/css/print.css" type="text/css" /><meta name="generator" content="publican 2.8" /><meta name="package" content="Fedora_Security_Team-Defensive_Coding-1-en-US-1-1" /><script type="text/javascript" src="../../../../../toc.js"></script><script type="text/javascript">
addID('Fedora_Security_Team');
addID('Fedora_Security_Team.1');
addID('Fedora_Security_Team.1.books');
addID('Fedora_Security_Team.1.Defensive_Coding');
- </script><link rel="home" href="index.html" title="Defensive Coding" /><link rel="up" href="index.html" title="Defensive Coding" /><link rel="prev" href="ch04s03.html" title="4.3. Sandboxing" /><link rel="next" href="chap-Defensive_Coding-Tasks-Library_Design.html" title="Chapter 5. Library Design" /></head><body class="toc_embeded "><div id="tocdiv" class="toc"><iframe id="tocframe" class="toc" src="../../../../toc.html">This is an iframe, to view it upgrade your browser or enable iframe display.</iframe></div><p id="title"><a class="left" href="http://www.fedoraproject.org"><img src="Common_Content/images/image_left.png" alt="Product Site" /></a><a class="right" href="http://docs.fedoraproject.org"><img src="Common_Content/images/image_right.png" alt="Documentation Site" /></a></p><ul class="docnav"><li class="previous"><a accesskey="p" href="ch04s03.html"><strong>Prev</strong></a></li><li class="next"><a accesskey="n" href="chap-Defensive_Coding-Tasks-Lib
rary_Design.html"><strong>Next</strong></a></li></ul><div class="part" id="idm217610281072"><div class="titlepage"><div><div text-align="center"><h1 class="title">Part II. Specific Programming Tasks</h1></div></div></div><div class="toc"><p><strong>Table of Contents</strong></p><dl class="toc"><dt><span class="chapter"><a href="chap-Defensive_Coding-Tasks-Library_Design.html">5. Library Design</a></span></dt><dd><dl><dt><span class="section"><a href="chap-Defensive_Coding-Tasks-Library_Design.html#idm217610107056">5.1. State management</a></span></dt><dd><dl><dt><span class="section"><a href="chap-Defensive_Coding-Tasks-Library_Design.html#idm217650952240">5.1.1. Global state</a></span></dt><dt><span class="section"><a href="chap-Defensive_Coding-Tasks-Library_Design.html#idm217599341328">5.1.2. Handles</a></span></dt></dl></dd><dt><span class="section"><a href="ch05s02.html">5.2. Object orientation</a></span></dt><dt><span class="section"><a href="sect-Defensive_Coding-Ta
sks-Library_Design-Callbacks.html">5.3. Callbacks</a></span></dt><dt><span class="section"><a href="ch05s04.html">5.4. Process attributes</a></span></dt></dl></dd><dt><span class="chapter"><a href="sect-Defensive_Coding-Tasks-Descriptors.html">6. File Descriptor Management</a></span></dt><dd><dl><dt><span class="section"><a href="sect-Defensive_Coding-Tasks-Descriptors.html#idm217651037600">6.1. Closing descriptors</a></span></dt><dd><dl><dt><span class="section"><a href="sect-Defensive_Coding-Tasks-Descriptors.html#idm217622290176">6.1.1. Error handling during descriptor close</a></span></dt><dt><span class="section"><a href="sect-Defensive_Coding-Tasks-Descriptors.html#idm217615274224">6.1.2. Closing descriptors and race conditions</a></span></dt><dt><span class="section"><a href="sect-Defensive_Coding-Tasks-Descriptors.html#idm217617186816">6.1.3. Lingering state after close</a></span></dt></dl></dd><dt><span class="section"><a href="sect-Defensive_Coding-Tasks-Descriptor
s-Child_Processes.html">6.2. Preventing file descriptor leaks to child processes</a></span></dt><dt><span class="section"><a href="sect-Defensive_Coding-Tasks-Descriptors-Limit.html">6.3. Dealing with the <code class="function">select</code> limit</a></span></dt></dl></dd><dt><span class="chapter"><a href="chap-Defensive_Coding-Tasks-File_System.html">7. File system manipulation</a></span></dt><dd><dl><dt><span class="section"><a href="chap-Defensive_Coding-Tasks-File_System.html#sect-Defensive_Coding-Tasks-File_System-Unowned">7.1. Working with files and directories owned by other users</a></span></dt><dt><span class="section"><a href="sect-Defensive_Coding-Tasks-File_System-Foreign.html">7.2. Accessing the file system as a different user</a></span></dt><dt><span class="section"><a href="sect-Defensive_Coding-Tasks-File_System-Limits.html">7.3. File system limits</a></span></dt><dt><span class="section"><a href="sect-Defensive_Coding-Tasks-File_System-Features.html">7.4. Fi
le system features</a></span></dt><dt><span class="section"><a href="sect-Defensive_Coding-Tasks-File_System-Free_Space.html">7.5. Checking free space</a></span></dt></dl></dd><dt><span class="chapter"><a href="chap-Defensive_Coding-Tasks-Temporary_Files.html">8. Temporary files</a></span></dt><dd><dl><dt><span class="section"><a href="chap-Defensive_Coding-Tasks-Temporary_Files.html#chap-Defensive_Coding-Tasks-Temporary_Files-Location">8.1. Obtaining the location of temporary directory</a></span></dt><dt><span class="section"><a href="ch08s02.html">8.2. Named temporary files</a></span></dt><dt><span class="section"><a href="ch08s03.html">8.3. Temporary files without names</a></span></dt><dt><span class="section"><a href="chap-Defensive_Coding-Tasks-Temporary_Directory.html">8.4. Temporary directories</a></span></dt><dt><span class="section"><a href="ch08s05.html">8.5. Compensating for unsafe file creation</a></span></dt></dl></dd><dt><span class="chapter"><a href="sect-Defe
nsive_Coding-Tasks-Processes.html">9. Processes</a></span></dt><dd><dl><dt><span class="section"><a href="sect-Defensive_Coding-Tasks-Processes.html#sect-Defensive_Coding-Tasks-Processes-Creation">9.1. Safe process creation</a></span></dt><dd><dl><dt><span class="section"><a href="sect-Defensive_Coding-Tasks-Processes.html#idm217610205904">9.1.1. Obtaining the program path and the command line template</a></span></dt><dt><span class="section"><a href="sect-Defensive_Coding-Tasks-Processes.html#sect-Defensive_Coding-Tasks-Processes-execve">9.1.2. Bypassing the shell</a></span></dt><dt><span class="section"><a href="sect-Defensive_Coding-Tasks-Processes.html#sect-Defensive_Coding-Tasks-Processes-environ">9.1.3. Specifying the process environment</a></span></dt><dt><span class="section"><a href="sect-Defensive_Coding-Tasks-Processes.html#idm217621505504">9.1.4. Robust argument list processing</a></span></dt><dt><span class="section"><a href="sect-Defensive_Coding-Tasks-Processe
s.html#sect-Defensive_Coding-Tasks-Processes-Command_Line_Visibility">9.1.5. Passing secrets to subprocesses</a></span></dt></dl></dd><dt><span class="section"><a href="ch09s02.html">9.2. Handling child process termination</a></span></dt><dt><span class="section"><a href="ch09s03.html">9.3. <code class="literal">SUID</code>/<code class="literal">SGID</code> processes</a></span></dt><dd><dl><dt><span class="section"><a href="ch09s03.html#sect-Defensive_Coding-Tasks-secure_getenv">9.3.1. Accessing environment variables</a></span></dt></dl></dd><dt><span class="section"><a href="sect-Defensive_Coding-Tasks-Processes-Daemons.html">9.4. Daemons</a></span></dt><dt><span class="section"><a href="ch09s05.html">9.5. Semantics of command line arguments</a></span></dt><dt><span class="section"><a href="sect-Defensive_Coding-Tasks-Processes-Fork-Parallel.html">9.6. <code class="function">fork</code> as a primitive for parallelism</a></span></dt></dl></dd><dt><span class="chapter"><a hre
f="chap-Defensive_Coding-Tasks-Serialization.html">10. Serialization and Deserialization</a></span></dt><dd><dl><dt><span class="section"><a href="chap-Defensive_Coding-Tasks-Serialization.html#sect-Defensive_Coding-Tasks-Serialization-Decoders">10.1. Recommendations for manually written decoders</a></span></dt><dt><span class="section"><a href="ch10s02.html">10.2. Protocol design</a></span></dt><dt><span class="section"><a href="ch10s03.html">10.3. Library support for deserialization</a></span></dt><dt><span class="section"><a href="sect-Defensive_Coding-Tasks-Serialization-XML.html">10.4. XML serialization</a></span></dt><dd><dl><dt><span class="section"><a href="sect-Defensive_Coding-Tasks-Serialization-XML.html#sect-Defensive_Coding-Tasks-Serialization-XML-External">10.4.1. External references</a></span></dt><dt><span class="section"><a href="sect-Defensive_Coding-Tasks-Serialization-XML-Entities.html">10.4.2. Entity expansion</a></span></dt><dt><span class="section"><a
href="sect-Defensive_Coding-Tasks-Serialization-XML-XInclude.html">10.4.3. XInclude processing</a></span></dt><dt><span class="section"><a href="sect-Defensive_Coding-Tasks-Serialization-XML-Validation.html">10.4.4. Algorithmic complexity of XML validation</a></span></dt><dt><span class="section"><a href="sect-Defensive_Coding-Tasks-Serialization-XML-Expat.html">10.4.5. Using Expat for XML parsing</a></span></dt><dt><span class="section"><a href="sect-Defensive_Coding-Tasks-Serialization-Qt.html">10.4.6. Using Qt for XML parsing</a></span></dt><dt><span class="section"><a href="sect-Defensive_Coding-Tasks-Serialization-XML-OpenJDK_Parse.html">10.4.7. Using OpenJDK for XML parsing and validation</a></span></dt></dl></dd><dt><span class="section"><a href="ch10s05.html">10.5. Protocol Encoders</a></span></dt></dl></dd><dt><span class="chapter"><a href="chap-Defensive_Coding-Tasks-Cryptography.html">11. Cryptography</a></span></dt><dd><dl><dt><span class="section"><a href="chap-
Defensive_Coding-Tasks-Cryptography.html#idm217622866992">11.1. Primitives</a></span></dt><dt><span class="section"><a href="ch11s02.html">11.2. Randomness</a></span></dt></dl></dd></dl></div></div><ul class="docnav"><li class="previous"><a accesskey="p" href="ch04s03.html"><strong>Prev</strong>4.3. Sandboxing</a></li><li class="up"><a accesskey="u" href="#"><strong>Up</strong></a></li><li class="home"><a accesskey="h" href="index.html"><strong>Home</strong></a></li><li class="next"><a accesskey="n" href="chap-Defensive_Coding-Tasks-Library_Design.html"><strong>Next</strong>Chapter 5. Library Design</a></li></ul></body></html>
\ No newline at end of file
+ </script><link rel="home" href="index.html" title="Defensive Coding" /><link rel="up" href="index.html" title="Defensive Coding" /><link rel="prev" href="chap-Defensive_Coding-Vala.html" title="Chapter 6. The Vala Programming Language" /><link rel="next" href="chap-Defensive_Coding-Tasks-Library_Design.html" title="Chapter 7. Library Design" /></head><body class="toc_embeded "><div id="tocdiv" class="toc"><iframe id="tocframe" class="toc" src="../../../../toc.html">This is an iframe, to view it upgrade your browser or enable iframe display.</iframe></div><p id="title"><a class="left" href="http://www.fedoraproject.org"><img src="Common_Content/images/image_left.png" alt="Product Site" /></a><a class="right" href="http://docs.fedoraproject.org"><img src="Common_Content/images/image_right.png" alt="Documentation Site" /></a></p><ul class="docnav"><li class="previous"><a accesskey="p" href="chap-Defensive_Coding-Vala.html"><strong>Prev</strong></a></li><li cla
ss="next"><a accesskey="n" href="chap-Defensive_Coding-Tasks-Library_Design.html"><strong>Next</strong></a></li></ul><div class="part" id="idm225447908000"><div class="titlepage"><div><div text-align="center"><h1 class="title">Part II. Specific Programming Tasks</h1></div></div></div><div class="toc"><p><strong>Table of Contents</strong></p><dl class="toc"><dt><span class="chapter"><a href="chap-Defensive_Coding-Tasks-Library_Design.html">7. Library Design</a></span></dt><dd><dl><dt><span class="section"><a href="chap-Defensive_Coding-Tasks-Library_Design.html#idm225487651552">7.1. State management</a></span></dt><dd><dl><dt><span class="section"><a href="chap-Defensive_Coding-Tasks-Library_Design.html#idm225491488784">7.1.1. Global state</a></span></dt><dt><span class="section"><a href="chap-Defensive_Coding-Tasks-Library_Design.html#idm225448222624">7.1.2. Handles</a></span></dt></dl></dd><dt><span class="section"><a href="ch07s02.html">7.2. Object orientation</a></span>
</dt><dt><span class="section"><a href="sect-Defensive_Coding-Tasks-Library_Design-Callbacks.html">7.3. Callbacks</a></span></dt><dt><span class="section"><a href="ch07s04.html">7.4. Process attributes</a></span></dt></dl></dd><dt><span class="chapter"><a href="sect-Defensive_Coding-Tasks-Descriptors.html">8. File Descriptor Management</a></span></dt><dd><dl><dt><span class="section"><a href="sect-Defensive_Coding-Tasks-Descriptors.html#idm225440737696">8.1. Closing descriptors</a></span></dt><dd><dl><dt><span class="section"><a href="sect-Defensive_Coding-Tasks-Descriptors.html#idm225454974624">8.1.1. Error handling during descriptor close</a></span></dt><dt><span class="section"><a href="sect-Defensive_Coding-Tasks-Descriptors.html#idm225452561072">8.1.2. Closing descriptors and race conditions</a></span></dt><dt><span class="section"><a href="sect-Defensive_Coding-Tasks-Descriptors.html#idm225462035824">8.1.3. Lingering state after close</a></span></dt></dl></dd><dt><span
class="section"><a href="sect-Defensive_Coding-Tasks-Descriptors-Child_Processes.html">8.2. Preventing file descriptor leaks to child processes</a></span></dt><dt><span class="section"><a href="sect-Defensive_Coding-Tasks-Descriptors-Limit.html">8.3. Dealing with the <code class="function">select</code> limit</a></span></dt></dl></dd><dt><span class="chapter"><a href="chap-Defensive_Coding-Tasks-File_System.html">9. File system manipulation</a></span></dt><dd><dl><dt><span class="section"><a href="chap-Defensive_Coding-Tasks-File_System.html#sect-Defensive_Coding-Tasks-File_System-Unowned">9.1. Working with files and directories owned by other users</a></span></dt><dt><span class="section"><a href="sect-Defensive_Coding-Tasks-File_System-Foreign.html">9.2. Accessing the file system as a different user</a></span></dt><dt><span class="section"><a href="sect-Defensive_Coding-Tasks-File_System-Limits.html">9.3. File system limits</a></span></dt><dt><span class="section"><a href
="sect-Defensive_Coding-Tasks-File_System-Features.html">9.4. File system features</a></span></dt><dt><span class="section"><a href="sect-Defensive_Coding-Tasks-File_System-Free_Space.html">9.5. Checking free space</a></span></dt></dl></dd><dt><span class="chapter"><a href="chap-Defensive_Coding-Tasks-Temporary_Files.html">10. Temporary files</a></span></dt><dd><dl><dt><span class="section"><a href="chap-Defensive_Coding-Tasks-Temporary_Files.html#chap-Defensive_Coding-Tasks-Temporary_Files-Location">10.1. Obtaining the location of temporary directory</a></span></dt><dt><span class="section"><a href="ch10s02.html">10.2. Named temporary files</a></span></dt><dt><span class="section"><a href="ch10s03.html">10.3. Temporary files without names</a></span></dt><dt><span class="section"><a href="chap-Defensive_Coding-Tasks-Temporary_Directory.html">10.4. Temporary directories</a></span></dt><dt><span class="section"><a href="ch10s05.html">10.5. Compensating for unsafe file creation
</a></span></dt></dl></dd><dt><span class="chapter"><a href="sect-Defensive_Coding-Tasks-Processes.html">11. Processes</a></span></dt><dd><dl><dt><span class="section"><a href="sect-Defensive_Coding-Tasks-Processes.html#sect-Defensive_Coding-Tasks-Processes-Creation">11.1. Safe process creation</a></span></dt><dd><dl><dt><span class="section"><a href="sect-Defensive_Coding-Tasks-Processes.html#idm225447262352">11.1.1. Obtaining the program path and the command line template</a></span></dt><dt><span class="section"><a href="sect-Defensive_Coding-Tasks-Processes.html#sect-Defensive_Coding-Tasks-Processes-execve">11.1.2. Bypassing the shell</a></span></dt><dt><span class="section"><a href="sect-Defensive_Coding-Tasks-Processes.html#sect-Defensive_Coding-Tasks-Processes-environ">11.1.3. Specifying the process environment</a></span></dt><dt><span class="section"><a href="sect-Defensive_Coding-Tasks-Processes.html#idm225452426368">11.1.4. Robust argument list processing</a></span>
</dt><dt><span class="section"><a href="sect-Defensive_Coding-Tasks-Processes.html#sect-Defensive_Coding-Tasks-Processes-Command_Line_Visibility">11.1.5. Passing secrets to subprocesses</a></span></dt></dl></dd><dt><span class="section"><a href="ch11s02.html">11.2. Handling child process termination</a></span></dt><dt><span class="section"><a href="ch11s03.html">11.3. <code class="literal">SUID</code>/<code class="literal">SGID</code> processes</a></span></dt><dd><dl><dt><span class="section"><a href="ch11s03.html#sect-Defensive_Coding-Tasks-secure_getenv">11.3.1. Accessing environment variables</a></span></dt></dl></dd><dt><span class="section"><a href="sect-Defensive_Coding-Tasks-Processes-Daemons.html">11.4. Daemons</a></span></dt><dt><span class="section"><a href="ch11s05.html">11.5. Semantics of command line arguments</a></span></dt><dt><span class="section"><a href="sect-Defensive_Coding-Tasks-Processes-Fork-Parallel.html">11.6. <code class="function">fork</code> as a
primitive for parallelism</a></span></dt></dl></dd><dt><span class="chapter"><a href="chap-Defensive_Coding-Tasks-Serialization.html">12. Serialization and Deserialization</a></span></dt><dd><dl><dt><span class="section"><a href="chap-Defensive_Coding-Tasks-Serialization.html#sect-Defensive_Coding-Tasks-Serialization-Decoders">12.1. Recommendations for manually written decoders</a></span></dt><dt><span class="section"><a href="ch12s02.html">12.2. Protocol design</a></span></dt><dt><span class="section"><a href="sect-Defensive_Coding-Tasks-Serialization-Fragmentation.html">12.3. Fragmentation</a></span></dt><dd><dl><dt><span class="section"><a href="sect-Defensive_Coding-Tasks-Serialization-Fragmentation.html#sect-Defensive_Coding-Tasks-Serialization-Fragmentation-ID">12.3.1. Fragment IDs</a></span></dt></dl></dd><dt><span class="section"><a href="ch12s04.html">12.4. Library support for deserialization</a></span></dt><dt><span class="section"><a href="sect-Defensive_Coding-Ta
sks-Serialization-XML.html">12.5. XML serialization</a></span></dt><dd><dl><dt><span class="section"><a href="sect-Defensive_Coding-Tasks-Serialization-XML.html#sect-Defensive_Coding-Tasks-Serialization-XML-External">12.5.1. External references</a></span></dt><dt><span class="section"><a href="sect-Defensive_Coding-Tasks-Serialization-XML-Entities.html">12.5.2. Entity expansion</a></span></dt><dt><span class="section"><a href="sect-Defensive_Coding-Tasks-Serialization-XML-XInclude.html">12.5.3. XInclude processing</a></span></dt><dt><span class="section"><a href="sect-Defensive_Coding-Tasks-Serialization-XML-Validation.html">12.5.4. Algorithmic complexity of XML validation</a></span></dt><dt><span class="section"><a href="sect-Defensive_Coding-Tasks-Serialization-XML-Expat.html">12.5.5. Using Expat for XML parsing</a></span></dt><dt><span class="section"><a href="sect-Defensive_Coding-Tasks-Serialization-Qt.html">12.5.6. Using Qt for XML parsing</a></span></dt><dt><span clas
s="section"><a href="sect-Defensive_Coding-Tasks-Serialization-XML-OpenJDK_Parse.html">12.5.7. Using OpenJDK for XML parsing and validation</a></span></dt></dl></dd><dt><span class="section"><a href="ch12s06.html">12.6. Protocol Encoders</a></span></dt></dl></dd><dt><span class="chapter"><a href="chap-Defensive_Coding-Tasks-Cryptography.html">13. Cryptography</a></span></dt><dd><dl><dt><span class="section"><a href="chap-Defensive_Coding-Tasks-Cryptography.html#idm225455032912">13.1. Primitives</a></span></dt><dt><span class="section"><a href="ch13s02.html">13.2. Randomness</a></span></dt></dl></dd><dt><span class="chapter"><a href="chap-Defensive_Coding-Tasks-Packaging.html">14. RPM packaging</a></span></dt><dd><dl><dt><span class="section"><a href="chap-Defensive_Coding-Tasks-Packaging.html#sect-Defensive_Coding-Tasks-Packaging-Certificates">14.1. Generating X.509 self-signed certificates during installation</a></span></dt><dt><span class="section"><a href="sect-Defensive_
Coding-Tasks-Packaging-Certificates-Service.html">14.2. Generating X.509 self-signed certificates before service start</a></span></dt></dl></dd></dl></div></div><ul class="docnav"><li class="previous"><a accesskey="p" href="chap-Defensive_Coding-Vala.html"><strong>Prev</strong>Chapter 6. The Vala Programming Language</a></li><li class="up"><a accesskey="u" href="#"><strong>Up</strong></a></li><li class="home"><a accesskey="h" href="index.html"><strong>Home</strong></a></li><li class="next"><a accesskey="n" href="chap-Defensive_Coding-Tasks-Library_Design.html"><strong>Next</strong>Chapter 7. Library Design</a></li></ul></body></html>
\ No newline at end of file
diff --git a/public_html/en-US/Fedora_Security_Team/1/html/Defensive_Coding/pt03.html b/public_html/en-US/Fedora_Security_Team/1/html/Defensive_Coding/pt03.html
index fc1c99c..8284d1f 100644
--- a/public_html/en-US/Fedora_Security_Team/1/html/Defensive_Coding/pt03.html
+++ b/public_html/en-US/Fedora_Security_Team/1/html/Defensive_Coding/pt03.html
@@ -1,9 +1,9 @@
<?xml version="1.0" encoding="UTF-8" standalone="no"?>
-<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd"><html xmlns="http://www.w3.org/1999/xhtml"><head><meta http-equiv="Content-Type" content="text/html; charset=UTF-8" /><title>Part III. Implementing Security Features</title><link rel="stylesheet" type="text/css" href="Common_Content/css/default.css" /><link rel="stylesheet" media="print" href="Common_Content/css/print.css" type="text/css" /><meta name="generator" content="publican 2.8" /><meta name="package" content="Fedora_Security_Team-Defensive_Coding-1-en-US--" /><script type="text/javascript" src="../../../../../toc.js"></script><script type="text/javascript">
+<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd"><html xmlns="http://www.w3.org/1999/xhtml"><head><meta http-equiv="Content-Type" content="text/html; charset=UTF-8" /><title>Part III. Implementing Security Features</title><link rel="stylesheet" type="text/css" href="Common_Content/css/default.css" /><link rel="stylesheet" media="print" href="Common_Content/css/print.css" type="text/css" /><meta name="generator" content="publican 2.8" /><meta name="package" content="Fedora_Security_Team-Defensive_Coding-1-en-US-1-1" /><script type="text/javascript" src="../../../../../toc.js"></script><script type="text/javascript">
addID('Fedora_Security_Team');
addID('Fedora_Security_Team.1');
addID('Fedora_Security_Team.1.books');
addID('Fedora_Security_Team.1.Defensive_Coding');
- </script><link rel="home" href="index.html" title="Defensive Coding" /><link rel="up" href="index.html" title="Defensive Coding" /><link rel="prev" href="ch11s02.html" title="11.2. Randomness" /><link rel="next" href="chap-Defensive_Coding-Authentication.html" title="Chapter 12. Authentication and Authorization" /></head><body class="toc_embeded "><div id="tocdiv" class="toc"><iframe id="tocframe" class="toc" src="../../../../toc.html">This is an iframe, to view it upgrade your browser or enable iframe display.</iframe></div><p id="title"><a class="left" href="http://www.fedoraproject.org"><img src="Common_Content/images/image_left.png" alt="Product Site" /></a><a class="right" href="http://docs.fedoraproject.org"><img src="Common_Content/images/image_right.png" alt="Documentation Site" /></a></p><ul class="docnav"><li class="previous"><a accesskey="p" href="ch11s02.html"><strong>Prev</strong></a></li><li class="next"><a accesskey="n" href="chap-Defensive_Co
ding-Authentication.html"><strong>Next</strong></a></li></ul><div class="part" id="idm217599891712"><div class="titlepage"><div><div text-align="center"><h1 class="title">Part III. Implementing Security Features</h1></div></div></div><div class="toc"><p><strong>Table of Contents</strong></p><dl class="toc"><dt><span class="chapter"><a href="chap-Defensive_Coding-Authentication.html">12. Authentication and Authorization</a></span></dt><dd><dl><dt><span class="section"><a href="chap-Defensive_Coding-Authentication.html#sect-Defensive_Coding-Authentication-Server">12.1. Authenticating servers</a></span></dt><dt><span class="section"><a href="sect-Defensive_Coding-Authentication-Host_based.html">12.2. Host-based authentication</a></span></dt><dt><span class="section"><a href="sect-Defensive_Coding-Authentication-UNIX_Domain.html">12.3. UNIX domain socket authentication</a></span></dt><dt><span class="section"><a href="sect-Defensive_Coding-Authentication-Netlink.html">12.4. <c
ode class="literal">AF_NETLINK</code> authentication of origin</a></span></dt></dl></dd><dt><span class="chapter"><a href="chap-Defensive_Coding-TLS.html">13. Transport Layer Security</a></span></dt><dd><dl><dt><span class="section"><a href="chap-Defensive_Coding-TLS.html#sect-Defensive_Coding-TLS-Pitfalls">13.1. Common Pitfalls</a></span></dt><dd><dl><dt><span class="section"><a href="chap-Defensive_Coding-TLS.html#sect-Defensive_Coding-TLS-OpenSSL">13.1.1. OpenSSL Pitfalls</a></span></dt><dt><span class="section"><a href="chap-Defensive_Coding-TLS.html#sect-Defensive_Coding-TLS-Pitfalls-GNUTLS">13.1.2. GNUTLS Pitfalls</a></span></dt><dt><span class="section"><a href="chap-Defensive_Coding-TLS.html#sect-Defensive_Coding-TLS-Pitfalls-OpenJDK">13.1.3. OpenJDK Pitfalls</a></span></dt><dt><span class="section"><a href="chap-Defensive_Coding-TLS.html#sect-Defensive_Coding-TLS-Pitfalls-NSS">13.1.4. NSS Pitfalls</a></span></dt></dl></dd><dt><span class="section"><a href="sect-Defe
nsive_Coding-TLS-Client.html">13.2. TLS Clients</a></span></dt><dd><dl><dt><span class="section"><a href="sect-Defensive_Coding-TLS-Client.html#idm217622790960">13.2.1. Implementation TLS Clients With OpenSSL</a></span></dt><dt><span class="section"><a href="sect-Defensive_Coding-TLS-Client-GNUTLS.html">13.2.2. Implementation TLS Clients With GNUTLS</a></span></dt><dt><span class="section"><a href="sect-Defensive_Coding-TLS-Client-OpenJDK.html">13.2.3. Implementing TLS Clients With OpenJDK</a></span></dt><dt><span class="section"><a href="sect-Defensive_Coding-TLS-Client-NSS.html">13.2.4. Implementing TLS Clients With NSS</a></span></dt><dt><span class="section"><a href="sect-Defensive_Coding-TLS-Client-Python.html">13.2.5. Implementing TLS Clients With Python</a></span></dt></dl></dd></dl></dd></dl></div></div><ul class="docnav"><li class="previous"><a accesskey="p" href="ch11s02.html"><strong>Prev</strong>11.2. Randomness</a></li><li class="up"><a accesskey="u" href="#"><
strong>Up</strong></a></li><li class="home"><a accesskey="h" href="index.html"><strong>Home</strong></a></li><li class="next"><a accesskey="n" href="chap-Defensive_Coding-Authentication.html"><strong>Next</strong>Chapter 12. Authentication and Authorization</a></li></ul></body></html>
\ No newline at end of file
+ </script><link rel="home" href="index.html" title="Defensive Coding" /><link rel="up" href="index.html" title="Defensive Coding" /><link rel="prev" href="sect-Defensive_Coding-Tasks-Packaging-Certificates-Service.html" title="14.2. Generating X.509 self-signed certificates before service start" /><link rel="next" href="chap-Defensive_Coding-Authentication.html" title="Chapter 15. Authentication and Authorization" /></head><body class="toc_embeded "><div id="tocdiv" class="toc"><iframe id="tocframe" class="toc" src="../../../../toc.html">This is an iframe, to view it upgrade your browser or enable iframe display.</iframe></div><p id="title"><a class="left" href="http://www.fedoraproject.org"><img src="Common_Content/images/image_left.png" alt="Product Site" /></a><a class="right" href="http://docs.fedoraproject.org"><img src="Common_Content/images/image_right.png" alt="Documentation Site" /></a></p><ul class="docnav"><li class="previous"><a accesskey="p" href
="sect-Defensive_Coding-Tasks-Packaging-Certificates-Service.html"><strong>Prev</strong></a></li><li class="next"><a accesskey="n" href="chap-Defensive_Coding-Authentication.html"><strong>Next</strong></a></li></ul><div class="part" id="idm225465981328"><div class="titlepage"><div><div text-align="center"><h1 class="title">Part III. Implementing Security Features</h1></div></div></div><div class="toc"><p><strong>Table of Contents</strong></p><dl class="toc"><dt><span class="chapter"><a href="chap-Defensive_Coding-Authentication.html">15. Authentication and Authorization</a></span></dt><dd><dl><dt><span class="section"><a href="chap-Defensive_Coding-Authentication.html#sect-Defensive_Coding-Authentication-Server">15.1. Authenticating servers</a></span></dt><dt><span class="section"><a href="sect-Defensive_Coding-Authentication-Host_based.html">15.2. Host-based authentication</a></span></dt><dt><span class="section"><a href="sect-Defensive_Coding-Authentication-UNIX_Domain.h
tml">15.3. UNIX domain socket authentication</a></span></dt><dt><span class="section"><a href="sect-Defensive_Coding-Authentication-Netlink.html">15.4. <code class="literal">AF_NETLINK</code> authentication of origin</a></span></dt></dl></dd><dt><span class="chapter"><a href="chap-Defensive_Coding-TLS.html">16. Transport Layer Security</a></span></dt><dd><dl><dt><span class="section"><a href="chap-Defensive_Coding-TLS.html#sect-Defensive_Coding-TLS-Pitfalls">16.1. Common Pitfalls</a></span></dt><dd><dl><dt><span class="section"><a href="chap-Defensive_Coding-TLS.html#sect-Defensive_Coding-TLS-OpenSSL">16.1.1. OpenSSL Pitfalls</a></span></dt><dt><span class="section"><a href="chap-Defensive_Coding-TLS.html#sect-Defensive_Coding-TLS-Pitfalls-GNUTLS">16.1.2. GNUTLS Pitfalls</a></span></dt><dt><span class="section"><a href="chap-Defensive_Coding-TLS.html#sect-Defensive_Coding-TLS-Pitfalls-OpenJDK">16.1.3. OpenJDK Pitfalls</a></span></dt><dt><span class="section"><a href="chap-De
fensive_Coding-TLS.html#sect-Defensive_Coding-TLS-Pitfalls-NSS">16.1.4. NSS Pitfalls</a></span></dt></dl></dd><dt><span class="section"><a href="sect-Defensive_Coding-TLS-Client.html">16.2. TLS Clients</a></span></dt><dd><dl><dt><span class="section"><a href="sect-Defensive_Coding-TLS-Client.html#idm225494367168">16.2.1. Implementation TLS Clients With OpenSSL</a></span></dt><dt><span class="section"><a href="sect-Defensive_Coding-TLS-Client-GNUTLS.html">16.2.2. Implementation TLS Clients With GNUTLS</a></span></dt><dt><span class="section"><a href="sect-Defensive_Coding-TLS-Client-OpenJDK.html">16.2.3. Implementing TLS Clients With OpenJDK</a></span></dt><dt><span class="section"><a href="sect-Defensive_Coding-TLS-Client-NSS.html">16.2.4. Implementing TLS Clients With NSS</a></span></dt><dt><span class="section"><a href="sect-Defensive_Coding-TLS-Client-Python.html">16.2.5. Implementing TLS Clients With Python</a></span></dt></dl></dd></dl></dd></dl></div></div><ul class="d
ocnav"><li class="previous"><a accesskey="p" href="sect-Defensive_Coding-Tasks-Packaging-Certificates-Service.html"><strong>Prev</strong>14.2. Generating X.509 self-signed certificates b...</a></li><li class="up"><a accesskey="u" href="#"><strong>Up</strong></a></li><li class="home"><a accesskey="h" href="index.html"><strong>Home</strong></a></li><li class="next"><a accesskey="n" href="chap-Defensive_Coding-Authentication.html"><strong>Next</strong>Chapter 15. Authentication and Authorization</a></li></ul></body></html>
\ No newline at end of file
diff --git a/public_html/en-US/Fedora_Security_Team/1/html/Defensive_Coding/sect-Defensive_Coding-Authentication-Host_based.html b/public_html/en-US/Fedora_Security_Team/1/html/Defensive_Coding/sect-Defensive_Coding-Authentication-Host_based.html
index 3ee4323..fa4bea8 100644
--- a/public_html/en-US/Fedora_Security_Team/1/html/Defensive_Coding/sect-Defensive_Coding-Authentication-Host_based.html
+++ b/public_html/en-US/Fedora_Security_Team/1/html/Defensive_Coding/sect-Defensive_Coding-Authentication-Host_based.html
@@ -1,12 +1,12 @@
<?xml version="1.0" encoding="UTF-8" standalone="no"?>
-<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd"><html xmlns="http://www.w3.org/1999/xhtml"><head><meta http-equiv="Content-Type" content="text/html; charset=UTF-8" /><title>12.2. Host-based authentication</title><link rel="stylesheet" type="text/css" href="Common_Content/css/default.css" /><link rel="stylesheet" media="print" href="Common_Content/css/print.css" type="text/css" /><meta name="generator" content="publican 2.8" /><meta name="package" content="Fedora_Security_Team-Defensive_Coding-1-en-US--" /><script type="text/javascript" src="../../../../../toc.js"></script><script type="text/javascript">
+<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd"><html xmlns="http://www.w3.org/1999/xhtml"><head><meta http-equiv="Content-Type" content="text/html; charset=UTF-8" /><title>15.2. Host-based authentication</title><link rel="stylesheet" type="text/css" href="Common_Content/css/default.css" /><link rel="stylesheet" media="print" href="Common_Content/css/print.css" type="text/css" /><meta name="generator" content="publican 2.8" /><meta name="package" content="Fedora_Security_Team-Defensive_Coding-1-en-US-1-1" /><script type="text/javascript" src="../../../../../toc.js"></script><script type="text/javascript">
addID('Fedora_Security_Team');
addID('Fedora_Security_Team.1');
addID('Fedora_Security_Team.1.books');
addID('Fedora_Security_Team.1.Defensive_Coding');
- </script><link rel="home" href="index.html" title="Defensive Coding" /><link rel="up" href="chap-Defensive_Coding-Authentication.html" title="Chapter 12. Authentication and Authorization" /><link rel="prev" href="chap-Defensive_Coding-Authentication.html" title="Chapter 12. Authentication and Authorization" /><link rel="next" href="sect-Defensive_Coding-Authentication-UNIX_Domain.html" title="12.3. UNIX domain socket authentication" /></head><body class="toc_embeded "><div id="tocdiv" class="toc"><iframe id="tocframe" class="toc" src="../../../../toc.html">This is an iframe, to view it upgrade your browser or enable iframe display.</iframe></div><p id="title"><a class="left" href="http://www.fedoraproject.org"><img src="Common_Content/images/image_left.png" alt="Product Site" /></a><a class="right" href="http://docs.fedoraproject.org"><img src="Common_Content/images/image_right.png" alt="Documentation Site" /></a></p><ul class="docnav"><li class="previous"
><a accesskey="p" href="chap-Defensive_Coding-Authentication.html"><strong>Prev</strong></a></li><li class="next"><a accesskey="n" href="sect-Defensive_Coding-Authentication-UNIX_Domain.html"><strong>Next</strong></a></li></ul><div class="section" id="sect-Defensive_Coding-Authentication-Host_based"><div class="titlepage"><div><div keep-together.within-column="always"><h2 class="title">12.2. Host-based authentication</h2></div></div></div><div class="para">
+ </script><link rel="home" href="index.html" title="Defensive Coding" /><link rel="up" href="chap-Defensive_Coding-Authentication.html" title="Chapter 15. Authentication and Authorization" /><link rel="prev" href="chap-Defensive_Coding-Authentication.html" title="Chapter 15. Authentication and Authorization" /><link rel="next" href="sect-Defensive_Coding-Authentication-UNIX_Domain.html" title="15.3. UNIX domain socket authentication" /></head><body class="toc_embeded "><div id="tocdiv" class="toc"><iframe id="tocframe" class="toc" src="../../../../toc.html">This is an iframe, to view it upgrade your browser or enable iframe display.</iframe></div><p id="title"><a class="left" href="http://www.fedoraproject.org"><img src="Common_Content/images/image_left.png" alt="Product Site" /></a><a class="right" href="http://docs.fedoraproject.org"><img src="Common_Content/images/image_right.png" alt="Documentation Site" /></a></p><ul class="docnav"><li class="previous"
><a accesskey="p" href="chap-Defensive_Coding-Authentication.html"><strong>Prev</strong></a></li><li class="next"><a accesskey="n" href="sect-Defensive_Coding-Authentication-UNIX_Domain.html"><strong>Next</strong></a></li></ul><div class="section" id="sect-Defensive_Coding-Authentication-Host_based"><div class="titlepage"><div><div keep-together.within-column="always"><h2 class="title">15.2. Host-based authentication</h2></div></div></div><div class="para">
Host-based authentication uses access control lists (ACLs) to accept or deny requests from clients. Thsis authentication method comes in two flavors: IP-based (or, more generally, address-based) and name-based (with the name coming from DNS or <code class="filename">/etc/hosts</code>). IP-based ACLs often use prefix notation to extend access to entire subnets. Name-based ACLs sometimes use wildcards for adding groups of hosts (from entire DNS subtrees). (In the SSH context, host-based authentication means something completely different and is not covered in this section.)
</div><div class="para">
Host-based authentication trust the network and may not offer sufficient granularity, so it has to be considered a weak form of authentication. On the other hand, IP-based authentication can be made extremely robust and can be applied very early in input processing, so it offers an opportunity for significantly reducing the number of potential attackers for many services.
@@ -18,4 +18,4 @@
Similarly, if an address or name is not matched by the list, it should be denied. However, many implementations behave differently, so the actual behavior must be documented properly.
</div><div class="para">
IPv6 addresses can embed IPv4 addresses. There is no universally correct way to deal with this ambiguity. The behavior of the ACL implementation should be documented.
- </div></div><ul class="docnav"><li class="previous"><a accesskey="p" href="chap-Defensive_Coding-Authentication.html"><strong>Prev</strong>Chapter 12. Authentication and Authorization</a></li><li class="up"><a accesskey="u" href="#"><strong>Up</strong></a></li><li class="home"><a accesskey="h" href="index.html"><strong>Home</strong></a></li><li class="next"><a accesskey="n" href="sect-Defensive_Coding-Authentication-UNIX_Domain.html"><strong>Next</strong>12.3. UNIX domain socket authentication</a></li></ul></body></html>
\ No newline at end of file
+ </div></div><ul class="docnav"><li class="previous"><a accesskey="p" href="chap-Defensive_Coding-Authentication.html"><strong>Prev</strong>Chapter 15. Authentication and Authorization</a></li><li class="up"><a accesskey="u" href="#"><strong>Up</strong></a></li><li class="home"><a accesskey="h" href="index.html"><strong>Home</strong></a></li><li class="next"><a accesskey="n" href="sect-Defensive_Coding-Authentication-UNIX_Domain.html"><strong>Next</strong>15.3. UNIX domain socket authentication</a></li></ul></body></html>
\ No newline at end of file
diff --git a/public_html/en-US/Fedora_Security_Team/1/html/Defensive_Coding/sect-Defensive_Coding-Authentication-Netlink.html b/public_html/en-US/Fedora_Security_Team/1/html/Defensive_Coding/sect-Defensive_Coding-Authentication-Netlink.html
index da411f6..75346fa 100644
--- a/public_html/en-US/Fedora_Security_Team/1/html/Defensive_Coding/sect-Defensive_Coding-Authentication-Netlink.html
+++ b/public_html/en-US/Fedora_Security_Team/1/html/Defensive_Coding/sect-Defensive_Coding-Authentication-Netlink.html
@@ -1,15 +1,15 @@
<?xml version="1.0" encoding="UTF-8" standalone="no"?>
-<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd"><html xmlns="http://www.w3.org/1999/xhtml"><head><meta http-equiv="Content-Type" content="text/html; charset=UTF-8" /><title>12.4. AF_NETLINK authentication of origin</title><link rel="stylesheet" type="text/css" href="Common_Content/css/default.css" /><link rel="stylesheet" media="print" href="Common_Content/css/print.css" type="text/css" /><meta name="generator" content="publican 2.8" /><meta name="package" content="Fedora_Security_Team-Defensive_Coding-1-en-US--" /><script type="text/javascript" src="../../../../../toc.js"></script><script type="text/javascript">
+<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd"><html xmlns="http://www.w3.org/1999/xhtml"><head><meta http-equiv="Content-Type" content="text/html; charset=UTF-8" /><title>15.4. AF_NETLINK authentication of origin</title><link rel="stylesheet" type="text/css" href="Common_Content/css/default.css" /><link rel="stylesheet" media="print" href="Common_Content/css/print.css" type="text/css" /><meta name="generator" content="publican 2.8" /><meta name="package" content="Fedora_Security_Team-Defensive_Coding-1-en-US-1-1" /><script type="text/javascript" src="../../../../../toc.js"></script><script type="text/javascript">
addID('Fedora_Security_Team');
addID('Fedora_Security_Team.1');
addID('Fedora_Security_Team.1.books');
addID('Fedora_Security_Team.1.Defensive_Coding');
- </script><link rel="home" href="index.html" title="Defensive Coding" /><link rel="up" href="chap-Defensive_Coding-Authentication.html" title="Chapter 12. Authentication and Authorization" /><link rel="prev" href="sect-Defensive_Coding-Authentication-UNIX_Domain.html" title="12.3. UNIX domain socket authentication" /><link rel="next" href="chap-Defensive_Coding-TLS.html" title="Chapter 13. Transport Layer Security" /></head><body class="toc_embeded "><div id="tocdiv" class="toc"><iframe id="tocframe" class="toc" src="../../../../toc.html">This is an iframe, to view it upgrade your browser or enable iframe display.</iframe></div><p id="title"><a class="left" href="http://www.fedoraproject.org"><img src="Common_Content/images/image_left.png" alt="Product Site" /></a><a class="right" href="http://docs.fedoraproject.org"><img src="Common_Content/images/image_right.png" alt="Documentation Site" /></a></p><ul class="docnav"><li class="previous"><a accesskey="p" h
ref="sect-Defensive_Coding-Authentication-UNIX_Domain.html"><strong>Prev</strong></a></li><li class="next"><a accesskey="n" href="chap-Defensive_Coding-TLS.html"><strong>Next</strong></a></li></ul><div class="section" id="sect-Defensive_Coding-Authentication-Netlink"><div class="titlepage"><div><div keep-together.within-column="always"><h2 class="title">12.4. <code class="literal">AF_NETLINK</code> authentication of origin</h2></div></div></div><div class="para">
+ </script><link rel="home" href="index.html" title="Defensive Coding" /><link rel="up" href="chap-Defensive_Coding-Authentication.html" title="Chapter 15. Authentication and Authorization" /><link rel="prev" href="sect-Defensive_Coding-Authentication-UNIX_Domain.html" title="15.3. UNIX domain socket authentication" /><link rel="next" href="chap-Defensive_Coding-TLS.html" title="Chapter 16. Transport Layer Security" /></head><body class="toc_embeded "><div id="tocdiv" class="toc"><iframe id="tocframe" class="toc" src="../../../../toc.html">This is an iframe, to view it upgrade your browser or enable iframe display.</iframe></div><p id="title"><a class="left" href="http://www.fedoraproject.org"><img src="Common_Content/images/image_left.png" alt="Product Site" /></a><a class="right" href="http://docs.fedoraproject.org"><img src="Common_Content/images/image_right.png" alt="Documentation Site" /></a></p><ul class="docnav"><li class="previous"><a accesskey="p" h
ref="sect-Defensive_Coding-Authentication-UNIX_Domain.html"><strong>Prev</strong></a></li><li class="next"><a accesskey="n" href="chap-Defensive_Coding-TLS.html"><strong>Next</strong></a></li></ul><div class="section" id="sect-Defensive_Coding-Authentication-Netlink"><div class="titlepage"><div><div keep-together.within-column="always"><h2 class="title">15.4. <code class="literal">AF_NETLINK</code> authentication of origin</h2></div></div></div><div class="para">
Netlink messages are used as a high-performance data transfer mechanism between the kernel and the userspace. Traditionally, they are used to exchange information related to the network statck, such as routing table entries.
</div><div class="para">
When processing Netlink messages from the kernel, it is important to check that these messages actually originate from the kernel, by checking that the port ID (or PID) field <code class="literal">nl_pid</code> in the <code class="literal">sockaddr_nl</code> structure is <code class="literal">0</code>. (This structure can be obtained using <code class="function">recvfrom</code> or <code class="function">recvmsg</code>, it is different from the <code class="literal">nlmsghdr</code> structure.) The kernel does not prevent other processes from sending unicast Netlink messages, but the <code class="literal">nl_pid</code> field in the sender's socket address will be non-zero in such cases.
</div><div class="para">
Applications should not use <code class="literal">AF_NETLINK</code> sockets as an IPC mechanism among processes, but prefer UNIX domain sockets for this tasks.
- </div></div><ul class="docnav"><li class="previous"><a accesskey="p" href="sect-Defensive_Coding-Authentication-UNIX_Domain.html"><strong>Prev</strong>12.3. UNIX domain socket authentication</a></li><li class="up"><a accesskey="u" href="#"><strong>Up</strong></a></li><li class="home"><a accesskey="h" href="index.html"><strong>Home</strong></a></li><li class="next"><a accesskey="n" href="chap-Defensive_Coding-TLS.html"><strong>Next</strong>Chapter 13. Transport Layer Security</a></li></ul></body></html>
\ No newline at end of file
+ </div></div><ul class="docnav"><li class="previous"><a accesskey="p" href="sect-Defensive_Coding-Authentication-UNIX_Domain.html"><strong>Prev</strong>15.3. UNIX domain socket authentication</a></li><li class="up"><a accesskey="u" href="#"><strong>Up</strong></a></li><li class="home"><a accesskey="h" href="index.html"><strong>Home</strong></a></li><li class="next"><a accesskey="n" href="chap-Defensive_Coding-TLS.html"><strong>Next</strong>Chapter 16. Transport Layer Security</a></li></ul></body></html>
\ No newline at end of file
diff --git a/public_html/en-US/Fedora_Security_Team/1/html/Defensive_Coding/sect-Defensive_Coding-Authentication-UNIX_Domain.html b/public_html/en-US/Fedora_Security_Team/1/html/Defensive_Coding/sect-Defensive_Coding-Authentication-UNIX_Domain.html
index cc75d69..f8fbf4c 100644
--- a/public_html/en-US/Fedora_Security_Team/1/html/Defensive_Coding/sect-Defensive_Coding-Authentication-UNIX_Domain.html
+++ b/public_html/en-US/Fedora_Security_Team/1/html/Defensive_Coding/sect-Defensive_Coding-Authentication-UNIX_Domain.html
@@ -1,12 +1,12 @@
<?xml version="1.0" encoding="UTF-8" standalone="no"?>
-<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd"><html xmlns="http://www.w3.org/1999/xhtml"><head><meta http-equiv="Content-Type" content="text/html; charset=UTF-8" /><title>12.3. UNIX domain socket authentication</title><link rel="stylesheet" type="text/css" href="Common_Content/css/default.css" /><link rel="stylesheet" media="print" href="Common_Content/css/print.css" type="text/css" /><meta name="generator" content="publican 2.8" /><meta name="package" content="Fedora_Security_Team-Defensive_Coding-1-en-US--" /><script type="text/javascript" src="../../../../../toc.js"></script><script type="text/javascript">
+<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd"><html xmlns="http://www.w3.org/1999/xhtml"><head><meta http-equiv="Content-Type" content="text/html; charset=UTF-8" /><title>15.3. UNIX domain socket authentication</title><link rel="stylesheet" type="text/css" href="Common_Content/css/default.css" /><link rel="stylesheet" media="print" href="Common_Content/css/print.css" type="text/css" /><meta name="generator" content="publican 2.8" /><meta name="package" content="Fedora_Security_Team-Defensive_Coding-1-en-US-1-1" /><script type="text/javascript" src="../../../../../toc.js"></script><script type="text/javascript">
addID('Fedora_Security_Team');
addID('Fedora_Security_Team.1');
addID('Fedora_Security_Team.1.books');
addID('Fedora_Security_Team.1.Defensive_Coding');
- </script><link rel="home" href="index.html" title="Defensive Coding" /><link rel="up" href="chap-Defensive_Coding-Authentication.html" title="Chapter 12. Authentication and Authorization" /><link rel="prev" href="sect-Defensive_Coding-Authentication-Host_based.html" title="12.2. Host-based authentication" /><link rel="next" href="sect-Defensive_Coding-Authentication-Netlink.html" title="12.4. AF_NETLINK authentication of origin" /></head><body class="toc_embeded "><div id="tocdiv" class="toc"><iframe id="tocframe" class="toc" src="../../../../toc.html">This is an iframe, to view it upgrade your browser or enable iframe display.</iframe></div><p id="title"><a class="left" href="http://www.fedoraproject.org"><img src="Common_Content/images/image_left.png" alt="Product Site" /></a><a class="right" href="http://docs.fedoraproject.org"><img src="Common_Content/images/image_right.png" alt="Documentation Site" /></a></p><ul class="docnav"><li class="previous"><a a
ccesskey="p" href="sect-Defensive_Coding-Authentication-Host_based.html"><strong>Prev</strong></a></li><li class="next"><a accesskey="n" href="sect-Defensive_Coding-Authentication-Netlink.html"><strong>Next</strong></a></li></ul><div class="section" id="sect-Defensive_Coding-Authentication-UNIX_Domain"><div class="titlepage"><div><div keep-together.within-column="always"><h2 class="title">12.3. UNIX domain socket authentication</h2></div></div></div><div class="para">
+ </script><link rel="home" href="index.html" title="Defensive Coding" /><link rel="up" href="chap-Defensive_Coding-Authentication.html" title="Chapter 15. Authentication and Authorization" /><link rel="prev" href="sect-Defensive_Coding-Authentication-Host_based.html" title="15.2. Host-based authentication" /><link rel="next" href="sect-Defensive_Coding-Authentication-Netlink.html" title="15.4. AF_NETLINK authentication of origin" /></head><body class="toc_embeded "><div id="tocdiv" class="toc"><iframe id="tocframe" class="toc" src="../../../../toc.html">This is an iframe, to view it upgrade your browser or enable iframe display.</iframe></div><p id="title"><a class="left" href="http://www.fedoraproject.org"><img src="Common_Content/images/image_left.png" alt="Product Site" /></a><a class="right" href="http://docs.fedoraproject.org"><img src="Common_Content/images/image_right.png" alt="Documentation Site" /></a></p><ul class="docnav"><li class="previous"><a a
ccesskey="p" href="sect-Defensive_Coding-Authentication-Host_based.html"><strong>Prev</strong></a></li><li class="next"><a accesskey="n" href="sect-Defensive_Coding-Authentication-Netlink.html"><strong>Next</strong></a></li></ul><div class="section" id="sect-Defensive_Coding-Authentication-UNIX_Domain"><div class="titlepage"><div><div keep-together.within-column="always"><h2 class="title">15.3. UNIX domain socket authentication</h2></div></div></div><div class="para">
UNIX domain sockets (with address family <code class="literal">AF_UNIX</code> or <code class="literal">AF_LOCAL</code>) are restricted to the local host and offer a special authentication mechanism: credentials passing.
</div><div class="para">
Nowadays, most systems support the <code class="literal">SO_PEERCRED</code> (Linux) or <code class="literal">LOCAL_PEERCRED</code> (FreeBSD) socket options, or the <code class="function">getpeereid</code> (other BSDs, MacOS X). These interfaces provide direct access to the (effective) user ID on the other end of a domain socket connect, without cooperation from the other end.
@@ -14,4 +14,4 @@
Historically, credentials passing was implemented using ancillary data in the <code class="function">sendmsg</code> and <code class="function">recvmsg</code> functions. On some systems, only credentials data that the peer has explicitly sent can be received, and the kernel checks the data for correctness on the sending side. This means that both peers need to deal with ancillary data. Compared to that, the modern interfaces are easier to use. Both sets of interfaces vary considerably among UNIX-like systems, unfortunately.
</div><div class="para">
If you want to authenticate based on supplementary groups, you should obtain the user ID using one of these methods, and look up the list of supplementary groups using <code class="function">getpwuid</code> (or <code class="function">getpwuid_r</code>) and <code class="function">getgrouplist</code>. Using the PID and information from <code class="filename">/proc/PID/status</code> is prone to race conditions and insecure.
- </div></div><ul class="docnav"><li class="previous"><a accesskey="p" href="sect-Defensive_Coding-Authentication-Host_based.html"><strong>Prev</strong>12.2. Host-based authentication</a></li><li class="up"><a accesskey="u" href="#"><strong>Up</strong></a></li><li class="home"><a accesskey="h" href="index.html"><strong>Home</strong></a></li><li class="next"><a accesskey="n" href="sect-Defensive_Coding-Authentication-Netlink.html"><strong>Next</strong>12.4. AF_NETLINK authentication of origin</a></li></ul></body></html>
\ No newline at end of file
+ </div></div><ul class="docnav"><li class="previous"><a accesskey="p" href="sect-Defensive_Coding-Authentication-Host_based.html"><strong>Prev</strong>15.2. Host-based authentication</a></li><li class="up"><a accesskey="u" href="#"><strong>Up</strong></a></li><li class="home"><a accesskey="h" href="index.html"><strong>Home</strong></a></li><li class="next"><a accesskey="n" href="sect-Defensive_Coding-Authentication-Netlink.html"><strong>Next</strong>15.4. AF_NETLINK authentication of origin</a></li></ul></body></html>
\ No newline at end of file
diff --git a/public_html/en-US/Fedora_Security_Team/1/html/Defensive_Coding/sect-Defensive_Coding-C-Allocators-Arrays.html b/public_html/en-US/Fedora_Security_Team/1/html/Defensive_Coding/sect-Defensive_Coding-C-Allocators-Arrays.html
index 3e48d2b..599cccd 100644
--- a/public_html/en-US/Fedora_Security_Team/1/html/Defensive_Coding/sect-Defensive_Coding-C-Allocators-Arrays.html
+++ b/public_html/en-US/Fedora_Security_Team/1/html/Defensive_Coding/sect-Defensive_Coding-C-Allocators-Arrays.html
@@ -1,13 +1,13 @@
<?xml version="1.0" encoding="UTF-8" standalone="no"?>
-<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd"><html xmlns="http://www.w3.org/1999/xhtml"><head><meta http-equiv="Content-Type" content="text/html; charset=UTF-8" /><title>1.3.3. Array allocation</title><link rel="stylesheet" type="text/css" href="Common_Content/css/default.css" /><link rel="stylesheet" media="print" href="Common_Content/css/print.css" type="text/css" /><meta name="generator" content="publican 2.8" /><meta name="package" content="Fedora_Security_Team-Defensive_Coding-1-en-US--" /><script type="text/javascript" src="../../../../../toc.js"></script><script type="text/javascript">
+<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd"><html xmlns="http://www.w3.org/1999/xhtml"><head><meta http-equiv="Content-Type" content="text/html; charset=UTF-8" /><title>1.3.3. Array allocation</title><link rel="stylesheet" type="text/css" href="Common_Content/css/default.css" /><link rel="stylesheet" media="print" href="Common_Content/css/print.css" type="text/css" /><meta name="generator" content="publican 2.8" /><meta name="package" content="Fedora_Security_Team-Defensive_Coding-1-en-US-1-1" /><script type="text/javascript" src="../../../../../toc.js"></script><script type="text/javascript">
addID('Fedora_Security_Team');
addID('Fedora_Security_Team.1');
addID('Fedora_Security_Team.1.books');
addID('Fedora_Security_Team.1.Defensive_Coding');
- </script><link rel="home" href="index.html" title="Defensive Coding" /><link rel="up" href="sect-Defensive_Coding-C-Allocators.html" title="1.3. Memory allocators" /><link rel="prev" href="sect-Defensive_Coding-C-Allocators-alloca.html" title="1.3.2. alloca and other forms of stack-based allocation" /><link rel="next" href="ch01s03s04.html" title="1.3.4. Custom memory allocators" /></head><body class="toc_embeded "><div id="tocdiv" class="toc"><iframe id="tocframe" class="toc" src="../../../../toc.html">This is an iframe, to view it upgrade your browser or enable iframe display.</iframe></div><p id="title"><a class="left" href="http://www.fedoraproject.org"><img src="Common_Content/images/image_left.png" alt="Product Site" /></a><a class="right" href="http://docs.fedoraproject.org"><img src="Common_Content/images/image_right.png" alt="Documentation Site" /></a></p><ul class="docnav"><li class="previous"><a accesskey="p" href="sect-Defensive_Coding-C-Allocato
rs-alloca.html"><strong>Prev</strong></a></li><li class="next"><a accesskey="n" href="ch01s03s04.html"><strong>Next</strong></a></li></ul><div class="section" id="sect-Defensive_Coding-C-Allocators-Arrays"><div class="titlepage"><div><div keep-together.within-column="always"><h3 class="title">1.3.3. Array allocation</h3></div></div></div><div class="para">
+ </script><link rel="home" href="index.html" title="Defensive Coding" /><link rel="up" href="sect-Defensive_Coding-C-Allocators.html" title="1.3. Memory allocators" /><link rel="prev" href="sect-Defensive_Coding-C-Allocators-alloca.html" title="1.3.2. alloca and other forms of stack-based allocation" /><link rel="next" href="sect-Defensive_Coding-C-Allocators-Custom.html" title="1.3.4. Custom memory allocators" /></head><body class="toc_embeded "><div id="tocdiv" class="toc"><iframe id="tocframe" class="toc" src="../../../../toc.html">This is an iframe, to view it upgrade your browser or enable iframe display.</iframe></div><p id="title"><a class="left" href="http://www.fedoraproject.org"><img src="Common_Content/images/image_left.png" alt="Product Site" /></a><a class="right" href="http://docs.fedoraproject.org"><img src="Common_Content/images/image_right.png" alt="Documentation Site" /></a></p><ul class="docnav"><li class="previous"><a accesskey="p" href="s
ect-Defensive_Coding-C-Allocators-alloca.html"><strong>Prev</strong></a></li><li class="next"><a accesskey="n" href="sect-Defensive_Coding-C-Allocators-Custom.html"><strong>Next</strong></a></li></ul><div class="section" id="sect-Defensive_Coding-C-Allocators-Arrays"><div class="titlepage"><div><div keep-together.within-column="always"><h3 class="title">1.3.3. Array allocation</h3></div></div></div><div class="para">
When allocating arrays, it is important to check for overflows. The <code class="function">calloc</code> function performs such checks.
</div><div class="para">
- If <code class="function">malloc</code> or <code class="function">realloc</code> is used, the size check must be written manually. For instance, to allocate an array of <code class="literal">n</code> elements of type <code class="literal">T</code>, check that the requested size is not greater than <code class="literal">n / sizeof(T)</code>. See <a class="xref" href="chap-Defensive_Coding-C.html#sect-Defensive_Coding-C-Arithmetic">Section 1.1.3, “Recommendations for integer arithmetic”</a>.
- </div></div><ul class="docnav"><li class="previous"><a accesskey="p" href="sect-Defensive_Coding-C-Allocators-alloca.html"><strong>Prev</strong>1.3.2. alloca and other forms of stack-based allo...</a></li><li class="up"><a accesskey="u" href="#"><strong>Up</strong></a></li><li class="home"><a accesskey="h" href="index.html"><strong>Home</strong></a></li><li class="next"><a accesskey="n" href="ch01s03s04.html"><strong>Next</strong>1.3.4. Custom memory allocators</a></li></ul></body></html>
\ No newline at end of file
+ If <code class="function">malloc</code> or <code class="function">realloc</code> is used, the size check must be written manually. For instance, to allocate an array of <code class="literal">n</code> elements of type <code class="literal">T</code>, check that the requested size is not greater than <code class="literal">((size_t) -1) / sizeof(T)</code>. See <a class="xref" href="chap-Defensive_Coding-C.html#sect-Defensive_Coding-C-Arithmetic">Section 1.1.3, “Recommendations for integer arithmetic”</a>.
+ </div></div><ul class="docnav"><li class="previous"><a accesskey="p" href="sect-Defensive_Coding-C-Allocators-alloca.html"><strong>Prev</strong>1.3.2. alloca and other forms of stack-based allo...</a></li><li class="up"><a accesskey="u" href="#"><strong>Up</strong></a></li><li class="home"><a accesskey="h" href="index.html"><strong>Home</strong></a></li><li class="next"><a accesskey="n" href="sect-Defensive_Coding-C-Allocators-Custom.html"><strong>Next</strong>1.3.4. Custom memory allocators</a></li></ul></body></html>
\ No newline at end of file
diff --git a/public_html/en-US/Fedora_Security_Team/1/html/Defensive_Coding/sect-Defensive_Coding-C-Allocators-Custom.html b/public_html/en-US/Fedora_Security_Team/1/html/Defensive_Coding/sect-Defensive_Coding-C-Allocators-Custom.html
new file mode 100644
index 0000000..8f4448a
--- /dev/null
+++ b/public_html/en-US/Fedora_Security_Team/1/html/Defensive_Coding/sect-Defensive_Coding-C-Allocators-Custom.html
@@ -0,0 +1,19 @@
+<?xml version="1.0" encoding="UTF-8" standalone="no"?>
+<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd"><html xmlns="http://www.w3.org/1999/xhtml"><head><meta http-equiv="Content-Type" content="text/html; charset=UTF-8" /><title>1.3.4. Custom memory allocators</title><link rel="stylesheet" type="text/css" href="Common_Content/css/default.css" /><link rel="stylesheet" media="print" href="Common_Content/css/print.css" type="text/css" /><meta name="generator" content="publican 2.8" /><meta name="package" content="Fedora_Security_Team-Defensive_Coding-1-en-US-1-1" /><script type="text/javascript" src="../../../../../toc.js"></script><script type="text/javascript">
+ addID('Fedora_Security_Team');
+
+ addID('Fedora_Security_Team.1');
+
+ addID('Fedora_Security_Team.1.books');
+ addID('Fedora_Security_Team.1.Defensive_Coding');
+ </script><link rel="home" href="index.html" title="Defensive Coding" /><link rel="up" href="sect-Defensive_Coding-C-Allocators.html" title="1.3. Memory allocators" /><link rel="prev" href="sect-Defensive_Coding-C-Allocators-Arrays.html" title="1.3.3. Array allocation" /><link rel="next" href="ch01s03s05.html" title="1.3.5. Conservative garbage collection" /></head><body class="toc_embeded "><div id="tocdiv" class="toc"><iframe id="tocframe" class="toc" src="../../../../toc.html">This is an iframe, to view it upgrade your browser or enable iframe display.</iframe></div><p id="title"><a class="left" href="http://www.fedoraproject.org"><img src="Common_Content/images/image_left.png" alt="Product Site" /></a><a class="right" href="http://docs.fedoraproject.org"><img src="Common_Content/images/image_right.png" alt="Documentation Site" /></a></p><ul class="docnav"><li class="previous"><a accesskey="p" href="sect-Defensive_Coding-C-Allocators-Arrays.html"><strong>P
rev</strong></a></li><li class="next"><a accesskey="n" href="ch01s03s05.html"><strong>Next</strong></a></li></ul><div class="section" id="sect-Defensive_Coding-C-Allocators-Custom"><div class="titlepage"><div><div keep-together.within-column="always"><h3 class="title">1.3.4. Custom memory allocators</h3></div></div></div><div class="para">
+ Custom memory allocates come in two forms: replacements for <code class="function">malloc</code>, and completely different interfaces for memory management. Both approaches can reduce the effectiveness of <span class="application"><strong>valgrind</strong></span> and similar tools, and the heap corruption detection provided by GNU libc, so they should be avoided.
+ </div><div class="para">
+ Memory allocators are difficult to write and contain many performance and security pitfalls.
+ </div><div class="itemizedlist"><ul><li class="listitem"><div class="para">
+ When computing array sizes or rounding up allocation requests (to the next allocation granularity, or for alignment purposes), checks for arithmetic overflow are required.
+ </div></li><li class="listitem"><div class="para">
+ Size computations for array allocations need overflow checking. See <a class="xref" href="sect-Defensive_Coding-C-Allocators-Arrays.html">Section 1.3.3, “Array allocation”</a>.
+ </div></li><li class="listitem"><div class="para">
+ It can be difficult to beat well-tuned general-purpose allocators. In micro-benchmarks, pool allocators can show huge wins, and size-specific pools can reduce internal fragmentation. But often, utilization of individual pools is poor, and external fragmentation increases the overall memory usage.
+ </div></li></ul></div></div><ul class="docnav"><li class="previous"><a accesskey="p" href="sect-Defensive_Coding-C-Allocators-Arrays.html"><strong>Prev</strong>1.3.3. Array allocation</a></li><li class="up"><a accesskey="u" href="#"><strong>Up</strong></a></li><li class="home"><a accesskey="h" href="index.html"><strong>Home</strong></a></li><li class="next"><a accesskey="n" href="ch01s03s05.html"><strong>Next</strong>1.3.5. Conservative garbage collection</a></li></ul></body></html>
\ No newline at end of file
diff --git a/public_html/en-US/Fedora_Security_Team/1/html/Defensive_Coding/sect-Defensive_Coding-C-Allocators-alloca.html b/public_html/en-US/Fedora_Security_Team/1/html/Defensive_Coding/sect-Defensive_Coding-C-Allocators-alloca.html
index e3ccfbb..6a533f1 100644
--- a/public_html/en-US/Fedora_Security_Team/1/html/Defensive_Coding/sect-Defensive_Coding-C-Allocators-alloca.html
+++ b/public_html/en-US/Fedora_Security_Team/1/html/Defensive_Coding/sect-Defensive_Coding-C-Allocators-alloca.html
@@ -1,5 +1,5 @@
<?xml version="1.0" encoding="UTF-8" standalone="no"?>
-<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd"><html xmlns="http://www.w3.org/1999/xhtml"><head><meta http-equiv="Content-Type" content="text/html; charset=UTF-8" /><title>1.3.2. alloca and other forms of stack-based allocation</title><link rel="stylesheet" type="text/css" href="Common_Content/css/default.css" /><link rel="stylesheet" media="print" href="Common_Content/css/print.css" type="text/css" /><meta name="generator" content="publican 2.8" /><meta name="package" content="Fedora_Security_Team-Defensive_Coding-1-en-US--" /><script type="text/javascript" src="../../../../../toc.js"></script><script type="text/javascript">
+<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd"><html xmlns="http://www.w3.org/1999/xhtml"><head><meta http-equiv="Content-Type" content="text/html; charset=UTF-8" /><title>1.3.2. alloca and other forms of stack-based allocation</title><link rel="stylesheet" type="text/css" href="Common_Content/css/default.css" /><link rel="stylesheet" media="print" href="Common_Content/css/print.css" type="text/css" /><meta name="generator" content="publican 2.8" /><meta name="package" content="Fedora_Security_Team-Defensive_Coding-1-en-US-1-1" /><script type="text/javascript" src="../../../../../toc.js"></script><script type="text/javascript">
addID('Fedora_Security_Team');
addID('Fedora_Security_Team.1');
diff --git a/public_html/en-US/Fedora_Security_Team/1/html/Defensive_Coding/sect-Defensive_Coding-C-Allocators.html b/public_html/en-US/Fedora_Security_Team/1/html/Defensive_Coding/sect-Defensive_Coding-C-Allocators.html
index ff29699..aad968a 100644
--- a/public_html/en-US/Fedora_Security_Team/1/html/Defensive_Coding/sect-Defensive_Coding-C-Allocators.html
+++ b/public_html/en-US/Fedora_Security_Team/1/html/Defensive_Coding/sect-Defensive_Coding-C-Allocators.html
@@ -1,23 +1,23 @@
<?xml version="1.0" encoding="UTF-8" standalone="no"?>
-<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd"><html xmlns="http://www.w3.org/1999/xhtml"><head><meta http-equiv="Content-Type" content="text/html; charset=UTF-8" /><title>1.3. Memory allocators</title><link rel="stylesheet" type="text/css" href="Common_Content/css/default.css" /><link rel="stylesheet" media="print" href="Common_Content/css/print.css" type="text/css" /><meta name="generator" content="publican 2.8" /><meta name="package" content="Fedora_Security_Team-Defensive_Coding-1-en-US--" /><script type="text/javascript" src="../../../../../toc.js"></script><script type="text/javascript">
+<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd"><html xmlns="http://www.w3.org/1999/xhtml"><head><meta http-equiv="Content-Type" content="text/html; charset=UTF-8" /><title>1.3. Memory allocators</title><link rel="stylesheet" type="text/css" href="Common_Content/css/default.css" /><link rel="stylesheet" media="print" href="Common_Content/css/print.css" type="text/css" /><meta name="generator" content="publican 2.8" /><meta name="package" content="Fedora_Security_Team-Defensive_Coding-1-en-US-1-1" /><script type="text/javascript" src="../../../../../toc.js"></script><script type="text/javascript">
addID('Fedora_Security_Team');
addID('Fedora_Security_Team.1');
addID('Fedora_Security_Team.1.books');
addID('Fedora_Security_Team.1.Defensive_Coding');
- </script><link rel="home" href="index.html" title="Defensive Coding" /><link rel="up" href="chap-Defensive_Coding-C.html" title="Chapter 1. The C Programming Language" /><link rel="prev" href="ch01s02s03s07.html" title="1.2.3.7. Other strn* and stpn* functions" /><link rel="next" href="sect-Defensive_Coding-C-Allocators-alloca.html" title="1.3.2. alloca and other forms of stack-based allocation" /></head><body class="toc_embeded "><div id="tocdiv" class="toc"><iframe id="tocframe" class="toc" src="../../../../toc.html">This is an iframe, to view it upgrade your browser or enable iframe display.</iframe></div><p id="title"><a class="left" href="http://www.fedoraproject.org"><img src="Common_Content/images/image_left.png" alt="Product Site" /></a><a class="right" href="http://docs.fedoraproject.org"><img src="Common_Content/images/image_right.png" alt="Documentation Site" /></a></p><ul class="docnav"><li class="previous"><a accesskey="p" href="ch01s02s03s07.h
tml"><strong>Prev</strong></a></li><li class="next"><a accesskey="n" href="sect-Defensive_Coding-C-Allocators-alloca.html"><strong>Next</strong></a></li></ul><div xml:lang="en-US" class="section" id="sect-Defensive_Coding-C-Allocators" lang="en-US"><div class="titlepage"><div><div keep-together.within-column="always"><h2 class="title">1.3. Memory allocators</h2></div></div></div><div class="section" id="idm217614761120"><div class="titlepage"><div><div keep-together.within-column="always"><h3 class="title" id="idm217614761120">1.3.1. <code class="function">malloc</code> and related functions</h3></div></div></div><div class="para">
+ </script><link rel="home" href="index.html" title="Defensive Coding" /><link rel="up" href="chap-Defensive_Coding-C.html" title="Chapter 1. The C Programming Language" /><link rel="prev" href="ch01s02s03s07.html" title="1.2.3.7. Other strn* and stpn* functions" /><link rel="next" href="sect-Defensive_Coding-C-Allocators-alloca.html" title="1.3.2. alloca and other forms of stack-based allocation" /></head><body class="toc_embeded "><div id="tocdiv" class="toc"><iframe id="tocframe" class="toc" src="../../../../toc.html">This is an iframe, to view it upgrade your browser or enable iframe display.</iframe></div><p id="title"><a class="left" href="http://www.fedoraproject.org"><img src="Common_Content/images/image_left.png" alt="Product Site" /></a><a class="right" href="http://docs.fedoraproject.org"><img src="Common_Content/images/image_right.png" alt="Documentation Site" /></a></p><ul class="docnav"><li class="previous"><a accesskey="p" href="ch01s02s03s07.h
tml"><strong>Prev</strong></a></li><li class="next"><a accesskey="n" href="sect-Defensive_Coding-C-Allocators-alloca.html"><strong>Next</strong></a></li></ul><div xml:lang="en-US" class="section" id="sect-Defensive_Coding-C-Allocators" lang="en-US"><div class="titlepage"><div><div keep-together.within-column="always"><h2 class="title">1.3. Memory allocators</h2></div></div></div><div class="section" id="idm225470719360"><div class="titlepage"><div><div keep-together.within-column="always"><h3 class="title" id="idm225470719360">1.3.1. <code class="function">malloc</code> and related functions</h3></div></div></div><div class="para">
The C library interfaces for memory allocation are provided by <code class="function">malloc</code>, <code class="function">free</code> and <code class="function">realloc</code>, and the <code class="function">calloc</code> function. In addition to these generic functions, there are derived functions such as <code class="function">strdup</code> which perform allocation using <code class="function">malloc</code> internally, but do not return untyped heap memory (which could be used for any object).
</div><div class="para">
The C compiler knows about these functions and can use their expected behavior for optimizations. For instance, the compiler assumes that an existing pointer (or a pointer derived from an existing pointer by arithmetic) will not point into the memory area returned by <code class="function">malloc</code>.
</div><div class="para">
If the allocation fails, <code class="function">realloc</code> does not free the old pointer. Therefore, the idiom <code class="literal">ptr = realloc(ptr, size);</code> is wrong because the memory pointed to by <code class="literal">ptr</code> leaks in case of an error.
- </div><div class="section" id="idm217617402064"><div class="titlepage"><div><div keep-together.within-column="always"><h4 class="title" id="idm217617402064">1.3.1.1. Use-after-free errors</h4></div></div></div><div class="para">
+ </div><div class="section" id="sect-Defensive_Coding-C-Use-After-Free"><div class="titlepage"><div><div keep-together.within-column="always"><h4 class="title">1.3.1.1. Use-after-free errors</h4></div></div></div><div class="para">
After <code class="function">free</code>, the pointer is invalid. Further pointer dereferences are not allowed (and are usually detected by <span class="application"><strong>valgrind</strong></span>). Less obvious is that any <span class="emphasis"><em>use</em></span> of the old pointer value is not allowed, either. In particular, comparisons with any other pointer (or the null pointer) are undefined according to the C standard.
</div><div class="para">
The same rules apply to <code class="function">realloc</code> if the memory area cannot be enlarged in-place. For instance, the compiler may assume that a comparison between the old and new pointer will always return false, so it is impossible to detect movement this way.
- </div></div><div class="section" id="idm217619665680"><div class="titlepage"><div><div keep-together.within-column="always"><h4 class="title" id="idm217619665680">1.3.1.2. Handling memory allocation errors</h4></div></div></div><div class="para">
+ </div></div><div class="section" id="idm225452479120"><div class="titlepage"><div><div keep-together.within-column="always"><h4 class="title" id="idm225452479120">1.3.1.2. Handling memory allocation errors</h4></div></div></div><div class="para">
Recovering from out-of-memory errors is often difficult or even impossible. In these cases, <code class="function">malloc</code> and other allocation functions return a null pointer. Dereferencing this pointer lead to a crash. Such dereferences can even be exploitable for code execution if the dereference is combined with an array subscript.
</div><div class="para">
- In general, if you cannot check all allocation calls and handle failure, you should abort the program on allocation failure, and not rely on the null pointer dereference to terminate the process. See <a class="xref" href="chap-Defensive_Coding-Tasks-Serialization.html#sect-Defensive_Coding-Tasks-Serialization-Decoders">Section 10.1, “Recommendations for manually written decoders”</a> for related memory allocation concerns.
+ In general, if you cannot check all allocation calls and handle failure, you should abort the program on allocation failure, and not rely on the null pointer dereference to terminate the process. See <a class="xref" href="chap-Defensive_Coding-Tasks-Serialization.html#sect-Defensive_Coding-Tasks-Serialization-Decoders">Section 12.1, “Recommendations for manually written decoders”</a> for related memory allocation concerns.
</div></div></div></div><ul class="docnav"><li class="previous"><a accesskey="p" href="ch01s02s03s07.html"><strong>Prev</strong>1.2.3.7. Other strn* and stpn* functions</a></li><li class="up"><a accesskey="u" href="#"><strong>Up</strong></a></li><li class="home"><a accesskey="h" href="index.html"><strong>Home</strong></a></li><li class="next"><a accesskey="n" href="sect-Defensive_Coding-C-Allocators-alloca.html"><strong>Next</strong>1.3.2. alloca and other forms of stack-based allo...</a></li></ul></body></html>
\ No newline at end of file
diff --git a/public_html/en-US/Fedora_Security_Team/1/html/Defensive_Coding/sect-Defensive_Coding-C-Avoid.html b/public_html/en-US/Fedora_Security_Team/1/html/Defensive_Coding/sect-Defensive_Coding-C-Avoid.html
index 3f6e1a4..9ab4e9f 100644
--- a/public_html/en-US/Fedora_Security_Team/1/html/Defensive_Coding/sect-Defensive_Coding-C-Avoid.html
+++ b/public_html/en-US/Fedora_Security_Team/1/html/Defensive_Coding/sect-Defensive_Coding-C-Avoid.html
@@ -1,5 +1,5 @@
<?xml version="1.0" encoding="UTF-8" standalone="no"?>
-<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd"><html xmlns="http://www.w3.org/1999/xhtml"><head><meta http-equiv="Content-Type" content="text/html; charset=UTF-8" /><title>1.2.2. Functions to avoid</title><link rel="stylesheet" type="text/css" href="Common_Content/css/default.css" /><link rel="stylesheet" media="print" href="Common_Content/css/print.css" type="text/css" /><meta name="generator" content="publican 2.8" /><meta name="package" content="Fedora_Security_Team-Defensive_Coding-1-en-US--" /><script type="text/javascript" src="../../../../../toc.js"></script><script type="text/javascript">
+<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd"><html xmlns="http://www.w3.org/1999/xhtml"><head><meta http-equiv="Content-Type" content="text/html; charset=UTF-8" /><title>1.2.2. Functions to avoid</title><link rel="stylesheet" type="text/css" href="Common_Content/css/default.css" /><link rel="stylesheet" media="print" href="Common_Content/css/print.css" type="text/css" /><meta name="generator" content="publican 2.8" /><meta name="package" content="Fedora_Security_Team-Defensive_Coding-1-en-US-1-1" /><script type="text/javascript" src="../../../../../toc.js"></script><script type="text/javascript">
addID('Fedora_Security_Team');
addID('Fedora_Security_Team.1');
@@ -21,15 +21,15 @@
</div><div class="itemizedlist"><ul><li class="listitem"><div class="para">
<code class="function">alloca</code> ⟶ <code class="function">malloc</code> and <code class="function">free</code> (see <a class="xref" href="sect-Defensive_Coding-C-Allocators-alloca.html">Section 1.3.2, “<code class="function">alloca</code> and other forms of stack-based allocation”</a>)
</div></li><li class="listitem"><div class="para">
- <code class="function">putenv</code> ⟶ explicit <code class="varname">envp</code> argument in process creation (see <a class="xref" href="sect-Defensive_Coding-Tasks-Processes.html#sect-Defensive_Coding-Tasks-Processes-environ">Section 9.1.3, “Specifying the process environment”</a>)
+ <code class="function">putenv</code> ⟶ explicit <code class="varname">envp</code> argument in process creation (see <a class="xref" href="sect-Defensive_Coding-Tasks-Processes.html#sect-Defensive_Coding-Tasks-Processes-environ">Section 11.1.3, “Specifying the process environment”</a>)
</div></li><li class="listitem"><div class="para">
- <code class="function">setenv</code> ⟶ explicit <code class="varname">envp</code> argument in process creation (see <a class="xref" href="sect-Defensive_Coding-Tasks-Processes.html#sect-Defensive_Coding-Tasks-Processes-environ">Section 9.1.3, “Specifying the process environment”</a>)
+ <code class="function">setenv</code> ⟶ explicit <code class="varname">envp</code> argument in process creation (see <a class="xref" href="sect-Defensive_Coding-Tasks-Processes.html#sect-Defensive_Coding-Tasks-Processes-environ">Section 11.1.3, “Specifying the process environment”</a>)
</div></li><li class="listitem"><div class="para">
<code class="function">strdupa</code> ⟶ <code class="function">strdup</code> and <code class="function">free</code> (see <a class="xref" href="sect-Defensive_Coding-C-Allocators-alloca.html">Section 1.3.2, “<code class="function">alloca</code> and other forms of stack-based allocation”</a>)
</div></li><li class="listitem"><div class="para">
<code class="function">strndupa</code> ⟶ <code class="function">strndup</code> and <code class="function">free</code> (see <a class="xref" href="sect-Defensive_Coding-C-Allocators-alloca.html">Section 1.3.2, “<code class="function">alloca</code> and other forms of stack-based allocation”</a>)
</div></li><li class="listitem"><div class="para">
- <code class="function">system</code> ⟶ <code class="function">posix_spawn</code> or <code class="function">fork</code>/<code class="function">execve</code>/ (see <a class="xref" href="sect-Defensive_Coding-Tasks-Processes.html#sect-Defensive_Coding-Tasks-Processes-execve">Section 9.1.2, “Bypassing the shell”</a>)
+ <code class="function">system</code> ⟶ <code class="function">posix_spawn</code> or <code class="function">fork</code>/<code class="function">execve</code>/ (see <a class="xref" href="sect-Defensive_Coding-Tasks-Processes.html#sect-Defensive_Coding-Tasks-Processes-execve">Section 11.1.2, “Bypassing the shell”</a>)
</div></li><li class="listitem"><div class="para">
- <code class="function">unsetenv</code> ⟶ explicit <code class="varname">envp</code> argument in process creation (see <a class="xref" href="sect-Defensive_Coding-Tasks-Processes.html#sect-Defensive_Coding-Tasks-Processes-environ">Section 9.1.3, “Specifying the process environment”</a>)
+ <code class="function">unsetenv</code> ⟶ explicit <code class="varname">envp</code> argument in process creation (see <a class="xref" href="sect-Defensive_Coding-Tasks-Processes.html#sect-Defensive_Coding-Tasks-Processes-environ">Section 11.1.3, “Specifying the process environment”</a>)
</div></li></ul></div></div><ul class="docnav"><li class="previous"><a accesskey="p" href="sect-Defensive_Coding-C-Libc.html"><strong>Prev</strong>1.2. The C standard library</a></li><li class="up"><a accesskey="u" href="#"><strong>Up</strong></a></li><li class="home"><a accesskey="h" href="index.html"><strong>Home</strong></a></li><li class="next"><a accesskey="n" href="sect-Defensive_Coding-C-String-Functions-Length.html"><strong>Next</strong>1.2.3. String Functions With Explicit Length Argu...</a></li></ul></body></html>
\ No newline at end of file
diff --git a/public_html/en-US/Fedora_Security_Team/1/html/Defensive_Coding/sect-Defensive_Coding-C-Libc-strncat.html b/public_html/en-US/Fedora_Security_Team/1/html/Defensive_Coding/sect-Defensive_Coding-C-Libc-strncat.html
index a398b34..abcf550 100644
--- a/public_html/en-US/Fedora_Security_Team/1/html/Defensive_Coding/sect-Defensive_Coding-C-Libc-strncat.html
+++ b/public_html/en-US/Fedora_Security_Team/1/html/Defensive_Coding/sect-Defensive_Coding-C-Libc-strncat.html
@@ -1,5 +1,5 @@
<?xml version="1.0" encoding="UTF-8" standalone="no"?>
-<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd"><html xmlns="http://www.w3.org/1999/xhtml"><head><meta http-equiv="Content-Type" content="text/html; charset=UTF-8" /><title>1.2.3.4. strncat</title><link rel="stylesheet" type="text/css" href="Common_Content/css/default.css" /><link rel="stylesheet" media="print" href="Common_Content/css/print.css" type="text/css" /><meta name="generator" content="publican 2.8" /><meta name="package" content="Fedora_Security_Team-Defensive_Coding-1-en-US--" /><script type="text/javascript" src="../../../../../toc.js"></script><script type="text/javascript">
+<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd"><html xmlns="http://www.w3.org/1999/xhtml"><head><meta http-equiv="Content-Type" content="text/html; charset=UTF-8" /><title>1.2.3.4. strncat</title><link rel="stylesheet" type="text/css" href="Common_Content/css/default.css" /><link rel="stylesheet" media="print" href="Common_Content/css/print.css" type="text/css" /><meta name="generator" content="publican 2.8" /><meta name="package" content="Fedora_Security_Team-Defensive_Coding-1-en-US-1-1" /><script type="text/javascript" src="../../../../../toc.js"></script><script type="text/javascript">
addID('Fedora_Security_Team');
addID('Fedora_Security_Team.1');
@@ -9,7 +9,7 @@
</script><link rel="home" href="index.html" title="Defensive Coding" /><link rel="up" href="sect-Defensive_Coding-C-String-Functions-Length.html" title="1.2.3. String Functions With Explicit Length Arguments" /><link rel="prev" href="sect-Defensive_Coding-C-Libc-strncpy.html" title="1.2.3.3. strncpy" /><link rel="next" href="ch01s02s03s05.html" title="1.2.3.5. strlcpy and strlcat" /></head><body class="toc_embeded "><div id="tocdiv" class="toc"><iframe id="tocframe" class="toc" src="../../../../toc.html">This is an iframe, to view it upgrade your browser or enable iframe display.</iframe></div><p id="title"><a class="left" href="http://www.fedoraproject.org"><img src="Common_Content/images/image_left.png" alt="Product Site" /></a><a class="right" href="http://docs.fedoraproject.org"><img src="Common_Content/images/image_right.png" alt="Documentation Site" /></a></p><ul class="docnav"><li class="previous"><a accesskey="p" href="sect-Defensive_Coding-C-Libc-st
rncpy.html"><strong>Prev</strong></a></li><li class="next"><a accesskey="n" href="ch01s02s03s05.html"><strong>Next</strong></a></li></ul><div class="section" id="sect-Defensive_Coding-C-Libc-strncat"><div class="titlepage"><div><div keep-together.within-column="always"><h4 class="title">1.2.3.4. <code class="function">strncat</code></h4></div></div></div><div class="para">
The length argument of the <code class="function">strncat</code> function specifies the maximum number of characters copied from the source buffer, excluding the terminating NUL character. This means that the required number of bytes in the destination buffer is the length of the original string, plus the length argument in the <code class="function">strncat</code> call, plus one. Consequently, this function is rarely appropriate for performing a length-checked string operation, with the notable exception of the <code class="function">strcpy</code> emulation described in <a class="xref" href="sect-Defensive_Coding-C-Libc-strncpy.html">Section 1.2.3.3, “<code class="function">strncpy</code>”</a>.
</div><div class="para">
- To implement a length-checked string append, you can use an approach similar to <a class="xref" href="sect-Defensive_Coding-C-String-Functions-Length.html#ex-Defensive_Coding-C-String-Functions-snprintf-incremental">Example 1.4, “Repeatedly writing to a buffer using <code class="function">snprintf</code>”</a>:
+ To implement a length-checked string append, you can use an approach similar to <a class="xref" href="sect-Defensive_Coding-C-String-Functions-Length.html#ex-Defensive_Coding-C-String-Functions-snprintf-incremental">Example 1.6, “Repeatedly writing to a buffer using <code class="function">snprintf</code>”</a>:
</div><div class="informalexample"><pre xml:lang="en-US" class="programlisting" lang="en-US">
<span class="perl_DataType">char</span> buf[<span class="perl_Float">10</span>];
snprintf(buf, <span class="perl_Keyword">sizeof</span>(buf), <span class="perl_String">"%s"</span>, prefix);
diff --git a/public_html/en-US/Fedora_Security_Team/1/html/Defensive_Coding/sect-Defensive_Coding-C-Libc-strncpy.html b/public_html/en-US/Fedora_Security_Team/1/html/Defensive_Coding/sect-Defensive_Coding-C-Libc-strncpy.html
index 9f36bb8..f77771e 100644
--- a/public_html/en-US/Fedora_Security_Team/1/html/Defensive_Coding/sect-Defensive_Coding-C-Libc-strncpy.html
+++ b/public_html/en-US/Fedora_Security_Team/1/html/Defensive_Coding/sect-Defensive_Coding-C-Libc-strncpy.html
@@ -1,5 +1,5 @@
<?xml version="1.0" encoding="UTF-8" standalone="no"?>
-<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd"><html xmlns="http://www.w3.org/1999/xhtml"><head><meta http-equiv="Content-Type" content="text/html; charset=UTF-8" /><title>1.2.3.3. strncpy</title><link rel="stylesheet" type="text/css" href="Common_Content/css/default.css" /><link rel="stylesheet" media="print" href="Common_Content/css/print.css" type="text/css" /><meta name="generator" content="publican 2.8" /><meta name="package" content="Fedora_Security_Team-Defensive_Coding-1-en-US--" /><script type="text/javascript" src="../../../../../toc.js"></script><script type="text/javascript">
+<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd"><html xmlns="http://www.w3.org/1999/xhtml"><head><meta http-equiv="Content-Type" content="text/html; charset=UTF-8" /><title>1.2.3.3. strncpy</title><link rel="stylesheet" type="text/css" href="Common_Content/css/default.css" /><link rel="stylesheet" media="print" href="Common_Content/css/print.css" type="text/css" /><meta name="generator" content="publican 2.8" /><meta name="package" content="Fedora_Security_Team-Defensive_Coding-1-en-US-1-1" /><script type="text/javascript" src="../../../../../toc.js"></script><script type="text/javascript">
addID('Fedora_Security_Team');
addID('Fedora_Security_Team.1');
@@ -16,5 +16,5 @@ buf[<span class="perl_Keyword">sizeof</span>(buf) - <span class="perl_Float">1</
Another approach uses the <code class="function">strncat</code> function for this purpose:
</div><div class="informalexample"><pre xml:lang="en-US" class="programlisting" lang="en-US">
buf[0] = '\0';
-strncpy(buf, data, <span class="perl_Keyword">sizeof</span>(buf) - <span class="perl_Float">1</span>);
+strncat(buf, data, <span class="perl_Keyword">sizeof</span>(buf) - <span class="perl_Float">1</span>);
</pre></div></div><ul class="docnav"><li class="previous"><a accesskey="p" href="sect-Defensive_Coding-C-Libc-vsnprintf.html"><strong>Prev</strong>1.2.3.2. vsnprintf and format strings</a></li><li class="up"><a accesskey="u" href="#"><strong>Up</strong></a></li><li class="home"><a accesskey="h" href="index.html"><strong>Home</strong></a></li><li class="next"><a accesskey="n" href="sect-Defensive_Coding-C-Libc-strncat.html"><strong>Next</strong>1.2.3.4. strncat</a></li></ul></body></html>
\ No newline at end of file
diff --git a/public_html/en-US/Fedora_Security_Team/1/html/Defensive_Coding/sect-Defensive_Coding-C-Libc-vsnprintf.html b/public_html/en-US/Fedora_Security_Team/1/html/Defensive_Coding/sect-Defensive_Coding-C-Libc-vsnprintf.html
index 9f0a672..17d7d3d 100644
--- a/public_html/en-US/Fedora_Security_Team/1/html/Defensive_Coding/sect-Defensive_Coding-C-Libc-vsnprintf.html
+++ b/public_html/en-US/Fedora_Security_Team/1/html/Defensive_Coding/sect-Defensive_Coding-C-Libc-vsnprintf.html
@@ -1,5 +1,5 @@
<?xml version="1.0" encoding="UTF-8" standalone="no"?>
-<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd"><html xmlns="http://www.w3.org/1999/xhtml"><head><meta http-equiv="Content-Type" content="text/html; charset=UTF-8" /><title>1.2.3.2. vsnprintf and format strings</title><link rel="stylesheet" type="text/css" href="Common_Content/css/default.css" /><link rel="stylesheet" media="print" href="Common_Content/css/print.css" type="text/css" /><meta name="generator" content="publican 2.8" /><meta name="package" content="Fedora_Security_Team-Defensive_Coding-1-en-US--" /><script type="text/javascript" src="../../../../../toc.js"></script><script type="text/javascript">
+<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd"><html xmlns="http://www.w3.org/1999/xhtml"><head><meta http-equiv="Content-Type" content="text/html; charset=UTF-8" /><title>1.2.3.2. vsnprintf and format strings</title><link rel="stylesheet" type="text/css" href="Common_Content/css/default.css" /><link rel="stylesheet" media="print" href="Common_Content/css/print.css" type="text/css" /><meta name="generator" content="publican 2.8" /><meta name="package" content="Fedora_Security_Team-Defensive_Coding-1-en-US-1-1" /><script type="text/javascript" src="../../../../../toc.js"></script><script type="text/javascript">
addID('Fedora_Security_Team');
addID('Fedora_Security_Team.1');
@@ -7,8 +7,8 @@
addID('Fedora_Security_Team.1.books');
addID('Fedora_Security_Team.1.Defensive_Coding');
</script><link rel="home" href="index.html" title="Defensive Coding" /><link rel="up" href="sect-Defensive_Coding-C-String-Functions-Length.html" title="1.2.3. String Functions With Explicit Length Arguments" /><link rel="prev" href="sect-Defensive_Coding-C-String-Functions-Length.html" title="1.2.3. String Functions With Explicit Length Arguments" /><link rel="next" href="sect-Defensive_Coding-C-Libc-strncpy.html" title="1.2.3.3. strncpy" /></head><body class="toc_embeded "><div id="tocdiv" class="toc"><iframe id="tocframe" class="toc" src="../../../../toc.html">This is an iframe, to view it upgrade your browser or enable iframe display.</iframe></div><p id="title"><a class="left" href="http://www.fedoraproject.org"><img src="Common_Content/images/image_left.png" alt="Product Site" /></a><a class="right" href="http://docs.fedoraproject.org"><img src="Common_Content/images/image_right.png" alt="Documentation Site" /></a></p><ul class="docnav"><li class="prev
ious"><a accesskey="p" href="sect-Defensive_Coding-C-String-Functions-Length.html"><strong>Prev</strong></a></li><li class="next"><a accesskey="n" href="sect-Defensive_Coding-C-Libc-strncpy.html"><strong>Next</strong></a></li></ul><div class="section" id="sect-Defensive_Coding-C-Libc-vsnprintf"><div class="titlepage"><div><div keep-together.within-column="always"><h4 class="title">1.2.3.2. <code class="literal">vsnprintf</code> and format strings</h4></div></div></div><div class="para">
- If you use <code class="function">vsnprintf</code> (or <code class="function">vasprintf</code> or even <code class="function">snprintf</code>) with a format string which is not a constant, but a function argument, it is important to annotate the function with a <code class="literal">format</code> function attribute, so that GCC can warn about misuse of your function (see <a class="xref" href="sect-Defensive_Coding-C-Libc-vsnprintf.html#ex-Defensive_Coding-C-String-Functions-format-Attribute">Example 1.5, “The <code class="literal">format</code> function attribute”</a>).
- </div><div class="example" id="ex-Defensive_Coding-C-String-Functions-format-Attribute"><h6>Example 1.5. The <code class="literal">format</code> function attribute</h6><div class="example-contents"><pre xml:lang="en-US" class="programlisting" lang="en-US">
+ If you use <code class="function">vsnprintf</code> (or <code class="function">vasprintf</code> or even <code class="function">snprintf</code>) with a format string which is not a constant, but a function argument, it is important to annotate the function with a <code class="literal">format</code> function attribute, so that GCC can warn about misuse of your function (see <a class="xref" href="sect-Defensive_Coding-C-Libc-vsnprintf.html#ex-Defensive_Coding-C-String-Functions-format-Attribute">Example 1.7, “The <code class="literal">format</code> function attribute”</a>).
+ </div><div class="example" id="ex-Defensive_Coding-C-String-Functions-format-Attribute"><h6>Example 1.7. The <code class="literal">format</code> function attribute</h6><div class="example-contents"><pre xml:lang="en-US" class="programlisting" lang="en-US">
<span class="perl_DataType">void</span> log_format(<span class="perl_DataType">const</span> <span class="perl_DataType">char</span> *format, ...) __attribute__((format(printf, <span class="perl_Float">1</span>, <span class="perl_Float">2</span>)));
<span class="perl_DataType">void</span>
diff --git a/public_html/en-US/Fedora_Security_Team/1/html/Defensive_Coding/sect-Defensive_Coding-C-Libc.html b/public_html/en-US/Fedora_Security_Team/1/html/Defensive_Coding/sect-Defensive_Coding-C-Libc.html
index a71dbfb..c26c35b 100644
--- a/public_html/en-US/Fedora_Security_Team/1/html/Defensive_Coding/sect-Defensive_Coding-C-Libc.html
+++ b/public_html/en-US/Fedora_Security_Team/1/html/Defensive_Coding/sect-Defensive_Coding-C-Libc.html
@@ -1,5 +1,5 @@
<?xml version="1.0" encoding="UTF-8" standalone="no"?>
-<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd"><html xmlns="http://www.w3.org/1999/xhtml"><head><meta http-equiv="Content-Type" content="text/html; charset=UTF-8" /><title>1.2. The C standard library</title><link rel="stylesheet" type="text/css" href="Common_Content/css/default.css" /><link rel="stylesheet" media="print" href="Common_Content/css/print.css" type="text/css" /><meta name="generator" content="publican 2.8" /><meta name="package" content="Fedora_Security_Team-Defensive_Coding-1-en-US--" /><script type="text/javascript" src="../../../../../toc.js"></script><script type="text/javascript">
+<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd"><html xmlns="http://www.w3.org/1999/xhtml"><head><meta http-equiv="Content-Type" content="text/html; charset=UTF-8" /><title>1.2. The C standard library</title><link rel="stylesheet" type="text/css" href="Common_Content/css/default.css" /><link rel="stylesheet" media="print" href="Common_Content/css/print.css" type="text/css" /><meta name="generator" content="publican 2.8" /><meta name="package" content="Fedora_Security_Team-Defensive_Coding-1-en-US-1-1" /><script type="text/javascript" src="../../../../../toc.js"></script><script type="text/javascript">
addID('Fedora_Security_Team');
addID('Fedora_Security_Team.1');
diff --git a/public_html/en-US/Fedora_Security_Team/1/html/Defensive_Coding/sect-Defensive_Coding-C-Other.html b/public_html/en-US/Fedora_Security_Team/1/html/Defensive_Coding/sect-Defensive_Coding-C-Other.html
index 2a671c0..7d39378 100644
--- a/public_html/en-US/Fedora_Security_Team/1/html/Defensive_Coding/sect-Defensive_Coding-C-Other.html
+++ b/public_html/en-US/Fedora_Security_Team/1/html/Defensive_Coding/sect-Defensive_Coding-C-Other.html
@@ -1,5 +1,5 @@
<?xml version="1.0" encoding="UTF-8" standalone="no"?>
-<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd"><html xmlns="http://www.w3.org/1999/xhtml"><head><meta http-equiv="Content-Type" content="text/html; charset=UTF-8" /><title>1.4. Other C-related topics</title><link rel="stylesheet" type="text/css" href="Common_Content/css/default.css" /><link rel="stylesheet" media="print" href="Common_Content/css/print.css" type="text/css" /><meta name="generator" content="publican 2.8" /><meta name="package" content="Fedora_Security_Team-Defensive_Coding-1-en-US--" /><script type="text/javascript" src="../../../../../toc.js"></script><script type="text/javascript">
+<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd"><html xmlns="http://www.w3.org/1999/xhtml"><head><meta http-equiv="Content-Type" content="text/html; charset=UTF-8" /><title>1.4. Other C-related topics</title><link rel="stylesheet" type="text/css" href="Common_Content/css/default.css" /><link rel="stylesheet" media="print" href="Common_Content/css/print.css" type="text/css" /><meta name="generator" content="publican 2.8" /><meta name="package" content="Fedora_Security_Team-Defensive_Coding-1-en-US-1-1" /><script type="text/javascript" src="../../../../../toc.js"></script><script type="text/javascript">
addID('Fedora_Security_Team');
addID('Fedora_Security_Team.1');
@@ -13,7 +13,7 @@
</div><div class="para">
At the minimum, you should apply these attributes:
</div><div class="itemizedlist"><ul><li class="listitem"><div class="para">
- If you wrap function which accepts are GCC-recognized format string (for example, a <code class="function">printf</code>-style function used for logging), you should add a suitable <code class="literal">format</code> attribute, as in <a class="xref" href="sect-Defensive_Coding-C-Libc-vsnprintf.html#ex-Defensive_Coding-C-String-Functions-format-Attribute">Example 1.5, “The <code class="literal">format</code> function attribute”</a>.
+ If you wrap function which accepts are GCC-recognized format string (for example, a <code class="function">printf</code>-style function used for logging), you should add a suitable <code class="literal">format</code> attribute, as in <a class="xref" href="sect-Defensive_Coding-C-Libc-vsnprintf.html#ex-Defensive_Coding-C-String-Functions-format-Attribute">Example 1.7, “The <code class="literal">format</code> function attribute”</a>.
</div></li><li class="listitem"><div class="para">
If you wrap a function which carries a <code class="literal">warn_unused_result</code> attribute and you propagate its return value, your wrapper should be declared with <code class="literal">warn_unused_result</code> as well.
</div></li><li class="listitem"><div class="para">
diff --git a/public_html/en-US/Fedora_Security_Team/1/html/Defensive_Coding/sect-Defensive_Coding-C-String-Functions-Length.html b/public_html/en-US/Fedora_Security_Team/1/html/Defensive_Coding/sect-Defensive_Coding-C-String-Functions-Length.html
index 4dff84b..2a37448 100644
--- a/public_html/en-US/Fedora_Security_Team/1/html/Defensive_Coding/sect-Defensive_Coding-C-String-Functions-Length.html
+++ b/public_html/en-US/Fedora_Security_Team/1/html/Defensive_Coding/sect-Defensive_Coding-C-String-Functions-Length.html
@@ -1,5 +1,5 @@
<?xml version="1.0" encoding="UTF-8" standalone="no"?>
-<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd"><html xmlns="http://www.w3.org/1999/xhtml"><head><meta http-equiv="Content-Type" content="text/html; charset=UTF-8" /><title>1.2.3. String Functions With Explicit Length Arguments</title><link rel="stylesheet" type="text/css" href="Common_Content/css/default.css" /><link rel="stylesheet" media="print" href="Common_Content/css/print.css" type="text/css" /><meta name="generator" content="publican 2.8" /><meta name="package" content="Fedora_Security_Team-Defensive_Coding-1-en-US--" /><script type="text/javascript" src="../../../../../toc.js"></script><script type="text/javascript">
+<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd"><html xmlns="http://www.w3.org/1999/xhtml"><head><meta http-equiv="Content-Type" content="text/html; charset=UTF-8" /><title>1.2.3. String Functions With Explicit Length Arguments</title><link rel="stylesheet" type="text/css" href="Common_Content/css/default.css" /><link rel="stylesheet" media="print" href="Common_Content/css/print.css" type="text/css" /><meta name="generator" content="publican 2.8" /><meta name="package" content="Fedora_Security_Team-Defensive_Coding-1-en-US-1-1" /><script type="text/javascript" src="../../../../../toc.js"></script><script type="text/javascript">
addID('Fedora_Security_Team');
addID('Fedora_Security_Team.1');
@@ -16,8 +16,8 @@ snprintf(fraction, <span class="perl_Keyword">sizeof</span>(fraction), <span cla
</pre></div><div class="para">
The second argument to the <code class="function">snprintf</code> call should always be the size of the buffer in the first argument (which should be a character array). Elaborate pointer and length arithmetic can introduce errors and nullify the security benefits of <code class="function">snprintf</code>.
</div><div class="para">
- In particular, <code class="literal">snprintf</code> is not well-suited to constructing a string iteratively, by appending to an existing buffer. <code class="function">snprintf</code> returns one of two values, <code class="literal">-1</code> on errors, or the number of characters which <span class="emphasis"><em>would have been written to the buffer if the buffer were large enough</em></span>. This means that adding the result of <code class="function">snprintf</code> to the buffer pointer to skip over the characters just written is incorrect and risky. However, as long as the length argument is not zero, the buffer will remain NUL-terminated. <a class="xref" href="sect-Defensive_Coding-C-String-Functions-Length.html#ex-Defensive_Coding-C-String-Functions-snprintf-incremental">Example 1.4, “Repeatedly writing to a buffer using <code class="function">snprintf</code>”</a> works because <code class="literal">end -current > 0</code> is a loop invariant. After the l
oop, the result string is in the <code class="varname">buf</code> variable.
- </div><div class="example" id="ex-Defensive_Coding-C-String-Functions-snprintf-incremental"><h6>Example 1.4. Repeatedly writing to a buffer using <code class="function">snprintf</code></h6><div class="example-contents"><pre xml:lang="en-US" class="programlisting" lang="en-US">
+ In particular, <code class="literal">snprintf</code> is not well-suited to constructing a string iteratively, by appending to an existing buffer. <code class="function">snprintf</code> returns one of two values, <code class="literal">-1</code> on errors, or the number of characters which <span class="emphasis"><em>would have been written to the buffer if the buffer were large enough</em></span>. This means that adding the result of <code class="function">snprintf</code> to the buffer pointer to skip over the characters just written is incorrect and risky. However, as long as the length argument is not zero, the buffer will remain NUL-terminated. <a class="xref" href="sect-Defensive_Coding-C-String-Functions-Length.html#ex-Defensive_Coding-C-String-Functions-snprintf-incremental">Example 1.6, “Repeatedly writing to a buffer using <code class="function">snprintf</code>”</a> works because <code class="literal">end -current > 0</code> is a loop invariant. After the l
oop, the result string is in the <code class="varname">buf</code> variable.
+ </div><div class="example" id="ex-Defensive_Coding-C-String-Functions-snprintf-incremental"><h6>Example 1.6. Repeatedly writing to a buffer using <code class="function">snprintf</code></h6><div class="example-contents"><pre xml:lang="en-US" class="programlisting" lang="en-US">
<span class="perl_DataType">char</span> buf[<span class="perl_Float">512</span>];
<span class="perl_DataType">char</span> *current = buf;
<span class="perl_DataType">const</span> <span class="perl_DataType">char</span> *<span class="perl_DataType">const</span> end = buf + <span class="perl_Keyword">sizeof</span>(buf);
diff --git a/public_html/en-US/Fedora_Security_Team/1/html/Defensive_Coding/sect-Defensive_Coding-CXX-Std-Iterators.html b/public_html/en-US/Fedora_Security_Team/1/html/Defensive_Coding/sect-Defensive_Coding-CXX-Std-Iterators.html
new file mode 100644
index 0000000..46c7931
--- /dev/null
+++ b/public_html/en-US/Fedora_Security_Team/1/html/Defensive_Coding/sect-Defensive_Coding-CXX-Std-Iterators.html
@@ -0,0 +1,15 @@
+<?xml version="1.0" encoding="UTF-8" standalone="no"?>
+<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd"><html xmlns="http://www.w3.org/1999/xhtml"><head><meta http-equiv="Content-Type" content="text/html; charset=UTF-8" /><title>2.2.4. Iterators</title><link rel="stylesheet" type="text/css" href="Common_Content/css/default.css" /><link rel="stylesheet" media="print" href="Common_Content/css/print.css" type="text/css" /><meta name="generator" content="publican 2.8" /><meta name="package" content="Fedora_Security_Team-Defensive_Coding-1-en-US-1-1" /><script type="text/javascript" src="../../../../../toc.js"></script><script type="text/javascript">
+ addID('Fedora_Security_Team');
+
+ addID('Fedora_Security_Team.1');
+
+ addID('Fedora_Security_Team.1.books');
+ addID('Fedora_Security_Team.1.Defensive_Coding');
+ </script><link rel="home" href="index.html" title="Defensive Coding" /><link rel="up" href="sect-Defensive_Coding-CXX-Std.html" title="2.2. The C++ standard library" /><link rel="prev" href="sect-Defensive_Coding-CXX-Std-Subscript.html" title="2.2.3. Containers and operator[]" /><link rel="next" href="chap-Defensive_Coding-Java.html" title="Chapter 3. The Java Programming Language" /></head><body class="toc_embeded "><div id="tocdiv" class="toc"><iframe id="tocframe" class="toc" src="../../../../toc.html">This is an iframe, to view it upgrade your browser or enable iframe display.</iframe></div><p id="title"><a class="left" href="http://www.fedoraproject.org"><img src="Common_Content/images/image_left.png" alt="Product Site" /></a><a class="right" href="http://docs.fedoraproject.org"><img src="Common_Content/images/image_right.png" alt="Documentation Site" /></a></p><ul class="docnav"><li class="previous"><a accesskey="p" href="sect-Defensive_Coding-CXX-Std
-Subscript.html"><strong>Prev</strong></a></li><li class="next"><a accesskey="n" href="chap-Defensive_Coding-Java.html"><strong>Next</strong></a></li></ul><div class="section" id="sect-Defensive_Coding-CXX-Std-Iterators"><div class="titlepage"><div><div keep-together.within-column="always"><h3 class="title">2.2.4. Iterators</h3></div></div></div><div class="para">
+ Iterators do not perform any bounds checking. Therefore, all functions that work on iterators should accept them in pairs, denoting a range, and make sure that iterators are not moved outside that range. For forward iterators and bidirectional iterators, you need to check for equality before moving the first or last iterator in the range. For random-access iterators, you need to compute the difference before adding or subtracting an offset. It is not possible to perform the operation and check for an invalid operator afterwards.
+ </div><div class="para">
+ Output iterators cannot be compared for equality. Therefore, it is impossible to write code that detects that it has been supplied an output area that is too small, and their use should be avoided.
+ </div><div class="para">
+ These issues make some of the standard library functions difficult to use correctly, see <a class="xref" href="sect-Defensive_Coding-CXX-Std.html#sect-Defensive_Coding-CXX-Std-Functions-Unpaired_Iterators">Section 2.2.1.1, “Unpaired iterators”</a>.
+ </div></div><ul class="docnav"><li class="previous"><a accesskey="p" href="sect-Defensive_Coding-CXX-Std-Subscript.html"><strong>Prev</strong>2.2.3. Containers and operator[]</a></li><li class="up"><a accesskey="u" href="#"><strong>Up</strong></a></li><li class="home"><a accesskey="h" href="index.html"><strong>Home</strong></a></li><li class="next"><a accesskey="n" href="chap-Defensive_Coding-Java.html"><strong>Next</strong>Chapter 3. The Java Programming Language</a></li></ul></body></html>
\ No newline at end of file
diff --git a/public_html/en-US/Fedora_Security_Team/1/html/Defensive_Coding/sect-Defensive_Coding-CXX-Std-String.html b/public_html/en-US/Fedora_Security_Team/1/html/Defensive_Coding/sect-Defensive_Coding-CXX-Std-String.html
new file mode 100644
index 0000000..e2f8580
--- /dev/null
+++ b/public_html/en-US/Fedora_Security_Team/1/html/Defensive_Coding/sect-Defensive_Coding-CXX-Std-String.html
@@ -0,0 +1,23 @@
+<?xml version="1.0" encoding="UTF-8" standalone="no"?>
+<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd"><html xmlns="http://www.w3.org/1999/xhtml"><head><meta http-equiv="Content-Type" content="text/html; charset=UTF-8" /><title>2.2.2. String handling with std::string</title><link rel="stylesheet" type="text/css" href="Common_Content/css/default.css" /><link rel="stylesheet" media="print" href="Common_Content/css/print.css" type="text/css" /><meta name="generator" content="publican 2.8" /><meta name="package" content="Fedora_Security_Team-Defensive_Coding-1-en-US-1-1" /><script type="text/javascript" src="../../../../../toc.js"></script><script type="text/javascript">
+ addID('Fedora_Security_Team');
+
+ addID('Fedora_Security_Team.1');
+
+ addID('Fedora_Security_Team.1.books');
+ addID('Fedora_Security_Team.1.Defensive_Coding');
+ </script><link rel="home" href="index.html" title="Defensive Coding" /><link rel="up" href="sect-Defensive_Coding-CXX-Std.html" title="2.2. The C++ standard library" /><link rel="prev" href="sect-Defensive_Coding-CXX-Std.html" title="2.2. The C++ standard library" /><link rel="next" href="sect-Defensive_Coding-CXX-Std-Subscript.html" title="2.2.3. Containers and operator[]" /></head><body class="toc_embeded "><div id="tocdiv" class="toc"><iframe id="tocframe" class="toc" src="../../../../toc.html">This is an iframe, to view it upgrade your browser or enable iframe display.</iframe></div><p id="title"><a class="left" href="http://www.fedoraproject.org"><img src="Common_Content/images/image_left.png" alt="Product Site" /></a><a class="right" href="http://docs.fedoraproject.org"><img src="Common_Content/images/image_right.png" alt="Documentation Site" /></a></p><ul class="docnav"><li class="previous"><a accesskey="p" href="sect-Defensive_Coding-CXX-Std.html"><s
trong>Prev</strong></a></li><li class="next"><a accesskey="n" href="sect-Defensive_Coding-CXX-Std-Subscript.html"><strong>Next</strong></a></li></ul><div class="section" id="sect-Defensive_Coding-CXX-Std-String"><div class="titlepage"><div><div keep-together.within-column="always"><h3 class="title">2.2.2. String handling with <code class="literal">std::string</code></h3></div></div></div><div class="para">
+ The <code class="literal">std::string</code> class provides a convenient way to handle strings. Unlike C strings, <code class="literal">std::string</code> objects have an explicit length (and can contain embedded NUL characters), and storage for its characters is managed automatically. This section discusses <code class="literal">std::string</code>, but these observations also apply to other instances of the <code class="literal">std::basic_string</code> template.
+ </div><div class="para">
+ The pointer returned by the <code class="function">data()</code> member function does not necessarily point to a NUL-terminated string. To obtain a C-compatible string pointer, use <code class="function">c_str()</code> instead, which adds the NUL terminator.
+ </div><div class="para">
+ The pointers returned by the <code class="function">data()</code> and <code class="function">c_str()</code> functions and iterators are only valid until certain events happen. It is required that the exact <code class="literal">std::string</code> object still exists (even if it was initially created as a copy of another string object). Pointers and iterators are also invalidated when non-const member functions are called, or functions with a non-const reference parameter. The behavior of the GCC implementation deviates from that required by the C++ standard if multiple threads are present. In general, only the first call to a non-const member function after a structural modification of the string (such as appending a character) is invalidating, but this also applies to member function such as the non-const version of <code class="function">begin()</code>, in violation of the C++ standard.
+ </div><div class="para">
+ Particular care is necessary when invoking the <code class="function">c_str()</code> member function on a temporary object. This is convenient for calling C functions, but the pointer will turn invalid as soon as the temporary object is destroyed, which generally happens when the outermost expression enclosing the expression on which <code class="function">c_str()</code> is called completes evaluation. Passing the result of <code class="function">c_str()</code> to a function which does not store or otherwise leak that pointer is safe, though.
+ </div><div class="para">
+ Like with <code class="literal">std::vector</code> and <code class="literal">std::array</code>, subscribing with <code class="literal">operator[]</code> does not perform bounds checks. Use the <code class="function">at(size_type)</code> member function instead. See <a class="xref" href="sect-Defensive_Coding-CXX-Std-Subscript.html">Section 2.2.3, “Containers and <code class="literal">operator[]</code>”</a>. Furthermore, accessing the terminating NUL character using <code class="literal">operator[]</code> is not possible. (In some implementations, the <code class="literal">c_str()</code> member function writes the NUL character on demand.)
+ </div><div class="para">
+ Never write to the pointers returned by <code class="function">data()</code> or <code class="function">c_str()</code> after casting away <code class="literal">const</code>. If you need a C-style writable string, use a <code class="literal">std::vector<char></code> object and its <code class="function">data()</code> member function. In this case, you have to explicitly add the terminating NUL character.
+ </div><div class="para">
+ GCC's implementation of <code class="literal">std::string</code> is currently based on reference counting. It is expected that a future version will remove the reference counting, due to performance and conformance issues. As a result, code that implicitly assumes sharing by holding to pointers or iterators for too long will break, resulting in run-time crashes or worse. On the other hand, non-const iterator-returning functions will no longer give other threads an opportunity for invalidating existing iterators and pointers because iterator invalidation does not depend on sharing of the internal character array object anymore.
+ </div></div><ul class="docnav"><li class="previous"><a accesskey="p" href="sect-Defensive_Coding-CXX-Std.html"><strong>Prev</strong>2.2. The C++ standard library</a></li><li class="up"><a accesskey="u" href="#"><strong>Up</strong></a></li><li class="home"><a accesskey="h" href="index.html"><strong>Home</strong></a></li><li class="next"><a accesskey="n" href="sect-Defensive_Coding-CXX-Std-Subscript.html"><strong>Next</strong>2.2.3. Containers and operator[]</a></li></ul></body></html>
\ No newline at end of file
diff --git a/public_html/en-US/Fedora_Security_Team/1/html/Defensive_Coding/sect-Defensive_Coding-CXX-Std-Subscript.html b/public_html/en-US/Fedora_Security_Team/1/html/Defensive_Coding/sect-Defensive_Coding-CXX-Std-Subscript.html
new file mode 100644
index 0000000..9897107
--- /dev/null
+++ b/public_html/en-US/Fedora_Security_Team/1/html/Defensive_Coding/sect-Defensive_Coding-CXX-Std-Subscript.html
@@ -0,0 +1,15 @@
+<?xml version="1.0" encoding="UTF-8" standalone="no"?>
+<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd"><html xmlns="http://www.w3.org/1999/xhtml"><head><meta http-equiv="Content-Type" content="text/html; charset=UTF-8" /><title>2.2.3. Containers and operator[]</title><link rel="stylesheet" type="text/css" href="Common_Content/css/default.css" /><link rel="stylesheet" media="print" href="Common_Content/css/print.css" type="text/css" /><meta name="generator" content="publican 2.8" /><meta name="package" content="Fedora_Security_Team-Defensive_Coding-1-en-US-1-1" /><script type="text/javascript" src="../../../../../toc.js"></script><script type="text/javascript">
+ addID('Fedora_Security_Team');
+
+ addID('Fedora_Security_Team.1');
+
+ addID('Fedora_Security_Team.1.books');
+ addID('Fedora_Security_Team.1.Defensive_Coding');
+ </script><link rel="home" href="index.html" title="Defensive Coding" /><link rel="up" href="sect-Defensive_Coding-CXX-Std.html" title="2.2. The C++ standard library" /><link rel="prev" href="sect-Defensive_Coding-CXX-Std-String.html" title="2.2.2. String handling with std::string" /><link rel="next" href="sect-Defensive_Coding-CXX-Std-Iterators.html" title="2.2.4. Iterators" /></head><body class="toc_embeded "><div id="tocdiv" class="toc"><iframe id="tocframe" class="toc" src="../../../../toc.html">This is an iframe, to view it upgrade your browser or enable iframe display.</iframe></div><p id="title"><a class="left" href="http://www.fedoraproject.org"><img src="Common_Content/images/image_left.png" alt="Product Site" /></a><a class="right" href="http://docs.fedoraproject.org"><img src="Common_Content/images/image_right.png" alt="Documentation Site" /></a></p><ul class="docnav"><li class="previous"><a accesskey="p" href="sect-Defensive_Coding-CXX-Std-String.
html"><strong>Prev</strong></a></li><li class="next"><a accesskey="n" href="sect-Defensive_Coding-CXX-Std-Iterators.html"><strong>Next</strong></a></li></ul><div class="section" id="sect-Defensive_Coding-CXX-Std-Subscript"><div class="titlepage"><div><div keep-together.within-column="always"><h3 class="title">2.2.3. Containers and <code class="literal">operator[]</code></h3></div></div></div><div class="para">
+ Many sequence containers similar to <code class="literal">std::vector</code> provide both <code class="literal">operator[](size_type)</code> and a member function <code class="literal">at(size_type)</code>. This applies to <code class="literal">std::vector</code> itself, <code class="literal">std::array</code>, <code class="literal">std::string</code> and other instances of <code class="literal">std::basic_string</code>.
+ </div><div class="para">
+ <code class="literal">operator[](size_type)</code> is not required by the standard to perform bounds checking (and the implementation in GCC does not). In contrast, <code class="literal">at(size_type)</code> must perform such a check. Therefore, in code which is not performance-critical, you should prefer <code class="literal">at(size_type)</code> over <code class="literal">operator[](size_type)</code>, even though it is slightly more verbose.
+ </div><div class="para">
+ The <code class="literal">front()</code> and <code class="literal">back()</code> member functions are undefined if a vector object is empty. You can use <code class="literal">vec.at(0)</code> and <code class="literal">vec.at(vec.size() - 1)</code> as checked replacements. For an empty vector, <code class="literal">data()</code> is defined; it returns an arbitrary pointer, but not necessarily the NULL pointer.
+ </div></div><ul class="docnav"><li class="previous"><a accesskey="p" href="sect-Defensive_Coding-CXX-Std-String.html"><strong>Prev</strong>2.2.2. String handling with std::string</a></li><li class="up"><a accesskey="u" href="#"><strong>Up</strong></a></li><li class="home"><a accesskey="h" href="index.html"><strong>Home</strong></a></li><li class="next"><a accesskey="n" href="sect-Defensive_Coding-CXX-Std-Iterators.html"><strong>Next</strong>2.2.4. Iterators</a></li></ul></body></html>
\ No newline at end of file
diff --git a/public_html/en-US/Fedora_Security_Team/1/html/Defensive_Coding/sect-Defensive_Coding-CXX-Std.html b/public_html/en-US/Fedora_Security_Team/1/html/Defensive_Coding/sect-Defensive_Coding-CXX-Std.html
index b1b473e..747b0f3 100644
--- a/public_html/en-US/Fedora_Security_Team/1/html/Defensive_Coding/sect-Defensive_Coding-CXX-Std.html
+++ b/public_html/en-US/Fedora_Security_Team/1/html/Defensive_Coding/sect-Defensive_Coding-CXX-Std.html
@@ -1,15 +1,51 @@
<?xml version="1.0" encoding="UTF-8" standalone="no"?>
-<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd"><html xmlns="http://www.w3.org/1999/xhtml"><head><meta http-equiv="Content-Type" content="text/html; charset=UTF-8" /><title>2.2. The C++ standard library</title><link rel="stylesheet" type="text/css" href="Common_Content/css/default.css" /><link rel="stylesheet" media="print" href="Common_Content/css/print.css" type="text/css" /><meta name="generator" content="publican 2.8" /><meta name="package" content="Fedora_Security_Team-Defensive_Coding-1-en-US--" /><script type="text/javascript" src="../../../../../toc.js"></script><script type="text/javascript">
+<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd"><html xmlns="http://www.w3.org/1999/xhtml"><head><meta http-equiv="Content-Type" content="text/html; charset=UTF-8" /><title>2.2. The C++ standard library</title><link rel="stylesheet" type="text/css" href="Common_Content/css/default.css" /><link rel="stylesheet" media="print" href="Common_Content/css/print.css" type="text/css" /><meta name="generator" content="publican 2.8" /><meta name="package" content="Fedora_Security_Team-Defensive_Coding-1-en-US-1-1" /><script type="text/javascript" src="../../../../../toc.js"></script><script type="text/javascript">
addID('Fedora_Security_Team');
addID('Fedora_Security_Team.1');
addID('Fedora_Security_Team.1.books');
addID('Fedora_Security_Team.1.Defensive_Coding');
- </script><link rel="home" href="index.html" title="Defensive Coding" /><link rel="up" href="chap-Defensive_Coding-CXX.html" title="Chapter 2. The C++ Programming Language" /><link rel="prev" href="chap-Defensive_Coding-CXX.html" title="Chapter 2. The C++ Programming Language" /><link rel="next" href="chap-Defensive_Coding-Java.html" title="Chapter 3. The Java Programming Language" /></head><body class="toc_embeded "><div id="tocdiv" class="toc"><iframe id="tocframe" class="toc" src="../../../../toc.html">This is an iframe, to view it upgrade your browser or enable iframe display.</iframe></div><p id="title"><a class="left" href="http://www.fedoraproject.org"><img src="Common_Content/images/image_left.png" alt="Product Site" /></a><a class="right" href="http://docs.fedoraproject.org"><img src="Common_Content/images/image_right.png" alt="Documentation Site" /></a></p><ul class="docnav"><li class="previous"><a accesskey="p" href="chap-Defensive_Coding-CXX.ht
ml"><strong>Prev</strong></a></li><li class="next"><a accesskey="n" href="chap-Defensive_Coding-Java.html"><strong>Next</strong></a></li></ul><div xml:lang="en-US" class="section" id="sect-Defensive_Coding-CXX-Std" lang="en-US"><div class="titlepage"><div><div keep-together.within-column="always"><h2 class="title">2.2. The C++ standard library</h2></div></div></div><div class="para">
+ </script><link rel="home" href="index.html" title="Defensive Coding" /><link rel="up" href="chap-Defensive_Coding-CXX.html" title="Chapter 2. The C++ Programming Language" /><link rel="prev" href="chap-Defensive_Coding-CXX.html" title="Chapter 2. The C++ Programming Language" /><link rel="next" href="sect-Defensive_Coding-CXX-Std-String.html" title="2.2.2. String handling with std::string" /></head><body class="toc_embeded "><div id="tocdiv" class="toc"><iframe id="tocframe" class="toc" src="../../../../toc.html">This is an iframe, to view it upgrade your browser or enable iframe display.</iframe></div><p id="title"><a class="left" href="http://www.fedoraproject.org"><img src="Common_Content/images/image_left.png" alt="Product Site" /></a><a class="right" href="http://docs.fedoraproject.org"><img src="Common_Content/images/image_right.png" alt="Documentation Site" /></a></p><ul class="docnav"><li class="previous"><a accesskey="p" href="chap-Defensive_Codin
g-CXX.html"><strong>Prev</strong></a></li><li class="next"><a accesskey="n" href="sect-Defensive_Coding-CXX-Std-String.html"><strong>Next</strong></a></li></ul><div xml:lang="en-US" class="section" id="sect-Defensive_Coding-CXX-Std" lang="en-US"><div class="titlepage"><div><div keep-together.within-column="always"><h2 class="title">2.2. The C++ standard library</h2></div></div></div><div class="para">
The C++ standard library includes most of its C counterpart by reference, see <a class="xref" href="sect-Defensive_Coding-C-Libc.html">Section 1.2, “The C standard library”</a>.
- </div><div class="section" id="idm217623779280"><div class="titlepage"><div><div keep-together.within-column="always"><h3 class="title" id="idm217623779280">2.2.1. Containers and <code class="literal">operator[]</code></h3></div></div></div><div class="para">
- Many containers similar to <code class="literal">std::vector</code> provide both <code class="literal">operator[](size_type)</code> and a member function <code class="literal">at(size_type)</code>. This applies to <code class="literal">std::vector</code> itself, <code class="literal">std::array</code>, <code class="literal">std::string</code> and other instances of <code class="literal">std::basic_string</code>.
- </div><div class="para">
- <code class="literal">operator[](size_type)</code> is not required by the standard to perform bounds checking (and the implementation in GCC does not). In contrast, <code class="literal">at(size_type)</code> must perform such a check. Therefore, in code which is not performance-critical, you should prefer <code class="literal">at(size_type)</code> over <code class="literal">operator[](size_type)</code>, even though it is slightly more verbose.
- </div></div></div><ul class="docnav"><li class="previous"><a accesskey="p" href="chap-Defensive_Coding-CXX.html"><strong>Prev</strong>Chapter 2. The C++ Programming Language</a></li><li class="up"><a accesskey="u" href="#"><strong>Up</strong></a></li><li class="home"><a accesskey="h" href="index.html"><strong>Home</strong></a></li><li class="next"><a accesskey="n" href="chap-Defensive_Coding-Java.html"><strong>Next</strong>Chapter 3. The Java Programming Language</a></li></ul></body></html>
\ No newline at end of file
+ </div><div class="section" id="sect-Defensive_Coding-CXX-Std-Functions"><div class="titlepage"><div><div keep-together.within-column="always"><h3 class="title">2.2.1. Functions that are difficult to use</h3></div></div></div><div class="para">
+ This section collects functions and function templates which are part of the standard library and are difficult to use.
+ </div><div class="section" id="sect-Defensive_Coding-CXX-Std-Functions-Unpaired_Iterators"><div class="titlepage"><div><div keep-together.within-column="always"><h4 class="title">2.2.1.1. Unpaired iterators</h4></div></div></div><div class="para">
+ Functions which use output operators or iterators which do not come in pairs (denoting ranges) cannot perform iterator range checking. (See <a class="xref" href="sect-Defensive_Coding-CXX-Std-Iterators.html">Section 2.2.4, “Iterators”</a>) Function templates which involve output iterators are particularly dangerous:
+ </div><div class="itemizedlist"><ul><li class="listitem"><div class="para">
+ <code class="function">std::copy</code>
+ </div></li><li class="listitem"><div class="para">
+ <code class="function">std::copy_backward</code>
+ </div></li><li class="listitem"><div class="para">
+ <code class="function">std::copy_if</code>
+ </div></li><li class="listitem"><div class="para">
+ <code class="function">std::move</code> (three-argument variant)
+ </div></li><li class="listitem"><div class="para">
+ <code class="function">std::move_backward</code>
+ </div></li><li class="listitem"><div class="para">
+ <code class="function">std::partition_copy_if</code>
+ </div></li><li class="listitem"><div class="para">
+ <code class="function">std::remove_copy</code>
+ </div></li><li class="listitem"><div class="para">
+ <code class="function">std::remove_copy_if</code>
+ </div></li><li class="listitem"><div class="para">
+ <code class="function">std::replace_copy</code>
+ </div></li><li class="listitem"><div class="para">
+ <code class="function">std::replace_copy_if</code>
+ </div></li><li class="listitem"><div class="para">
+ <code class="function">std::swap_ranges</code>
+ </div></li><li class="listitem"><div class="para">
+ <code class="function">std::transform</code>
+ </div></li></ul></div><div class="para">
+ In addition, <code class="function">std::copy_n</code>, <code class="function">std::fill_n</code> and <code class="function">std::generate_n</code> do not perform iterator checking, either, but there is an explicit count which has to be supplied by the caller, as opposed to an implicit length indicator in the form of a pair of forward iterators.
+ </div><div class="para">
+ These output-iterator-expecting functions should only be used with unlimited-range output iterators, such as iterators obtained with the <code class="function">std::back_inserter</code> function.
+ </div><div class="para">
+ Other functions use single input or forward iterators, which can read beyond the end of the input range if the caller is not careful:
+ </div><div class="itemizedlist"><ul><li class="listitem"><div class="para">
+ <code class="function">std::equal</code>
+ </div></li><li class="listitem"><div class="para">
+ <code class="function">std::is_permutation</code>
+ </div></li><li class="listitem"><div class="para">
+ <code class="function">std::mismatch</code>
+ </div></li></ul></div></div></div></div><ul class="docnav"><li class="previous"><a accesskey="p" href="chap-Defensive_Coding-CXX.html"><strong>Prev</strong>Chapter 2. The C++ Programming Language</a></li><li class="up"><a accesskey="u" href="#"><strong>Up</strong></a></li><li class="home"><a accesskey="h" href="index.html"><strong>Home</strong></a></li><li class="next"><a accesskey="n" href="sect-Defensive_Coding-CXX-Std-String.html"><strong>Next</strong>2.2.2. String handling with std::string</a></li></ul></body></html>
\ No newline at end of file
diff --git a/public_html/en-US/Fedora_Security_Team/1/html/Defensive_Coding/sect-Defensive_Coding-Java-JNI.html b/public_html/en-US/Fedora_Security_Team/1/html/Defensive_Coding/sect-Defensive_Coding-Java-JNI.html
index 7a19b4d..6f5a992 100644
--- a/public_html/en-US/Fedora_Security_Team/1/html/Defensive_Coding/sect-Defensive_Coding-Java-JNI.html
+++ b/public_html/en-US/Fedora_Security_Team/1/html/Defensive_Coding/sect-Defensive_Coding-Java-JNI.html
@@ -1,5 +1,5 @@
<?xml version="1.0" encoding="UTF-8" standalone="no"?>
-<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd"><html xmlns="http://www.w3.org/1999/xhtml"><head><meta http-equiv="Content-Type" content="text/html; charset=UTF-8" /><title>3.2.2. Java Native Interface (JNI)</title><link rel="stylesheet" type="text/css" href="Common_Content/css/default.css" /><link rel="stylesheet" media="print" href="Common_Content/css/print.css" type="text/css" /><meta name="generator" content="publican 2.8" /><meta name="package" content="Fedora_Security_Team-Defensive_Coding-1-en-US--" /><script type="text/javascript" src="../../../../../toc.js"></script><script type="text/javascript">
+<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd"><html xmlns="http://www.w3.org/1999/xhtml"><head><meta http-equiv="Content-Type" content="text/html; charset=UTF-8" /><title>3.2.2. Java Native Interface (JNI)</title><link rel="stylesheet" type="text/css" href="Common_Content/css/default.css" /><link rel="stylesheet" media="print" href="Common_Content/css/print.css" type="text/css" /><meta name="generator" content="publican 2.8" /><meta name="package" content="Fedora_Security_Team-Defensive_Coding-1-en-US-1-1" /><script type="text/javascript" src="../../../../../toc.js"></script><script type="text/javascript">
addID('Fedora_Security_Team');
addID('Fedora_Security_Team.1');
diff --git a/public_html/en-US/Fedora_Security_Team/1/html/Defensive_Coding/sect-Defensive_Coding-Java-LowLevel.html b/public_html/en-US/Fedora_Security_Team/1/html/Defensive_Coding/sect-Defensive_Coding-Java-LowLevel.html
index 41ee17c..062da90 100644
--- a/public_html/en-US/Fedora_Security_Team/1/html/Defensive_Coding/sect-Defensive_Coding-Java-LowLevel.html
+++ b/public_html/en-US/Fedora_Security_Team/1/html/Defensive_Coding/sect-Defensive_Coding-Java-LowLevel.html
@@ -1,5 +1,5 @@
<?xml version="1.0" encoding="UTF-8" standalone="no"?>
-<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd"><html xmlns="http://www.w3.org/1999/xhtml"><head><meta http-equiv="Content-Type" content="text/html; charset=UTF-8" /><title>3.2. Low-level features of the virtual machine</title><link rel="stylesheet" type="text/css" href="Common_Content/css/default.css" /><link rel="stylesheet" media="print" href="Common_Content/css/print.css" type="text/css" /><meta name="generator" content="publican 2.8" /><meta name="package" content="Fedora_Security_Team-Defensive_Coding-1-en-US--" /><script type="text/javascript" src="../../../../../toc.js"></script><script type="text/javascript">
+<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd"><html xmlns="http://www.w3.org/1999/xhtml"><head><meta http-equiv="Content-Type" content="text/html; charset=UTF-8" /><title>3.2. Low-level features of the virtual machine</title><link rel="stylesheet" type="text/css" href="Common_Content/css/default.css" /><link rel="stylesheet" media="print" href="Common_Content/css/print.css" type="text/css" /><meta name="generator" content="publican 2.8" /><meta name="package" content="Fedora_Security_Team-Defensive_Coding-1-en-US-1-1" /><script type="text/javascript" src="../../../../../toc.js"></script><script type="text/javascript">
addID('Fedora_Security_Team');
addID('Fedora_Security_Team.1');
diff --git a/public_html/en-US/Fedora_Security_Team/1/html/Defensive_Coding/sect-Defensive_Coding-Java-MiscUnsafe.html b/public_html/en-US/Fedora_Security_Team/1/html/Defensive_Coding/sect-Defensive_Coding-Java-MiscUnsafe.html
index 3bc0c67..82dfec9 100644
--- a/public_html/en-US/Fedora_Security_Team/1/html/Defensive_Coding/sect-Defensive_Coding-Java-MiscUnsafe.html
+++ b/public_html/en-US/Fedora_Security_Team/1/html/Defensive_Coding/sect-Defensive_Coding-Java-MiscUnsafe.html
@@ -1,5 +1,5 @@
<?xml version="1.0" encoding="UTF-8" standalone="no"?>
-<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd"><html xmlns="http://www.w3.org/1999/xhtml"><head><meta http-equiv="Content-Type" content="text/html; charset=UTF-8" /><title>3.2.3. sun.misc.Unsafe</title><link rel="stylesheet" type="text/css" href="Common_Content/css/default.css" /><link rel="stylesheet" media="print" href="Common_Content/css/print.css" type="text/css" /><meta name="generator" content="publican 2.8" /><meta name="package" content="Fedora_Security_Team-Defensive_Coding-1-en-US--" /><script type="text/javascript" src="../../../../../toc.js"></script><script type="text/javascript">
+<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd"><html xmlns="http://www.w3.org/1999/xhtml"><head><meta http-equiv="Content-Type" content="text/html; charset=UTF-8" /><title>3.2.3. sun.misc.Unsafe</title><link rel="stylesheet" type="text/css" href="Common_Content/css/default.css" /><link rel="stylesheet" media="print" href="Common_Content/css/print.css" type="text/css" /><meta name="generator" content="publican 2.8" /><meta name="package" content="Fedora_Security_Team-Defensive_Coding-1-en-US-1-1" /><script type="text/javascript" src="../../../../../toc.js"></script><script type="text/javascript">
addID('Fedora_Security_Team');
addID('Fedora_Security_Team.1');
diff --git a/public_html/en-US/Fedora_Security_Team/1/html/Defensive_Coding/sect-Defensive_Coding-Java-SecurityManager-Activate.html b/public_html/en-US/Fedora_Security_Team/1/html/Defensive_Coding/sect-Defensive_Coding-Java-SecurityManager-Activate.html
index d5934f8..795312f 100644
--- a/public_html/en-US/Fedora_Security_Team/1/html/Defensive_Coding/sect-Defensive_Coding-Java-SecurityManager-Activate.html
+++ b/public_html/en-US/Fedora_Security_Team/1/html/Defensive_Coding/sect-Defensive_Coding-Java-SecurityManager-Activate.html
@@ -1,5 +1,5 @@
<?xml version="1.0" encoding="UTF-8" standalone="no"?>
-<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd"><html xmlns="http://www.w3.org/1999/xhtml"><head><meta http-equiv="Content-Type" content="text/html; charset=UTF-8" /><title>3.3.2. Activating the security manager</title><link rel="stylesheet" type="text/css" href="Common_Content/css/default.css" /><link rel="stylesheet" media="print" href="Common_Content/css/print.css" type="text/css" /><meta name="generator" content="publican 2.8" /><meta name="package" content="Fedora_Security_Team-Defensive_Coding-1-en-US--" /><script type="text/javascript" src="../../../../../toc.js"></script><script type="text/javascript">
+<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd"><html xmlns="http://www.w3.org/1999/xhtml"><head><meta http-equiv="Content-Type" content="text/html; charset=UTF-8" /><title>3.3.2. Activating the security manager</title><link rel="stylesheet" type="text/css" href="Common_Content/css/default.css" /><link rel="stylesheet" media="print" href="Common_Content/css/print.css" type="text/css" /><meta name="generator" content="publican 2.8" /><meta name="package" content="Fedora_Security_Team-Defensive_Coding-1-en-US-1-1" /><script type="text/javascript" src="../../../../../toc.js"></script><script type="text/javascript">
addID('Fedora_Security_Team');
addID('Fedora_Security_Team.1');
diff --git a/public_html/en-US/Fedora_Security_Team/1/html/Defensive_Coding/sect-Defensive_Coding-Java-SecurityManager-Privileged.html b/public_html/en-US/Fedora_Security_Team/1/html/Defensive_Coding/sect-Defensive_Coding-Java-SecurityManager-Privileged.html
index d8e1886..3472301 100644
--- a/public_html/en-US/Fedora_Security_Team/1/html/Defensive_Coding/sect-Defensive_Coding-Java-SecurityManager-Privileged.html
+++ b/public_html/en-US/Fedora_Security_Team/1/html/Defensive_Coding/sect-Defensive_Coding-Java-SecurityManager-Privileged.html
@@ -1,5 +1,5 @@
<?xml version="1.0" encoding="UTF-8" standalone="no"?>
-<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd"><html xmlns="http://www.w3.org/1999/xhtml"><head><meta http-equiv="Content-Type" content="text/html; charset=UTF-8" /><title>3.3.4. Re-gaining privileges</title><link rel="stylesheet" type="text/css" href="Common_Content/css/default.css" /><link rel="stylesheet" media="print" href="Common_Content/css/print.css" type="text/css" /><meta name="generator" content="publican 2.8" /><meta name="package" content="Fedora_Security_Team-Defensive_Coding-1-en-US--" /><script type="text/javascript" src="../../../../../toc.js"></script><script type="text/javascript">
+<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd"><html xmlns="http://www.w3.org/1999/xhtml"><head><meta http-equiv="Content-Type" content="text/html; charset=UTF-8" /><title>3.3.4. Re-gaining privileges</title><link rel="stylesheet" type="text/css" href="Common_Content/css/default.css" /><link rel="stylesheet" media="print" href="Common_Content/css/print.css" type="text/css" /><meta name="generator" content="publican 2.8" /><meta name="package" content="Fedora_Security_Team-Defensive_Coding-1-en-US-1-1" /><script type="text/javascript" src="../../../../../toc.js"></script><script type="text/javascript">
addID('Fedora_Security_Team');
addID('Fedora_Security_Team.1');
diff --git a/public_html/en-US/Fedora_Security_Team/1/html/Defensive_Coding/sect-Defensive_Coding-Java-SecurityManager-Unprivileged.html b/public_html/en-US/Fedora_Security_Team/1/html/Defensive_Coding/sect-Defensive_Coding-Java-SecurityManager-Unprivileged.html
index 566cc02..53979ac 100644
--- a/public_html/en-US/Fedora_Security_Team/1/html/Defensive_Coding/sect-Defensive_Coding-Java-SecurityManager-Unprivileged.html
+++ b/public_html/en-US/Fedora_Security_Team/1/html/Defensive_Coding/sect-Defensive_Coding-Java-SecurityManager-Unprivileged.html
@@ -1,5 +1,5 @@
<?xml version="1.0" encoding="UTF-8" standalone="no"?>
-<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd"><html xmlns="http://www.w3.org/1999/xhtml"><head><meta http-equiv="Content-Type" content="text/html; charset=UTF-8" /><title>3.3.3. Reducing trust in code</title><link rel="stylesheet" type="text/css" href="Common_Content/css/default.css" /><link rel="stylesheet" media="print" href="Common_Content/css/print.css" type="text/css" /><meta name="generator" content="publican 2.8" /><meta name="package" content="Fedora_Security_Team-Defensive_Coding-1-en-US--" /><script type="text/javascript" src="../../../../../toc.js"></script><script type="text/javascript">
+<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd"><html xmlns="http://www.w3.org/1999/xhtml"><head><meta http-equiv="Content-Type" content="text/html; charset=UTF-8" /><title>3.3.3. Reducing trust in code</title><link rel="stylesheet" type="text/css" href="Common_Content/css/default.css" /><link rel="stylesheet" media="print" href="Common_Content/css/print.css" type="text/css" /><meta name="generator" content="publican 2.8" /><meta name="package" content="Fedora_Security_Team-Defensive_Coding-1-en-US-1-1" /><script type="text/javascript" src="../../../../../toc.js"></script><script type="text/javascript">
addID('Fedora_Security_Team');
addID('Fedora_Security_Team.1');
diff --git a/public_html/en-US/Fedora_Security_Team/1/html/Defensive_Coding/sect-Defensive_Coding-Java-SecurityManager.html b/public_html/en-US/Fedora_Security_Team/1/html/Defensive_Coding/sect-Defensive_Coding-Java-SecurityManager.html
index 47ff56b..5a9c607 100644
--- a/public_html/en-US/Fedora_Security_Team/1/html/Defensive_Coding/sect-Defensive_Coding-Java-SecurityManager.html
+++ b/public_html/en-US/Fedora_Security_Team/1/html/Defensive_Coding/sect-Defensive_Coding-Java-SecurityManager.html
@@ -1,5 +1,5 @@
<?xml version="1.0" encoding="UTF-8" standalone="no"?>
-<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd"><html xmlns="http://www.w3.org/1999/xhtml"><head><meta http-equiv="Content-Type" content="text/html; charset=UTF-8" /><title>3.3. Interacting with the security manager</title><link rel="stylesheet" type="text/css" href="Common_Content/css/default.css" /><link rel="stylesheet" media="print" href="Common_Content/css/print.css" type="text/css" /><meta name="generator" content="publican 2.8" /><meta name="package" content="Fedora_Security_Team-Defensive_Coding-1-en-US--" /><script type="text/javascript" src="../../../../../toc.js"></script><script type="text/javascript">
+<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd"><html xmlns="http://www.w3.org/1999/xhtml"><head><meta http-equiv="Content-Type" content="text/html; charset=UTF-8" /><title>3.3. Interacting with the security manager</title><link rel="stylesheet" type="text/css" href="Common_Content/css/default.css" /><link rel="stylesheet" media="print" href="Common_Content/css/print.css" type="text/css" /><meta name="generator" content="publican 2.8" /><meta name="package" content="Fedora_Security_Team-Defensive_Coding-1-en-US-1-1" /><script type="text/javascript" src="../../../../../toc.js"></script><script type="text/javascript">
addID('Fedora_Security_Team');
addID('Fedora_Security_Team.1');
diff --git a/public_html/en-US/Fedora_Security_Team/1/html/Defensive_Coding/sect-Defensive_Coding-TLS-Client-GNUTLS.html b/public_html/en-US/Fedora_Security_Team/1/html/Defensive_Coding/sect-Defensive_Coding-TLS-Client-GNUTLS.html
index 00cf506..b185d78 100644
--- a/public_html/en-US/Fedora_Security_Team/1/html/Defensive_Coding/sect-Defensive_Coding-TLS-Client-GNUTLS.html
+++ b/public_html/en-US/Fedora_Security_Team/1/html/Defensive_Coding/sect-Defensive_Coding-TLS-Client-GNUTLS.html
@@ -1,22 +1,22 @@
<?xml version="1.0" encoding="UTF-8" standalone="no"?>
-<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd"><html xmlns="http://www.w3.org/1999/xhtml"><head><meta http-equiv="Content-Type" content="text/html; charset=UTF-8" /><title>13.2.2. Implementation TLS Clients With GNUTLS</title><link rel="stylesheet" type="text/css" href="Common_Content/css/default.css" /><link rel="stylesheet" media="print" href="Common_Content/css/print.css" type="text/css" /><meta name="generator" content="publican 2.8" /><meta name="package" content="Fedora_Security_Team-Defensive_Coding-1-en-US--" /><script type="text/javascript" src="../../../../../toc.js"></script><script type="text/javascript">
+<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd"><html xmlns="http://www.w3.org/1999/xhtml"><head><meta http-equiv="Content-Type" content="text/html; charset=UTF-8" /><title>16.2.2. Implementation TLS Clients With GNUTLS</title><link rel="stylesheet" type="text/css" href="Common_Content/css/default.css" /><link rel="stylesheet" media="print" href="Common_Content/css/print.css" type="text/css" /><meta name="generator" content="publican 2.8" /><meta name="package" content="Fedora_Security_Team-Defensive_Coding-1-en-US-1-1" /><script type="text/javascript" src="../../../../../toc.js"></script><script type="text/javascript">
addID('Fedora_Security_Team');
addID('Fedora_Security_Team.1');
addID('Fedora_Security_Team.1.books');
addID('Fedora_Security_Team.1.Defensive_Coding');
- </script><link rel="home" href="index.html" title="Defensive Coding" /><link rel="up" href="sect-Defensive_Coding-TLS-Client.html" title="13.2. TLS Clients" /><link rel="prev" href="sect-Defensive_Coding-TLS-Client.html" title="13.2. TLS Clients" /><link rel="next" href="sect-Defensive_Coding-TLS-Client-OpenJDK.html" title="13.2.3. Implementing TLS Clients With OpenJDK" /></head><body class="toc_embeded "><div id="tocdiv" class="toc"><iframe id="tocframe" class="toc" src="../../../../toc.html">This is an iframe, to view it upgrade your browser or enable iframe display.</iframe></div><p id="title"><a class="left" href="http://www.fedoraproject.org"><img src="Common_Content/images/image_left.png" alt="Product Site" /></a><a class="right" href="http://docs.fedoraproject.org"><img src="Common_Content/images/image_right.png" alt="Documentation Site" /></a></p><ul class="docnav"><li class="previous"><a accesskey="p" href="sect-Defensive_Coding-TLS-Client.html"><st
rong>Prev</strong></a></li><li class="next"><a accesskey="n" href="sect-Defensive_Coding-TLS-Client-OpenJDK.html"><strong>Next</strong></a></li></ul><div class="section" id="sect-Defensive_Coding-TLS-Client-GNUTLS"><div class="titlepage"><div><div keep-together.within-column="always"><h3 class="title">13.2.2. Implementation TLS Clients With GNUTLS</h3></div></div></div><div class="para">
+ </script><link rel="home" href="index.html" title="Defensive Coding" /><link rel="up" href="sect-Defensive_Coding-TLS-Client.html" title="16.2. TLS Clients" /><link rel="prev" href="sect-Defensive_Coding-TLS-Client.html" title="16.2. TLS Clients" /><link rel="next" href="sect-Defensive_Coding-TLS-Client-OpenJDK.html" title="16.2.3. Implementing TLS Clients With OpenJDK" /></head><body class="toc_embeded "><div id="tocdiv" class="toc"><iframe id="tocframe" class="toc" src="../../../../toc.html">This is an iframe, to view it upgrade your browser or enable iframe display.</iframe></div><p id="title"><a class="left" href="http://www.fedoraproject.org"><img src="Common_Content/images/image_left.png" alt="Product Site" /></a><a class="right" href="http://docs.fedoraproject.org"><img src="Common_Content/images/image_right.png" alt="Documentation Site" /></a></p><ul class="docnav"><li class="previous"><a accesskey="p" href="sect-Defensive_Coding-TLS-Client.html"><st
rong>Prev</strong></a></li><li class="next"><a accesskey="n" href="sect-Defensive_Coding-TLS-Client-OpenJDK.html"><strong>Next</strong></a></li></ul><div class="section" id="sect-Defensive_Coding-TLS-Client-GNUTLS"><div class="titlepage"><div><div keep-together.within-column="always"><h3 class="title">16.2.2. Implementation TLS Clients With GNUTLS</h3></div></div></div><div class="para">
This section describes how to implement a TLS client with full certificate validation (but without certificate revocation checking). Note that the error handling in is only exploratory and needs to be replaced before production use.
</div><div class="para">
The GNUTLS library needs explicit initialization:
</div><div class="informalexample" id="ex-Defensive_Coding-TLS-GNUTLS-Init"><pre xml:lang="en-US" class="programlisting" lang="en-US">
gnutls_global_init();
</pre></div><div class="para">
- Failing to do so can result in obscure failures in Base64 decoding. See <a class="xref" href="chap-Defensive_Coding-TLS.html#sect-Defensive_Coding-TLS-Pitfalls-GNUTLS">Section 13.1.2, “GNUTLS Pitfalls”</a> for additional aspects of initialization.
+ Failing to do so can result in obscure failures in Base64 decoding. See <a class="xref" href="chap-Defensive_Coding-TLS.html#sect-Defensive_Coding-TLS-Pitfalls-GNUTLS">Section 16.1.2, “GNUTLS Pitfalls”</a> for additional aspects of initialization.
</div><div class="para">
- Before setting up TLS connections, a credentials objects has to be allocated and initialized with the set of trusted root CAs (<a class="xref" href="sect-Defensive_Coding-TLS-Client-GNUTLS.html#ex-Defensive_Coding-TLS-Client-GNUTLS-Credentials">Example 13.9, “Initializing a GNUTLS credentials structure”</a>).
- </div><div class="example" id="ex-Defensive_Coding-TLS-Client-GNUTLS-Credentials"><h6>Example 13.9. Initializing a GNUTLS credentials structure</h6><div class="example-contents"><pre xml:lang="en-US" class="programlisting" lang="en-US">
+ Before setting up TLS connections, a credentials objects has to be allocated and initialized with the set of trusted root CAs (<a class="xref" href="sect-Defensive_Coding-TLS-Client-GNUTLS.html#ex-Defensive_Coding-TLS-Client-GNUTLS-Credentials">Example 16.9, “Initializing a GNUTLS credentials structure”</a>).
+ </div><div class="example" id="ex-Defensive_Coding-TLS-Client-GNUTLS-Credentials"><h6>Example 16.9. Initializing a GNUTLS credentials structure</h6><div class="example-contents"><pre xml:lang="en-US" class="programlisting" lang="en-US">
<span class="perl_Comment">// Load the trusted CA certificates.</span><span class="perl_Comment"></span>
<span class="perl_Comment"></span>gnutls_certificate_credentials_t cred = NULL;
<span class="perl_DataType">int</span> ret = gnutls_certificate_allocate_credentials (&cred);
@@ -47,8 +47,8 @@ gnutls_certificate_free_credentials(cred);
</pre></div><div class="para">
During its lifetime, the credentials object can be used to initialize TLS session objects from multiple threads, provided that it is not changed.
</div><div class="para">
- Once the TCP connection has been established, the Nagle algorithm should be disabled (see <a class="xref" href="chap-Defensive_Coding-TLS.html#ex-Defensive_Coding-TLS-Nagle">Example 13.1, “Deactivating the TCP Nagle algorithm”</a>). After that, the socket can be associated with a new GNUTLS session object. The previously allocated credentials object provides the set of root CAs. The <code class="literal">NORMAL</code> set of cipher suites and protocols provides a reasonable default. Then the TLS handshake must be initiated. This is shown in <a class="xref" href="sect-Defensive_Coding-TLS-Client-GNUTLS.html#ex-Defensive_Coding-TLS-Client-GNUTLS-Connect">Example 13.10, “Establishing a TLS client connection using GNUTLS”</a>.
- </div><div class="example" id="ex-Defensive_Coding-TLS-Client-GNUTLS-Connect"><h6>Example 13.10. Establishing a TLS client connection using GNUTLS</h6><div class="example-contents"><pre xml:lang="en-US" class="programlisting" lang="en-US">
+ Once the TCP connection has been established, the Nagle algorithm should be disabled (see <a class="xref" href="chap-Defensive_Coding-TLS.html#ex-Defensive_Coding-TLS-Nagle">Example 16.1, “Deactivating the TCP Nagle algorithm”</a>). After that, the socket can be associated with a new GNUTLS session object. The previously allocated credentials object provides the set of root CAs. The <code class="literal">NORMAL</code> set of cipher suites and protocols provides a reasonable default. Then the TLS handshake must be initiated. This is shown in <a class="xref" href="sect-Defensive_Coding-TLS-Client-GNUTLS.html#ex-Defensive_Coding-TLS-Client-GNUTLS-Connect">Example 16.10, “Establishing a TLS client connection using GNUTLS”</a>.
+ </div><div class="example" id="ex-Defensive_Coding-TLS-Client-GNUTLS-Connect"><h6>Example 16.10. Establishing a TLS client connection using GNUTLS</h6><div class="example-contents"><pre xml:lang="en-US" class="programlisting" lang="en-US">
<span class="perl_Comment">// Create the session object.</span><span class="perl_Comment"></span>
<span class="perl_Comment"></span>gnutls_session_t session;
ret = gnutls_init(&session, GNUTLS_CLIENT);
@@ -94,8 +94,8 @@ ret = gnutls_server_name_set(session, GNUTLS_NAME_DNS,
exit(<span class="perl_Float">1</span>);
}
</pre></div></div><br class="example-break" /><div class="para">
- After the handshake has been completed, the server certificate needs to be verified (<a class="xref" href="sect-Defensive_Coding-TLS-Client-GNUTLS.html#ex-Defensive_Coding-TLS-Client-GNUTLS-Verify">Example 13.11, “Verifying a server certificate using GNUTLS”</a>). In the example, the user-defined <code class="function">certificate_validity_override</code> function is called if the verification fails, so that a separate, user-specific trust store can be checked. This function call can be omitted if the functionality is not needed.
- </div><div class="example" id="ex-Defensive_Coding-TLS-Client-GNUTLS-Verify"><h6>Example 13.11. Verifying a server certificate using GNUTLS</h6><div class="example-contents"><pre xml:lang="en-US" class="programlisting" lang="en-US">
+ After the handshake has been completed, the server certificate needs to be verified (<a class="xref" href="sect-Defensive_Coding-TLS-Client-GNUTLS.html#ex-Defensive_Coding-TLS-Client-GNUTLS-Verify">Example 16.11, “Verifying a server certificate using GNUTLS”</a>). In the example, the user-defined <code class="function">certificate_validity_override</code> function is called if the verification fails, so that a separate, user-specific trust store can be checked. This function call can be omitted if the functionality is not needed.
+ </div><div class="example" id="ex-Defensive_Coding-TLS-Client-GNUTLS-Verify"><h6>Example 16.11. Verifying a server certificate using GNUTLS</h6><div class="example-contents"><pre xml:lang="en-US" class="programlisting" lang="en-US">
<span class="perl_Comment">// Obtain the server certificate chain. The server certificate</span><span class="perl_Comment"></span>
<span class="perl_Comment"></span><span class="perl_Comment">// itself is stored in the first element of the array.</span><span class="perl_Comment"></span>
<span class="perl_Comment"></span><span class="perl_DataType">unsigned</span> certslen = 0;
@@ -133,8 +133,8 @@ ret = gnutls_certificate_verify_peers2(session, &status);
}
}
</pre></div></div><br class="example-break" /><div class="para">
- In the next step (<a class="xref" href="sect-Defensive_Coding-TLS-Client-GNUTLS.html#ex-Defensive_Coding-TLS-Client-GNUTLS-Match">Example 13.12, “Matching the server host name and certificate in a GNUTLS client”</a>, the certificate must be matched against the host name (note the unusual return value from <code class="function">gnutls_x509_crt_check_hostname</code>). Again, an override function <code class="function">certificate_host_name_override</code> is called. Note that the override must be keyed to the certificate <span class="emphasis"><em>and</em></span> the host name. The function call can be omitted if the override is not needed.
- </div><div class="example" id="ex-Defensive_Coding-TLS-Client-GNUTLS-Match"><h6>Example 13.12. Matching the server host name and certificate in a GNUTLS client</h6><div class="example-contents"><pre xml:lang="en-US" class="programlisting" lang="en-US">
+ In the next step (<a class="xref" href="sect-Defensive_Coding-TLS-Client-GNUTLS.html#ex-Defensive_Coding-TLS-Client-GNUTLS-Match">Example 16.12, “Matching the server host name and certificate in a GNUTLS client”</a>, the certificate must be matched against the host name (note the unusual return value from <code class="function">gnutls_x509_crt_check_hostname</code>). Again, an override function <code class="function">certificate_host_name_override</code> is called. Note that the override must be keyed to the certificate <span class="emphasis"><em>and</em></span> the host name. The function call can be omitted if the override is not needed.
+ </div><div class="example" id="ex-Defensive_Coding-TLS-Client-GNUTLS-Match"><h6>Example 16.12. Matching the server host name and certificate in a GNUTLS client</h6><div class="example-contents"><pre xml:lang="en-US" class="programlisting" lang="en-US">
<span class="perl_Comment">// Match the peer certificate against the host name.</span><span class="perl_Comment"></span>
<span class="perl_Comment"></span><span class="perl_Comment">// We can only obtain a set of DER-encoded certificates from the</span><span class="perl_Comment"></span>
<span class="perl_Comment"></span><span class="perl_Comment">// session object, so we have to re-parse the peer certificate into</span><span class="perl_Comment"></span>
@@ -162,8 +162,8 @@ gnutls_x509_crt_deinit(cert);
</pre></div></div><br class="example-break" /><div class="para">
In newer GNUTLS versions, certificate checking and host name validation can be combined using the <code class="function">gnutls_certificate_verify_peers3</code> function.
</div><div class="para">
- An established TLS session can be used for sending and receiving data, as in <a class="xref" href="sect-Defensive_Coding-TLS-Client-GNUTLS.html#ex-Defensive_Coding-TLS-GNUTLS-Use">Example 13.13, “Using a GNUTLS session”</a>.
- </div><div class="example" id="ex-Defensive_Coding-TLS-GNUTLS-Use"><h6>Example 13.13. Using a GNUTLS session</h6><div class="example-contents"><pre xml:lang="en-US" class="programlisting" lang="en-US">
+ An established TLS session can be used for sending and receiving data, as in <a class="xref" href="sect-Defensive_Coding-TLS-Client-GNUTLS.html#ex-Defensive_Coding-TLS-GNUTLS-Use">Example 16.13, “Using a GNUTLS session”</a>.
+ </div><div class="example" id="ex-Defensive_Coding-TLS-GNUTLS-Use"><h6>Example 16.13. Using a GNUTLS session</h6><div class="example-contents"><pre xml:lang="en-US" class="programlisting" lang="en-US">
<span class="perl_DataType">char</span> buf[4096];
snprintf(buf, <span class="perl_Keyword">sizeof</span>(buf), <span class="perl_String">"GET / HTTP/1.0</span><span class="perl_Char">\r\n</span><span class="perl_String">Host: %s</span><span class="perl_Char">\r\n\r\n</span><span class="perl_String">"</span>, host);
ret = gnutls_record_send(session, buf, strlen(buf));
@@ -177,8 +177,8 @@ ret = gnutls_record_recv(session, buf, <span class="perl_Keyword">sizeof</span>(
exit(<span class="perl_Float">1</span>);
}
</pre></div></div><br class="example-break" /><div class="para">
- In order to shut down a connection in an orderly manner, you should call the <code class="function">gnutls_bye</code> function. Finally, the session object can be deallocated using <code class="function">gnutls_deinit</code> (see <a class="xref" href="sect-Defensive_Coding-TLS-Client-GNUTLS.html#ex-Defensive_Coding-TLS-GNUTLS-Disconnect">Example 13.14, “Using a GNUTLS session”</a>).
- </div><div class="example" id="ex-Defensive_Coding-TLS-GNUTLS-Disconnect"><h6>Example 13.14. Using a GNUTLS session</h6><div class="example-contents"><pre xml:lang="en-US" class="programlisting" lang="en-US">
+ In order to shut down a connection in an orderly manner, you should call the <code class="function">gnutls_bye</code> function. Finally, the session object can be deallocated using <code class="function">gnutls_deinit</code> (see <a class="xref" href="sect-Defensive_Coding-TLS-Client-GNUTLS.html#ex-Defensive_Coding-TLS-GNUTLS-Disconnect">Example 16.14, “Using a GNUTLS session”</a>).
+ </div><div class="example" id="ex-Defensive_Coding-TLS-GNUTLS-Disconnect"><h6>Example 16.14. Using a GNUTLS session</h6><div class="example-contents"><pre xml:lang="en-US" class="programlisting" lang="en-US">
<span class="perl_Comment">// Initiate an orderly connection shutdown.</span><span class="perl_Comment"></span>
<span class="perl_Comment"></span>ret = gnutls_bye(session, GNUTLS_SHUT_RDWR);
<span class="perl_Keyword">if</span> (ret < 0) {
@@ -187,4 +187,4 @@ ret = gnutls_record_recv(session, buf, <span class="perl_Keyword">sizeof</span>(
}
<span class="perl_Comment">// Free the session object.</span><span class="perl_Comment"></span>
<span class="perl_Comment"></span>gnutls_deinit(session);
-</pre></div></div><br class="example-break" /></div><ul class="docnav"><li class="previous"><a accesskey="p" href="sect-Defensive_Coding-TLS-Client.html"><strong>Prev</strong>13.2. TLS Clients</a></li><li class="up"><a accesskey="u" href="#"><strong>Up</strong></a></li><li class="home"><a accesskey="h" href="index.html"><strong>Home</strong></a></li><li class="next"><a accesskey="n" href="sect-Defensive_Coding-TLS-Client-OpenJDK.html"><strong>Next</strong>13.2.3. Implementing TLS Clients With OpenJDK</a></li></ul></body></html>
\ No newline at end of file
+</pre></div></div><br class="example-break" /></div><ul class="docnav"><li class="previous"><a accesskey="p" href="sect-Defensive_Coding-TLS-Client.html"><strong>Prev</strong>16.2. TLS Clients</a></li><li class="up"><a accesskey="u" href="#"><strong>Up</strong></a></li><li class="home"><a accesskey="h" href="index.html"><strong>Home</strong></a></li><li class="next"><a accesskey="n" href="sect-Defensive_Coding-TLS-Client-OpenJDK.html"><strong>Next</strong>16.2.3. Implementing TLS Clients With OpenJDK</a></li></ul></body></html>
\ No newline at end of file
diff --git a/public_html/en-US/Fedora_Security_Team/1/html/Defensive_Coding/sect-Defensive_Coding-TLS-Client-NSS.html b/public_html/en-US/Fedora_Security_Team/1/html/Defensive_Coding/sect-Defensive_Coding-TLS-Client-NSS.html
index 72996f6..e50b019 100644
--- a/public_html/en-US/Fedora_Security_Team/1/html/Defensive_Coding/sect-Defensive_Coding-TLS-Client-NSS.html
+++ b/public_html/en-US/Fedora_Security_Team/1/html/Defensive_Coding/sect-Defensive_Coding-TLS-Client-NSS.html
@@ -1,18 +1,18 @@
<?xml version="1.0" encoding="UTF-8" standalone="no"?>
-<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd"><html xmlns="http://www.w3.org/1999/xhtml"><head><meta http-equiv="Content-Type" content="text/html; charset=UTF-8" /><title>13.2.4. Implementing TLS Clients With NSS</title><link rel="stylesheet" type="text/css" href="Common_Content/css/default.css" /><link rel="stylesheet" media="print" href="Common_Content/css/print.css" type="text/css" /><meta name="generator" content="publican 2.8" /><meta name="package" content="Fedora_Security_Team-Defensive_Coding-1-en-US--" /><script type="text/javascript" src="../../../../../toc.js"></script><script type="text/javascript">
+<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd"><html xmlns="http://www.w3.org/1999/xhtml"><head><meta http-equiv="Content-Type" content="text/html; charset=UTF-8" /><title>16.2.4. Implementing TLS Clients With NSS</title><link rel="stylesheet" type="text/css" href="Common_Content/css/default.css" /><link rel="stylesheet" media="print" href="Common_Content/css/print.css" type="text/css" /><meta name="generator" content="publican 2.8" /><meta name="package" content="Fedora_Security_Team-Defensive_Coding-1-en-US-1-1" /><script type="text/javascript" src="../../../../../toc.js"></script><script type="text/javascript">
addID('Fedora_Security_Team');
addID('Fedora_Security_Team.1');
addID('Fedora_Security_Team.1.books');
addID('Fedora_Security_Team.1.Defensive_Coding');
- </script><link rel="home" href="index.html" title="Defensive Coding" /><link rel="up" href="sect-Defensive_Coding-TLS-Client.html" title="13.2. TLS Clients" /><link rel="prev" href="sect-Defensive_Coding-TLS-Client-OpenJDK.html" title="13.2.3. Implementing TLS Clients With OpenJDK" /><link rel="next" href="sect-Defensive_Coding-TLS-Client-Python.html" title="13.2.5. Implementing TLS Clients With Python" /></head><body class="toc_embeded "><div id="tocdiv" class="toc"><iframe id="tocframe" class="toc" src="../../../../toc.html">This is an iframe, to view it upgrade your browser or enable iframe display.</iframe></div><p id="title"><a class="left" href="http://www.fedoraproject.org"><img src="Common_Content/images/image_left.png" alt="Product Site" /></a><a class="right" href="http://docs.fedoraproject.org"><img src="Common_Content/images/image_right.png" alt="Documentation Site" /></a></p><ul class="docnav"><li class="previous"><a accesskey="p" href="sect-Def
ensive_Coding-TLS-Client-OpenJDK.html"><strong>Prev</strong></a></li><li class="next"><a accesskey="n" href="sect-Defensive_Coding-TLS-Client-Python.html"><strong>Next</strong></a></li></ul><div class="section" id="sect-Defensive_Coding-TLS-Client-NSS"><div class="titlepage"><div><div keep-together.within-column="always"><h3 class="title">13.2.4. Implementing TLS Clients With NSS</h3></div></div></div><div class="para">
+ </script><link rel="home" href="index.html" title="Defensive Coding" /><link rel="up" href="sect-Defensive_Coding-TLS-Client.html" title="16.2. TLS Clients" /><link rel="prev" href="sect-Defensive_Coding-TLS-Client-OpenJDK.html" title="16.2.3. Implementing TLS Clients With OpenJDK" /><link rel="next" href="sect-Defensive_Coding-TLS-Client-Python.html" title="16.2.5. Implementing TLS Clients With Python" /></head><body class="toc_embeded "><div id="tocdiv" class="toc"><iframe id="tocframe" class="toc" src="../../../../toc.html">This is an iframe, to view it upgrade your browser or enable iframe display.</iframe></div><p id="title"><a class="left" href="http://www.fedoraproject.org"><img src="Common_Content/images/image_left.png" alt="Product Site" /></a><a class="right" href="http://docs.fedoraproject.org"><img src="Common_Content/images/image_right.png" alt="Documentation Site" /></a></p><ul class="docnav"><li class="previous"><a accesskey="p" href="sect-Def
ensive_Coding-TLS-Client-OpenJDK.html"><strong>Prev</strong></a></li><li class="next"><a accesskey="n" href="sect-Defensive_Coding-TLS-Client-Python.html"><strong>Next</strong></a></li></ul><div class="section" id="sect-Defensive_Coding-TLS-Client-NSS"><div class="titlepage"><div><div keep-together.within-column="always"><h3 class="title">16.2.4. Implementing TLS Clients With NSS</h3></div></div></div><div class="para">
The following code shows how to implement a simple TLS client using NSS. These instructions apply to NSS version 3.14 and later. Versions before 3.14 need different initialization code.
</div><div class="para">
Keep in mind that the error handling needs to be improved before the code can be used in production.
</div><div class="para">
- Using NSS needs several header files, as shown in <a class="xref" href="sect-Defensive_Coding-TLS-Client-NSS.html#ex-Defensive_Coding-TLS-NSS-Includes">Example 13.21, “Include files for NSS”</a>.
- </div><div class="example" id="ex-Defensive_Coding-TLS-NSS-Includes"><h6>Example 13.21. Include files for NSS</h6><div class="example-contents"><pre xml:lang="en-US" class="programlisting" lang="en-US">
+ Using NSS needs several header files, as shown in <a class="xref" href="sect-Defensive_Coding-TLS-Client-NSS.html#ex-Defensive_Coding-TLS-NSS-Includes">Example 16.21, “Include files for NSS”</a>.
+ </div><div class="example" id="ex-Defensive_Coding-TLS-NSS-Includes"><h6>Example 16.21. Include files for NSS</h6><div class="example-contents"><pre xml:lang="en-US" class="programlisting" lang="en-US">
<span class="perl_Comment">// NSPR include files</span><span class="perl_Comment"></span>
<span class="perl_Comment"></span><span class="perl_Others">#include <prerror.h></span><span class="perl_Others"></span>
<span class="perl_Others"></span><span class="perl_Others">#include <prinit.h></span><span class="perl_Others"></span>
@@ -28,10 +28,10 @@
<span class="perl_Comment"></span><span class="perl_Comment">// NSPR handle.</span><span class="perl_Comment"></span>
<span class="perl_Comment"></span>NSPR_API(PRFileDesc*) PR_ImportTCPSocket(<span class="perl_DataType">int</span>);
</pre></div></div><br class="example-break" /><div class="para">
- Initializing the NSS library is shown in <a class="xref" href="sect-Defensive_Coding-TLS-Client-NSS.html#ex-Defensive_Coding-TLS-NSS-Init">Example 13.22, “Initializing the NSS library”</a>. This initialization procedure overrides global state. We only call <code class="function">NSS_SetDomesticPolicy</code> if there are no strong ciphers available, assuming that it has already been called otherwise. This avoids overriding the process-wide cipher suite policy unnecessarily.
+ Initializing the NSS library is shown in <a class="xref" href="sect-Defensive_Coding-TLS-Client-NSS.html#ex-Defensive_Coding-TLS-NSS-Init">Example 16.22, “Initializing the NSS library”</a>. This initialization procedure overrides global state. We only call <code class="function">NSS_SetDomesticPolicy</code> if there are no strong ciphers available, assuming that it has already been called otherwise. This avoids overriding the process-wide cipher suite policy unnecessarily.
</div><div class="para">
The simplest way to configured the trusted root certificates involves loading the <code class="filename">libnssckbi.so</code> NSS module with a call to the <code class="function">SECMOD_LoadUserModule</code> function. The root certificates are compiled into this module. (The PEM module for NSS, <code class="filename">libnsspem.so</code>, offers a way to load trusted CA certificates from a file.)
- </div><div class="example" id="ex-Defensive_Coding-TLS-NSS-Init"><h6>Example 13.22. Initializing the NSS library</h6><div class="example-contents"><pre xml:lang="en-US" class="programlisting" lang="en-US">
+ </div><div class="example" id="ex-Defensive_Coding-TLS-NSS-Init"><h6>Example 16.22. Initializing the NSS library</h6><div class="example-contents"><pre xml:lang="en-US" class="programlisting" lang="en-US">
PR_Init(PR_USER_THREAD, PR_PRIORITY_NORMAL, 0);
NSSInitContext *<span class="perl_DataType">const</span> ctx =
NSS_InitContext(<span class="perl_String">"sql:/etc/pki/nssdb"</span>, <span class="perl_String">""</span>, <span class="perl_String">""</span>, <span class="perl_String">""</span>, NULL,
@@ -95,12 +95,12 @@ SECMODModule *module = SECMOD_LoadUserModule(module_name, NULL, PR_FALSE);
SECMOD_DestroyModule(module);
NSS_ShutdownContext(ctx);
</pre></div><div class="para">
- After NSS has been initialized, the TLS connection can be created (<a class="xref" href="sect-Defensive_Coding-TLS-Client-NSS.html#ex-Defensive_Coding-TLS-Client-NSS-Connect">Example 13.23, “Creating a TLS connection with NSS”</a>). The internal <code class="function">PR_ImportTCPSocket</code> function is used to turn the POSIX file descriptor <code class="literal">sockfd</code> into an NSPR file descriptor. (This function is de-facto part of the NSS public ABI, so it will not go away.) Creating the TLS-capable file descriptor requires a <span class="emphasis"><em>model</em></span> descriptor, which is configured with the desired set of protocols. The model descriptor is not needed anymore after TLS support has been activated for the existing connection descriptor.
+ After NSS has been initialized, the TLS connection can be created (<a class="xref" href="sect-Defensive_Coding-TLS-Client-NSS.html#ex-Defensive_Coding-TLS-Client-NSS-Connect">Example 16.23, “Creating a TLS connection with NSS”</a>). The internal <code class="function">PR_ImportTCPSocket</code> function is used to turn the POSIX file descriptor <code class="literal">sockfd</code> into an NSPR file descriptor. (This function is de-facto part of the NSS public ABI, so it will not go away.) Creating the TLS-capable file descriptor requires a <span class="emphasis"><em>model</em></span> descriptor, which is configured with the desired set of protocols. The model descriptor is not needed anymore after TLS support has been activated for the existing connection descriptor.
</div><div class="para">
The call to <code class="function">SSL_BadCertHook</code> can be omitted if no mechanism to override certificate verification is needed. The <code class="literal">bad_certificate</code> function must check both the host name specified for the connection and the certificate before granting the override.
</div><div class="para">
Triggering the actual handshake requires three function calls, <code class="function">SSL_ResetHandshake</code>, <code class="function">SSL_SetURL</code>, and <code class="function">SSL_ForceHandshake</code>. (If <code class="function">SSL_ResetHandshake</code> is omitted, <code class="function">SSL_ForceHandshake</code> will succeed, but the data will not be encrypted.) During the handshake, the certificate is verified and matched against the host name.
- </div><div class="example" id="ex-Defensive_Coding-TLS-Client-NSS-Connect"><h6>Example 13.23. Creating a TLS connection with NSS</h6><div class="example-contents"><pre xml:lang="en-US" class="programlisting" lang="en-US">
+ </div><div class="example" id="ex-Defensive_Coding-TLS-Client-NSS-Connect"><h6>Example 16.23. Creating a TLS connection with NSS</h6><div class="example-contents"><pre xml:lang="en-US" class="programlisting" lang="en-US">
<span class="perl_Comment">// Wrap the POSIX file descriptor. This is an internal NSPR</span><span class="perl_Comment"></span>
<span class="perl_Comment"></span><span class="perl_Comment">// function, but it is very unlikely to change.</span><span class="perl_Comment"></span>
<span class="perl_Comment"></span>PRFileDesc* nspr = PR_ImportTCPSocket(sockfd);
@@ -176,8 +176,8 @@ sockfd = <span class="perl_DecVal">-1</span>; <span class="perl_Comment">// Has
exit(<span class="perl_Float">1</span>);
}
</pre></div></div><br class="example-break" /><div class="para">
- After the connection has been established, <a class="xref" href="sect-Defensive_Coding-TLS-Client-NSS.html#ex-Defensive_Coding-TLS-NSS-Use">Example 13.24, “Using NSS for sending and receiving data”</a> shows how to use the NSPR descriptor to communicate with the server.
- </div><div class="example" id="ex-Defensive_Coding-TLS-NSS-Use"><h6>Example 13.24. Using NSS for sending and receiving data</h6><div class="example-contents"><pre xml:lang="en-US" class="programlisting" lang="en-US">
+ After the connection has been established, <a class="xref" href="sect-Defensive_Coding-TLS-Client-NSS.html#ex-Defensive_Coding-TLS-NSS-Use">Example 16.24, “Using NSS for sending and receiving data”</a> shows how to use the NSPR descriptor to communicate with the server.
+ </div><div class="example" id="ex-Defensive_Coding-TLS-NSS-Use"><h6>Example 16.24. Using NSS for sending and receiving data</h6><div class="example-contents"><pre xml:lang="en-US" class="programlisting" lang="en-US">
<span class="perl_DataType">char</span> buf[4096];
snprintf(buf, <span class="perl_Keyword">sizeof</span>(buf), <span class="perl_String">"GET / HTTP/1.0</span><span class="perl_Char">\r\n</span><span class="perl_String">Host: %s</span><span class="perl_Char">\r\n\r\n</span><span class="perl_String">"</span>, host);
PRInt32 ret = PR_Write(nspr, buf, strlen(buf));
@@ -195,8 +195,8 @@ ret = PR_Read(nspr, buf, <span class="perl_Keyword">sizeof</span>(buf));
exit(<span class="perl_Float">1</span>);
}
</pre></div></div><br class="example-break" /><div class="para">
- <a class="xref" href="sect-Defensive_Coding-TLS-Client-NSS.html#ex-Defensive_Coding-TLS-Client-NSS-Close">Example 13.25, “Closing NSS client connections”</a> shows how to close the connection.
- </div><div class="example" id="ex-Defensive_Coding-TLS-Client-NSS-Close"><h6>Example 13.25. Closing NSS client connections</h6><div class="example-contents"><pre xml:lang="en-US" class="programlisting" lang="en-US">
+ <a class="xref" href="sect-Defensive_Coding-TLS-Client-NSS.html#ex-Defensive_Coding-TLS-Client-NSS-Close">Example 16.25, “Closing NSS client connections”</a> shows how to close the connection.
+ </div><div class="example" id="ex-Defensive_Coding-TLS-Client-NSS-Close"><h6>Example 16.25. Closing NSS client connections</h6><div class="example-contents"><pre xml:lang="en-US" class="programlisting" lang="en-US">
<span class="perl_Comment">// Send close_notify alert.</span><span class="perl_Comment"></span>
<span class="perl_Comment"></span><span class="perl_Keyword">if</span> (PR_Shutdown(nspr, PR_SHUTDOWN_BOTH) != PR_SUCCESS) {
<span class="perl_DataType">const</span> PRErrorCode err = PR_GetError();
@@ -206,4 +206,4 @@ ret = PR_Read(nspr, buf, <span class="perl_Keyword">sizeof</span>(buf));
}
<span class="perl_Comment">// Closes the underlying POSIX file descriptor, too.</span><span class="perl_Comment"></span>
<span class="perl_Comment"></span>PR_Close(nspr);
-</pre></div></div><br class="example-break" /></div><ul class="docnav"><li class="previous"><a accesskey="p" href="sect-Defensive_Coding-TLS-Client-OpenJDK.html"><strong>Prev</strong>13.2.3. Implementing TLS Clients With OpenJDK</a></li><li class="up"><a accesskey="u" href="#"><strong>Up</strong></a></li><li class="home"><a accesskey="h" href="index.html"><strong>Home</strong></a></li><li class="next"><a accesskey="n" href="sect-Defensive_Coding-TLS-Client-Python.html"><strong>Next</strong>13.2.5. Implementing TLS Clients With Python</a></li></ul></body></html>
\ No newline at end of file
+</pre></div></div><br class="example-break" /></div><ul class="docnav"><li class="previous"><a accesskey="p" href="sect-Defensive_Coding-TLS-Client-OpenJDK.html"><strong>Prev</strong>16.2.3. Implementing TLS Clients With OpenJDK</a></li><li class="up"><a accesskey="u" href="#"><strong>Up</strong></a></li><li class="home"><a accesskey="h" href="index.html"><strong>Home</strong></a></li><li class="next"><a accesskey="n" href="sect-Defensive_Coding-TLS-Client-Python.html"><strong>Next</strong>16.2.5. Implementing TLS Clients With Python</a></li></ul></body></html>
\ No newline at end of file
diff --git a/public_html/en-US/Fedora_Security_Team/1/html/Defensive_Coding/sect-Defensive_Coding-TLS-Client-OpenJDK.html b/public_html/en-US/Fedora_Security_Team/1/html/Defensive_Coding/sect-Defensive_Coding-TLS-Client-OpenJDK.html
index a7ce20a..f5aaf15 100644
--- a/public_html/en-US/Fedora_Security_Team/1/html/Defensive_Coding/sect-Defensive_Coding-TLS-Client-OpenJDK.html
+++ b/public_html/en-US/Fedora_Security_Team/1/html/Defensive_Coding/sect-Defensive_Coding-TLS-Client-OpenJDK.html
@@ -1,12 +1,12 @@
<?xml version="1.0" encoding="UTF-8" standalone="no"?>
-<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd"><html xmlns="http://www.w3.org/1999/xhtml"><head><meta http-equiv="Content-Type" content="text/html; charset=UTF-8" /><title>13.2.3. Implementing TLS Clients With OpenJDK</title><link rel="stylesheet" type="text/css" href="Common_Content/css/default.css" /><link rel="stylesheet" media="print" href="Common_Content/css/print.css" type="text/css" /><meta name="generator" content="publican 2.8" /><meta name="package" content="Fedora_Security_Team-Defensive_Coding-1-en-US--" /><script type="text/javascript" src="../../../../../toc.js"></script><script type="text/javascript">
+<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd"><html xmlns="http://www.w3.org/1999/xhtml"><head><meta http-equiv="Content-Type" content="text/html; charset=UTF-8" /><title>16.2.3. Implementing TLS Clients With OpenJDK</title><link rel="stylesheet" type="text/css" href="Common_Content/css/default.css" /><link rel="stylesheet" media="print" href="Common_Content/css/print.css" type="text/css" /><meta name="generator" content="publican 2.8" /><meta name="package" content="Fedora_Security_Team-Defensive_Coding-1-en-US-1-1" /><script type="text/javascript" src="../../../../../toc.js"></script><script type="text/javascript">
addID('Fedora_Security_Team');
addID('Fedora_Security_Team.1');
addID('Fedora_Security_Team.1.books');
addID('Fedora_Security_Team.1.Defensive_Coding');
- </script><link rel="home" href="index.html" title="Defensive Coding" /><link rel="up" href="sect-Defensive_Coding-TLS-Client.html" title="13.2. TLS Clients" /><link rel="prev" href="sect-Defensive_Coding-TLS-Client-GNUTLS.html" title="13.2.2. Implementation TLS Clients With GNUTLS" /><link rel="next" href="sect-Defensive_Coding-TLS-Client-NSS.html" title="13.2.4. Implementing TLS Clients With NSS" /></head><body class="toc_embeded "><div id="tocdiv" class="toc"><iframe id="tocframe" class="toc" src="../../../../toc.html">This is an iframe, to view it upgrade your browser or enable iframe display.</iframe></div><p id="title"><a class="left" href="http://www.fedoraproject.org"><img src="Common_Content/images/image_left.png" alt="Product Site" /></a><a class="right" href="http://docs.fedoraproject.org"><img src="Common_Content/images/image_right.png" alt="Documentation Site" /></a></p><ul class="docnav"><li class="previous"><a accesskey="p" href="sect-Defensive
_Coding-TLS-Client-GNUTLS.html"><strong>Prev</strong></a></li><li class="next"><a accesskey="n" href="sect-Defensive_Coding-TLS-Client-NSS.html"><strong>Next</strong></a></li></ul><div class="section" id="sect-Defensive_Coding-TLS-Client-OpenJDK"><div class="titlepage"><div><div keep-together.within-column="always"><h3 class="title">13.2.3. Implementing TLS Clients With OpenJDK</h3></div></div></div><div class="para">
+ </script><link rel="home" href="index.html" title="Defensive Coding" /><link rel="up" href="sect-Defensive_Coding-TLS-Client.html" title="16.2. TLS Clients" /><link rel="prev" href="sect-Defensive_Coding-TLS-Client-GNUTLS.html" title="16.2.2. Implementation TLS Clients With GNUTLS" /><link rel="next" href="sect-Defensive_Coding-TLS-Client-NSS.html" title="16.2.4. Implementing TLS Clients With NSS" /></head><body class="toc_embeded "><div id="tocdiv" class="toc"><iframe id="tocframe" class="toc" src="../../../../toc.html">This is an iframe, to view it upgrade your browser or enable iframe display.</iframe></div><p id="title"><a class="left" href="http://www.fedoraproject.org"><img src="Common_Content/images/image_left.png" alt="Product Site" /></a><a class="right" href="http://docs.fedoraproject.org"><img src="Common_Content/images/image_right.png" alt="Documentation Site" /></a></p><ul class="docnav"><li class="previous"><a accesskey="p" href="sect-Defensive
_Coding-TLS-Client-GNUTLS.html"><strong>Prev</strong></a></li><li class="next"><a accesskey="n" href="sect-Defensive_Coding-TLS-Client-NSS.html"><strong>Next</strong></a></li></ul><div class="section" id="sect-Defensive_Coding-TLS-Client-OpenJDK"><div class="titlepage"><div><div keep-together.within-column="always"><h3 class="title">16.2.3. Implementing TLS Clients With OpenJDK</h3></div></div></div><div class="para">
The examples below use the following cryptographic-related classes:
</div><div class="informalexample"><pre xml:lang="en-US" class="programlisting" lang="en-US">
<span class="perl_Keyword">import</span> java.security.NoSuchAlgorithmException;
@@ -24,8 +24,8 @@
</pre></div><div class="para">
If compatibility with OpenJDK 6 is required, it is necessary to use the internal class <code class="literal">sun.security.util.HostnameChecker</code>. (The public OpenJDK API does not provide any support for dissecting the subject distinguished name of an X.509 certificate, so a custom-written DER parser is needed—or we have to use an internal class, which we do below.) In OpenJDK 7, the <code class="function">setEndpointIdentificationAlgorithm</code> method was added to the <code class="literal">javax.net.ssl.SSLParameters</code> class, providing an official way to implement host name checking.
</div><div class="para">
- TLS connections are established using an <code class="literal">SSLContext</code> instance. With a properly configured OpenJDK installation, the <code class="literal">SunJSSE</code> provider uses the system-wide set of trusted root certificate authorities, so no further configuration is necessary. For backwards compatibility with OpenJDK 6, the <code class="literal">TLSv1</code> provider has to be supported as a fall-back option. This is shown in <a class="xref" href="sect-Defensive_Coding-TLS-Client-OpenJDK.html#ex-Defensive_Coding-TLS-Client-OpenJDK-Context">Example 13.15, “Setting up an <code class="literal">SSLContext</code> for OpenJDK TLS clients”</a>.
- </div><div class="example" id="ex-Defensive_Coding-TLS-Client-OpenJDK-Context"><h6>Example 13.15. Setting up an <code class="literal">SSLContext</code> for OpenJDK TLS clients</h6><div class="example-contents"><pre xml:lang="en-US" class="programlisting" lang="en-US">
+ TLS connections are established using an <code class="literal">SSLContext</code> instance. With a properly configured OpenJDK installation, the <code class="literal">SunJSSE</code> provider uses the system-wide set of trusted root certificate authorities, so no further configuration is necessary. For backwards compatibility with OpenJDK 6, the <code class="literal">TLSv1</code> provider has to be supported as a fall-back option. This is shown in <a class="xref" href="sect-Defensive_Coding-TLS-Client-OpenJDK.html#ex-Defensive_Coding-TLS-Client-OpenJDK-Context">Example 16.15, “Setting up an <code class="literal">SSLContext</code> for OpenJDK TLS clients”</a>.
+ </div><div class="example" id="ex-Defensive_Coding-TLS-Client-OpenJDK-Context"><h6>Example 16.15. Setting up an <code class="literal">SSLContext</code> for OpenJDK TLS clients</h6><div class="example-contents"><pre xml:lang="en-US" class="programlisting" lang="en-US">
<span class="perl_Comment">// Create the context. Specify the SunJSSE provider to avoid</span><span class="perl_Comment"></span>
<span class="perl_Comment"></span><span class="perl_Comment">// picking up third-party providers. Try the TLS 1.2 provider</span><span class="perl_Comment"></span>
<span class="perl_Comment"></span><span class="perl_Comment">// first, then fall back to TLS 1.0.</span><span class="perl_Comment"></span>
@@ -47,8 +47,8 @@
}
ctx.<span class="perl_Function">init</span>(<span class="perl_Keyword">null</span>, <span class="perl_Keyword">null</span>, <span class="perl_Keyword">null</span>);
</pre></div></div><br class="example-break" /><div class="para">
- In addition to the context, a TLS parameter object will be needed which adjusts the cipher suites and protocols (<a class="xref" href="sect-Defensive_Coding-TLS-Client-OpenJDK.html#ex-Defensive_Coding-TLS-OpenJDK-Parameters">Example 13.16, “Setting up <code class="literal">SSLParameters</code> for TLS use with OpenJDK”</a>). Like the context, these parameters can be reused for multiple TLS connections.
- </div><div class="example" id="ex-Defensive_Coding-TLS-OpenJDK-Parameters"><h6>Example 13.16. Setting up <code class="literal">SSLParameters</code> for TLS use with OpenJDK</h6><div class="example-contents"><pre xml:lang="en-US" class="programlisting" lang="en-US">
+ In addition to the context, a TLS parameter object will be needed which adjusts the cipher suites and protocols (<a class="xref" href="sect-Defensive_Coding-TLS-Client-OpenJDK.html#ex-Defensive_Coding-TLS-OpenJDK-Parameters">Example 16.16, “Setting up <code class="literal">SSLParameters</code> for TLS use with OpenJDK”</a>). Like the context, these parameters can be reused for multiple TLS connections.
+ </div><div class="example" id="ex-Defensive_Coding-TLS-OpenJDK-Parameters"><h6>Example 16.16. Setting up <code class="literal">SSLParameters</code> for TLS use with OpenJDK</h6><div class="example-contents"><pre xml:lang="en-US" class="programlisting" lang="en-US">
<span class="perl_Comment">// Prepare TLS parameters. These have to applied to every TLS</span><span class="perl_Comment"></span>
<span class="perl_Comment"></span><span class="perl_Comment">// socket before the handshake is triggered.</span><span class="perl_Comment"></span>
<span class="perl_Comment"></span>SSLParameters params = ctx.<span class="perl_Function">getDefaultSSLParameters</span>();
@@ -77,8 +77,8 @@ params.<span class="perl_Function">setEndpointIdentificationAlgorithm</span>(<sp
</pre></div><div class="para">
All application protocols can use the <code class="literal">"HTTPS"</code> algorithm. (The algorithms have minor differences with regard to wildcard handling, which should not matter in practice.)
</div><div class="para">
- <a class="xref" href="sect-Defensive_Coding-TLS-Client-OpenJDK.html#ex-Defensive_Coding-TLS-Client-OpenJDK-Connect">Example 13.17, “Establishing a TLS connection with OpenJDK”</a> shows how to establish the connection. Before the handshake is initialized, the protocol and cipher configuration has to be performed, by applying the parameter object <code class="literal">params</code>. (After this point, changes to <code class="literal">params</code> will not affect this TLS socket.) As mentioned initially, host name checking requires using an internal API on OpenJDK 6.
- </div><div class="example" id="ex-Defensive_Coding-TLS-Client-OpenJDK-Connect"><h6>Example 13.17. Establishing a TLS connection with OpenJDK</h6><div class="example-contents"><pre xml:lang="en-US" class="programlisting" lang="en-US">
+ <a class="xref" href="sect-Defensive_Coding-TLS-Client-OpenJDK.html#ex-Defensive_Coding-TLS-Client-OpenJDK-Connect">Example 16.17, “Establishing a TLS connection with OpenJDK”</a> shows how to establish the connection. Before the handshake is initialized, the protocol and cipher configuration has to be performed, by applying the parameter object <code class="literal">params</code>. (After this point, changes to <code class="literal">params</code> will not affect this TLS socket.) As mentioned initially, host name checking requires using an internal API on OpenJDK 6.
+ </div><div class="example" id="ex-Defensive_Coding-TLS-Client-OpenJDK-Connect"><h6>Example 16.17. Establishing a TLS connection with OpenJDK</h6><div class="example-contents"><pre xml:lang="en-US" class="programlisting" lang="en-US">
<span class="perl_Comment">// Create the socket and connect it at the TCP layer.</span><span class="perl_Comment"></span>
<span class="perl_Comment"></span>SSLSocket socket = (SSLSocket) ctx.<span class="perl_Function">getSocketFactory</span>()
.<span class="perl_Function">createSocket</span>(host, port);
@@ -102,18 +102,18 @@ params.<span class="perl_Function">setEndpointIdentificationAlgorithm</span>(<sp
</pre></div></div><br class="example-break" /><div class="para">
Starting with OpenJDK 7, the last lines can be omitted, provided that host name verification has been enabled by calling the <code class="function">setEndpointIdentificationAlgorithm</code> method on the <code class="literal">params</code> object (before it was applied to the socket).
</div><div class="para">
- The TLS socket can be used as a regular socket, as shown in <a class="xref" href="sect-Defensive_Coding-TLS-Client-OpenJDK.html#ex-Defensive_Coding-TLS-Client-OpenJDK-Use">Example 13.18, “Using a TLS client socket in OpenJDK”</a>.
- </div><div class="example" id="ex-Defensive_Coding-TLS-Client-OpenJDK-Use"><h6>Example 13.18. Using a TLS client socket in OpenJDK</h6><div class="example-contents"><pre xml:lang="en-US" class="programlisting" lang="en-US">
+ The TLS socket can be used as a regular socket, as shown in <a class="xref" href="sect-Defensive_Coding-TLS-Client-OpenJDK.html#ex-Defensive_Coding-TLS-Client-OpenJDK-Use">Example 16.18, “Using a TLS client socket in OpenJDK”</a>.
+ </div><div class="example" id="ex-Defensive_Coding-TLS-Client-OpenJDK-Use"><h6>Example 16.18. Using a TLS client socket in OpenJDK</h6><div class="example-contents"><pre xml:lang="en-US" class="programlisting" lang="en-US">
socket.<span class="perl_Function">getOutputStream</span>().<span class="perl_Function">write</span>(<span class="perl_String">"GET / HTTP/1.0</span><span class="perl_Char">\r\n\r\n</span><span class="perl_String">"</span>
.<span class="perl_Function">getBytes</span>(Charset.<span class="perl_Function">forName</span>(<span class="perl_String">"UTF-8"</span>)));
<span class="perl_DataType">byte</span>[] buffer = <span class="perl_Keyword">new</span> <span class="perl_DataType">byte</span>[<span class="perl_Float">4096</span>];
<span class="perl_DataType">int</span> count = socket.<span class="perl_Function">getInputStream</span>().<span class="perl_Function">read</span>(buffer);
System.<span class="perl_Function">out</span>.<span class="perl_Function">write</span>(buffer, <span class="perl_Float">0</span>, count);
-</pre></div></div><br class="example-break" /><div class="section" id="idm217606415744"><div class="titlepage"><div><div keep-together.within-column="always"><h4 class="title" id="idm217606415744">13.2.3.1. Overriding server certificate validation with OpenJDK 6</h4></div></div></div><div class="para">
+</pre></div></div><br class="example-break" /><div class="section" id="idm225459110736"><div class="titlepage"><div><div keep-together.within-column="always"><h4 class="title" id="idm225459110736">16.2.3.1. Overriding server certificate validation with OpenJDK 6</h4></div></div></div><div class="para">
Overriding certificate validation requires a custom trust manager. With OpenJDK 6, the trust manager lacks information about the TLS session, and to which server the connection is made. Certificate overrides have to be tied to specific servers (host names). Consequently, different <code class="literal">TrustManager</code> and <code class="literal">SSLContext</code> objects have to be used for different servers.
</div><div class="para">
- In the trust manager shown in <a class="xref" href="sect-Defensive_Coding-TLS-Client-OpenJDK.html#ex-Defensive_Coding-TLS-Client-MyTrustManager">Example 13.19, “A customer trust manager for OpenJDK TLS clients”</a>, the server certificate is identified by its SHA-256 hash.
- </div><div class="example" id="ex-Defensive_Coding-TLS-Client-MyTrustManager"><h6>Example 13.19. A customer trust manager for OpenJDK TLS clients</h6><div class="example-contents"><pre xml:lang="en-US" class="programlisting" lang="en-US">
+ In the trust manager shown in <a class="xref" href="sect-Defensive_Coding-TLS-Client-OpenJDK.html#ex-Defensive_Coding-TLS-Client-MyTrustManager">Example 16.19, “A customer trust manager for OpenJDK TLS clients”</a>, the server certificate is identified by its SHA-256 hash.
+ </div><div class="example" id="ex-Defensive_Coding-TLS-Client-MyTrustManager"><h6>Example 16.19. A customer trust manager for OpenJDK TLS clients</h6><div class="example-contents"><pre xml:lang="en-US" class="programlisting" lang="en-US">
<span class="perl_Keyword">public</span> <span class="perl_Keyword">class</span> MyTrustManager <span class="perl_Keyword">implements</span> X509TrustManager {
<span class="perl_Keyword">private</span> <span class="perl_DataType">final</span> <span class="perl_DataType">byte</span>[] certHash;
@@ -147,8 +147,8 @@ System.<span class="perl_Function">out</span>.<span class="perl_Function">write<
}
}
</pre></div></div><br class="example-break" /><div class="para">
- This trust manager has to be passed to the <code class="literal">init</code> method of the <code class="literal">SSLContext</code> object, as show in <a class="xref" href="sect-Defensive_Coding-TLS-Client-OpenJDK.html#ex-Defensive_Coding-TLS-Client-Context_For_Cert">Example 13.20, “Using a custom TLS trust manager with OpenJDK”</a>.
- </div><div class="example" id="ex-Defensive_Coding-TLS-Client-Context_For_Cert"><h6>Example 13.20. Using a custom TLS trust manager with OpenJDK</h6><div class="example-contents"><pre xml:lang="en-US" class="programlisting" lang="en-US">
+ This trust manager has to be passed to the <code class="literal">init</code> method of the <code class="literal">SSLContext</code> object, as show in <a class="xref" href="sect-Defensive_Coding-TLS-Client-OpenJDK.html#ex-Defensive_Coding-TLS-Client-Context_For_Cert">Example 16.20, “Using a custom TLS trust manager with OpenJDK”</a>.
+ </div><div class="example" id="ex-Defensive_Coding-TLS-Client-Context_For_Cert"><h6>Example 16.20. Using a custom TLS trust manager with OpenJDK</h6><div class="example-contents"><pre xml:lang="en-US" class="programlisting" lang="en-US">
SSLContext ctx;
<span class="perl_Keyword">try</span> {
ctx = SSLContext.<span class="perl_Function">getInstance</span>(<span class="perl_String">"TLSv1.2"</span>, <span class="perl_String">"SunJSSE"</span>);
@@ -169,4 +169,4 @@ ctx.<span class="perl_Function">init</span>(<span class="perl_Keyword">null</spa
When certificate overrides are in place, host name verification should not be performed because there is no security requirement that the host name in the certificate matches the host name used to establish the connection (and it often will not). However, without host name verification, it is not possible to perform transparent fallback to certification validation using the system certificate store.
</div><div class="para">
The approach described above works with OpenJDK 6 and later versions. Starting with OpenJDK 7, it is possible to use a custom subclass of the <code class="literal">javax.net.ssl.X509ExtendedTrustManager</code> class. The OpenJDK TLS implementation will call the new methods, passing along TLS session information. This can be used to implement certificate overrides as a fallback (if certificate or host name verification fails), and a trust manager object can be used for multiple servers because the server address is available to the trust manager.
- </div></div></div><ul class="docnav"><li class="previous"><a accesskey="p" href="sect-Defensive_Coding-TLS-Client-GNUTLS.html"><strong>Prev</strong>13.2.2. Implementation TLS Clients With GNUTLS</a></li><li class="up"><a accesskey="u" href="#"><strong>Up</strong></a></li><li class="home"><a accesskey="h" href="index.html"><strong>Home</strong></a></li><li class="next"><a accesskey="n" href="sect-Defensive_Coding-TLS-Client-NSS.html"><strong>Next</strong>13.2.4. Implementing TLS Clients With NSS</a></li></ul></body></html>
\ No newline at end of file
+ </div></div></div><ul class="docnav"><li class="previous"><a accesskey="p" href="sect-Defensive_Coding-TLS-Client-GNUTLS.html"><strong>Prev</strong>16.2.2. Implementation TLS Clients With GNUTLS</a></li><li class="up"><a accesskey="u" href="#"><strong>Up</strong></a></li><li class="home"><a accesskey="h" href="index.html"><strong>Home</strong></a></li><li class="next"><a accesskey="n" href="sect-Defensive_Coding-TLS-Client-NSS.html"><strong>Next</strong>16.2.4. Implementing TLS Clients With NSS</a></li></ul></body></html>
\ No newline at end of file
diff --git a/public_html/en-US/Fedora_Security_Team/1/html/Defensive_Coding/sect-Defensive_Coding-TLS-Client-Python.html b/public_html/en-US/Fedora_Security_Team/1/html/Defensive_Coding/sect-Defensive_Coding-TLS-Client-Python.html
index e140757..52f96a2 100644
--- a/public_html/en-US/Fedora_Security_Team/1/html/Defensive_Coding/sect-Defensive_Coding-TLS-Client-Python.html
+++ b/public_html/en-US/Fedora_Security_Team/1/html/Defensive_Coding/sect-Defensive_Coding-TLS-Client-Python.html
@@ -1,18 +1,18 @@
<?xml version="1.0" encoding="UTF-8" standalone="no"?>
-<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd"><html xmlns="http://www.w3.org/1999/xhtml"><head><meta http-equiv="Content-Type" content="text/html; charset=UTF-8" /><title>13.2.5. Implementing TLS Clients With Python</title><link rel="stylesheet" type="text/css" href="Common_Content/css/default.css" /><link rel="stylesheet" media="print" href="Common_Content/css/print.css" type="text/css" /><meta name="generator" content="publican 2.8" /><meta name="package" content="Fedora_Security_Team-Defensive_Coding-1-en-US--" /><script type="text/javascript" src="../../../../../toc.js"></script><script type="text/javascript">
+<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd"><html xmlns="http://www.w3.org/1999/xhtml"><head><meta http-equiv="Content-Type" content="text/html; charset=UTF-8" /><title>16.2.5. Implementing TLS Clients With Python</title><link rel="stylesheet" type="text/css" href="Common_Content/css/default.css" /><link rel="stylesheet" media="print" href="Common_Content/css/print.css" type="text/css" /><meta name="generator" content="publican 2.8" /><meta name="package" content="Fedora_Security_Team-Defensive_Coding-1-en-US-1-1" /><script type="text/javascript" src="../../../../../toc.js"></script><script type="text/javascript">
addID('Fedora_Security_Team');
addID('Fedora_Security_Team.1');
addID('Fedora_Security_Team.1.books');
addID('Fedora_Security_Team.1.Defensive_Coding');
- </script><link rel="home" href="index.html" title="Defensive Coding" /><link rel="up" href="sect-Defensive_Coding-TLS-Client.html" title="13.2. TLS Clients" /><link rel="prev" href="sect-Defensive_Coding-TLS-Client-NSS.html" title="13.2.4. Implementing TLS Clients With NSS" /><link rel="next" href="appe-UEFI_Secure_Boot_Guide-Revision_History.html" title="Appendix A. Revision History" /></head><body class="toc_embeded "><div id="tocdiv" class="toc"><iframe id="tocframe" class="toc" src="../../../../toc.html">This is an iframe, to view it upgrade your browser or enable iframe display.</iframe></div><p id="title"><a class="left" href="http://www.fedoraproject.org"><img src="Common_Content/images/image_left.png" alt="Product Site" /></a><a class="right" href="http://docs.fedoraproject.org"><img src="Common_Content/images/image_right.png" alt="Documentation Site" /></a></p><ul class="docnav"><li class="previous"><a accesskey="p" href="sect-Defensive_Coding-TLS-
Client-NSS.html"><strong>Prev</strong></a></li><li class="next"><a accesskey="n" href="appe-UEFI_Secure_Boot_Guide-Revision_History.html"><strong>Next</strong></a></li></ul><div class="section" id="sect-Defensive_Coding-TLS-Client-Python"><div class="titlepage"><div><div keep-together.within-column="always"><h3 class="title">13.2.5. Implementing TLS Clients With Python</h3></div></div></div><div class="para">
- The Python distribution provides a TLS implementation in the <code class="literal">ssl</code> module (actually a wrapper around OpenSSL). The exported interface is somewhat restricted, so that the client code shown below does not fully implement the recommendations in <a class="xref" href="chap-Defensive_Coding-TLS.html#sect-Defensive_Coding-TLS-OpenSSL">Section 13.1.1, “OpenSSL Pitfalls”</a>.
+ </script><link rel="home" href="index.html" title="Defensive Coding" /><link rel="up" href="sect-Defensive_Coding-TLS-Client.html" title="16.2. TLS Clients" /><link rel="prev" href="sect-Defensive_Coding-TLS-Client-NSS.html" title="16.2.4. Implementing TLS Clients With NSS" /><link rel="next" href="appe-Defensive_Coding-Revision_History.html" title="Appendix A. Revision History" /></head><body class="toc_embeded "><div id="tocdiv" class="toc"><iframe id="tocframe" class="toc" src="../../../../toc.html">This is an iframe, to view it upgrade your browser or enable iframe display.</iframe></div><p id="title"><a class="left" href="http://www.fedoraproject.org"><img src="Common_Content/images/image_left.png" alt="Product Site" /></a><a class="right" href="http://docs.fedoraproject.org"><img src="Common_Content/images/image_right.png" alt="Documentation Site" /></a></p><ul class="docnav"><li class="previous"><a accesskey="p" href="sect-Defensive_Coding-TLS-Client
-NSS.html"><strong>Prev</strong></a></li><li class="next"><a accesskey="n" href="appe-Defensive_Coding-Revision_History.html"><strong>Next</strong></a></li></ul><div class="section" id="sect-Defensive_Coding-TLS-Client-Python"><div class="titlepage"><div><div keep-together.within-column="always"><h3 class="title">16.2.5. Implementing TLS Clients With Python</h3></div></div></div><div class="para">
+ The Python distribution provides a TLS implementation in the <code class="literal">ssl</code> module (actually a wrapper around OpenSSL). The exported interface is somewhat restricted, so that the client code shown below does not fully implement the recommendations in <a class="xref" href="chap-Defensive_Coding-TLS.html#sect-Defensive_Coding-TLS-OpenSSL">Section 16.1.1, “OpenSSL Pitfalls”</a>.
</div><div class="important"><div class="admonition_header"><h2>Important</h2></div><div class="admonition"><div class="para">
Currently, most Python function which accept <code class="literal">https://</code> URLs or otherwise implement HTTPS support do not perform certificate validation at all. (For example, this is true for the <code class="literal">httplib</code> and <code class="literal">xmlrpclib</code> modules.) If you use HTTPS, you should not use the built-in HTTP clients. The <code class="literal">Curl</code> class in the <code class="literal">curl</code> module, as provided by the <code class="literal">python-pycurl</code> package implements proper certificate validation.
</div></div></div><div class="para">
- The <code class="literal">ssl</code> module currently does not perform host name checking on the server certificate. <a class="xref" href="sect-Defensive_Coding-TLS-Client-Python.html#ex-Defensive_Coding-TLS-Client-Python-check_host_name">Example 13.26, “Implementing TLS host name checking Python (without wildcard support)”</a> shows how to implement certificate matching, using the parsed certificate returned by <code class="function">getpeercert</code>.
- </div><div class="example" id="ex-Defensive_Coding-TLS-Client-Python-check_host_name"><h6>Example 13.26. Implementing TLS host name checking Python (without wildcard support)</h6><div class="example-contents"><pre xml:lang="en-US" class="programlisting" lang="en-US">
+ The <code class="literal">ssl</code> module currently does not perform host name checking on the server certificate. <a class="xref" href="sect-Defensive_Coding-TLS-Client-Python.html#ex-Defensive_Coding-TLS-Client-Python-check_host_name">Example 16.26, “Implementing TLS host name checking Python (without wildcard support)”</a> shows how to implement certificate matching, using the parsed certificate returned by <code class="function">getpeercert</code>.
+ </div><div class="example" id="ex-Defensive_Coding-TLS-Client-Python-check_host_name"><h6>Example 16.26. Implementing TLS host name checking Python (without wildcard support)</h6><div class="example-contents"><pre xml:lang="en-US" class="programlisting" lang="en-US">
<span class="perl_Keyword">def</span> check_host_name<span class="perl_Char">(peercert</span>, name<span class="perl_Char">):</span>
<span class="perl_Comment">"""Simple certificate/host name checker. Returns True if the</span><span class="perl_Comment"></span>
<span class="perl_Comment"></span><span class="perl_Comment"> certificate matches, False otherwise. Does not support</span><span class="perl_Comment"></span>
@@ -37,7 +37,7 @@
<span class="perl_Keyword">return</span> cn <span class="perl_Char">==</span> name
<span class="perl_Keyword">return</span> <span class="perl_Others">False</span>
</pre></div></div><br class="example-break" /><div class="para">
- To turn a regular, connected TCP socket into a TLS-enabled socket, use the <code class="function">ssl.wrap_socket</code> function. The function call in <a class="xref" href="sect-Defensive_Coding-TLS-Client-Python.html#ex-Defensive_Coding-TLS-Client-Python-Connect">Example 13.27, “Establishing a TLS client connection with Python”</a> provides additional arguments to override questionable defaults in OpenSSL and in the Python module.
+ To turn a regular, connected TCP socket into a TLS-enabled socket, use the <code class="function">ssl.wrap_socket</code> function. The function call in <a class="xref" href="sect-Defensive_Coding-TLS-Client-Python.html#ex-Defensive_Coding-TLS-Client-Python-Connect">Example 16.27, “Establishing a TLS client connection with Python”</a> provides additional arguments to override questionable defaults in OpenSSL and in the Python module.
</div><div class="itemizedlist"><ul><li class="listitem"><div class="para">
<code class="literal">ciphers="HIGH:-aNULL:-eNULL:-PSK:RC4-SHA:RC4-MD5"</code> selects relatively strong cipher suites with certificate-based authentication. (The call to <code class="function">check_host_name</code> function provides additional protection against anonymous cipher suites.)
</div></li><li class="listitem"><div class="para">
@@ -48,7 +48,7 @@
<code class="literal">ca_certs='/etc/ssl/certs/ca-bundle.crt'</code> initializes the certificate store with a set of trusted root CAs. Unfortunately, it is necessary to hard-code this path into applications because the default path in OpenSSL is not available through the Python <code class="literal">ssl</code> module.
</div></li></ul></div><div class="para">
The <code class="literal">ssl</code> module (and OpenSSL) perform certificate validation, but the certificate must be compared manually against the host name, by calling the <code class="function">check_host_name</code> defined above.
- </div><div class="example" id="ex-Defensive_Coding-TLS-Client-Python-Connect"><h6>Example 13.27. Establishing a TLS client connection with Python</h6><div class="example-contents"><pre xml:lang="en-US" class="programlisting" lang="en-US">
+ </div><div class="example" id="ex-Defensive_Coding-TLS-Client-Python-Connect"><h6>Example 16.27. Establishing a TLS client connection with Python</h6><div class="example-contents"><pre xml:lang="en-US" class="programlisting" lang="en-US">
sock <span class="perl_Char">=</span> ssl.wrap_socket<span class="perl_Char">(sock</span>,
ciphers<span class="perl_Char">=</span><span class="perl_String">"HIGH:-aNULL:-eNULL:-PSK:RC4-SHA:RC4-MD5"</span>,
ssl_version<span class="perl_Char">=ssl</span>.PROTOCOL_TLSv1,
@@ -66,4 +66,4 @@ sock.write<span class="perl_Char">(</span><span class="perl_String">"GET / HTTP/
Closing the TLS socket is straightforward as well:
</div><div class="informalexample"><pre xml:lang="en-US" class="programlisting" lang="en-US">
sock.close<span class="perl_Char">()</span>
-</pre></div></div><ul class="docnav"><li class="previous"><a accesskey="p" href="sect-Defensive_Coding-TLS-Client-NSS.html"><strong>Prev</strong>13.2.4. Implementing TLS Clients With NSS</a></li><li class="up"><a accesskey="u" href="#"><strong>Up</strong></a></li><li class="home"><a accesskey="h" href="index.html"><strong>Home</strong></a></li><li class="next"><a accesskey="n" href="appe-UEFI_Secure_Boot_Guide-Revision_History.html"><strong>Next</strong>Appendix A. Revision History</a></li></ul></body></html>
\ No newline at end of file
+</pre></div></div><ul class="docnav"><li class="previous"><a accesskey="p" href="sect-Defensive_Coding-TLS-Client-NSS.html"><strong>Prev</strong>16.2.4. Implementing TLS Clients With NSS</a></li><li class="up"><a accesskey="u" href="#"><strong>Up</strong></a></li><li class="home"><a accesskey="h" href="index.html"><strong>Home</strong></a></li><li class="next"><a accesskey="n" href="appe-Defensive_Coding-Revision_History.html"><strong>Next</strong>Appendix A. Revision History</a></li></ul></body></html>
\ No newline at end of file
diff --git a/public_html/en-US/Fedora_Security_Team/1/html/Defensive_Coding/sect-Defensive_Coding-TLS-Client.html b/public_html/en-US/Fedora_Security_Team/1/html/Defensive_Coding/sect-Defensive_Coding-TLS-Client.html
index caab2db..275ad5a 100644
--- a/public_html/en-US/Fedora_Security_Team/1/html/Defensive_Coding/sect-Defensive_Coding-TLS-Client.html
+++ b/public_html/en-US/Fedora_Security_Team/1/html/Defensive_Coding/sect-Defensive_Coding-TLS-Client.html
@@ -1,12 +1,12 @@
<?xml version="1.0" encoding="UTF-8" standalone="no"?>
-<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd"><html xmlns="http://www.w3.org/1999/xhtml"><head><meta http-equiv="Content-Type" content="text/html; charset=UTF-8" /><title>13.2. TLS Clients</title><link rel="stylesheet" type="text/css" href="Common_Content/css/default.css" /><link rel="stylesheet" media="print" href="Common_Content/css/print.css" type="text/css" /><meta name="generator" content="publican 2.8" /><meta name="package" content="Fedora_Security_Team-Defensive_Coding-1-en-US--" /><script type="text/javascript" src="../../../../../toc.js"></script><script type="text/javascript">
+<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd"><html xmlns="http://www.w3.org/1999/xhtml"><head><meta http-equiv="Content-Type" content="text/html; charset=UTF-8" /><title>16.2. TLS Clients</title><link rel="stylesheet" type="text/css" href="Common_Content/css/default.css" /><link rel="stylesheet" media="print" href="Common_Content/css/print.css" type="text/css" /><meta name="generator" content="publican 2.8" /><meta name="package" content="Fedora_Security_Team-Defensive_Coding-1-en-US-1-1" /><script type="text/javascript" src="../../../../../toc.js"></script><script type="text/javascript">
addID('Fedora_Security_Team');
addID('Fedora_Security_Team.1');
addID('Fedora_Security_Team.1.books');
addID('Fedora_Security_Team.1.Defensive_Coding');
- </script><link rel="home" href="index.html" title="Defensive Coding" /><link rel="up" href="chap-Defensive_Coding-TLS.html" title="Chapter 13. Transport Layer Security" /><link rel="prev" href="chap-Defensive_Coding-TLS.html" title="Chapter 13. Transport Layer Security" /><link rel="next" href="sect-Defensive_Coding-TLS-Client-GNUTLS.html" title="13.2.2. Implementation TLS Clients With GNUTLS" /></head><body class="toc_embeded "><div id="tocdiv" class="toc"><iframe id="tocframe" class="toc" src="../../../../toc.html">This is an iframe, to view it upgrade your browser or enable iframe display.</iframe></div><p id="title"><a class="left" href="http://www.fedoraproject.org"><img src="Common_Content/images/image_left.png" alt="Product Site" /></a><a class="right" href="http://docs.fedoraproject.org"><img src="Common_Content/images/image_right.png" alt="Documentation Site" /></a></p><ul class="docnav"><li class="previous"><a accesskey="p" href="chap-Defensive_C
oding-TLS.html"><strong>Prev</strong></a></li><li class="next"><a accesskey="n" href="sect-Defensive_Coding-TLS-Client-GNUTLS.html"><strong>Next</strong></a></li></ul><div class="section" id="sect-Defensive_Coding-TLS-Client"><div class="titlepage"><div><div keep-together.within-column="always"><h2 class="title">13.2. TLS Clients</h2></div></div></div><div class="para">
+ </script><link rel="home" href="index.html" title="Defensive Coding" /><link rel="up" href="chap-Defensive_Coding-TLS.html" title="Chapter 16. Transport Layer Security" /><link rel="prev" href="chap-Defensive_Coding-TLS.html" title="Chapter 16. Transport Layer Security" /><link rel="next" href="sect-Defensive_Coding-TLS-Client-GNUTLS.html" title="16.2.2. Implementation TLS Clients With GNUTLS" /></head><body class="toc_embeded "><div id="tocdiv" class="toc"><iframe id="tocframe" class="toc" src="../../../../toc.html">This is an iframe, to view it upgrade your browser or enable iframe display.</iframe></div><p id="title"><a class="left" href="http://www.fedoraproject.org"><img src="Common_Content/images/image_left.png" alt="Product Site" /></a><a class="right" href="http://docs.fedoraproject.org"><img src="Common_Content/images/image_right.png" alt="Documentation Site" /></a></p><ul class="docnav"><li class="previous"><a accesskey="p" href="chap-Defensive_C
oding-TLS.html"><strong>Prev</strong></a></li><li class="next"><a accesskey="n" href="sect-Defensive_Coding-TLS-Client-GNUTLS.html"><strong>Next</strong></a></li></ul><div class="section" id="sect-Defensive_Coding-TLS-Client"><div class="titlepage"><div><div keep-together.within-column="always"><h2 class="title">16.2. TLS Clients</h2></div></div></div><div class="para">
Secure use of TLS in a client generally involves all of the following steps. (Individual instructions for specific TLS implementations follow in the next sections.)
</div><div class="itemizedlist"><ul><li class="listitem"><div class="para">
The client must configure the TLS library to use a set of trusted root certificates. These certificates are provided by the system in <code class="filename">/etc/ssl/certs</code> or files derived from it.
@@ -22,11 +22,11 @@
It is safe to provide users detailed diagnostics on certificate validation failures. Other causes of handshake failures and, generally speaking, any details on other errors reported by the TLS implementation (particularly exception tracebacks), must not be divulged in ways that make them accessible to potential attackers. Otherwise, it is possible to create decryption oracles.
</div><div class="important"><div class="admonition_header"><h2>Important</h2></div><div class="admonition"><div class="para">
Depending on the application, revocation checking (against certificate revocations lists or via OCSP) and session resumption are important aspects of production-quality client. These aspects are not yet covered.
- </div></div></div><div class="section" id="idm217622790960"><div class="titlepage"><div><div keep-together.within-column="always"><h3 class="title" id="idm217622790960">13.2.1. Implementation TLS Clients With OpenSSL</h3></div></div></div><div class="para">
+ </div></div></div><div class="section" id="idm225494367168"><div class="titlepage"><div><div keep-together.within-column="always"><h3 class="title" id="idm225494367168">16.2.1. Implementation TLS Clients With OpenSSL</h3></div></div></div><div class="para">
In the following code, the error handling is only exploratory. Proper error handling is required for production use, especially in libraries.
</div><div class="para">
- The OpenSSL library needs explicit initialization (see <a class="xref" href="sect-Defensive_Coding-TLS-Client.html#ex-Defensive_Coding-TLS-OpenSSL-Init">Example 13.3, “OpenSSL library initialization”</a>).
- </div><div class="example" id="ex-Defensive_Coding-TLS-OpenSSL-Init"><h6>Example 13.3. OpenSSL library initialization</h6><div class="example-contents"><pre xml:lang="en-US" class="programlisting" lang="en-US">
+ The OpenSSL library needs explicit initialization (see <a class="xref" href="sect-Defensive_Coding-TLS-Client.html#ex-Defensive_Coding-TLS-OpenSSL-Init">Example 16.3, “OpenSSL library initialization”</a>).
+ </div><div class="example" id="ex-Defensive_Coding-TLS-OpenSSL-Init"><h6>Example 16.3. OpenSSL library initialization</h6><div class="example-contents"><pre xml:lang="en-US" class="programlisting" lang="en-US">
<span class="perl_Comment">// The following call prints an error message and calls exit() if</span><span class="perl_Comment"></span>
<span class="perl_Comment"></span><span class="perl_Comment">// the OpenSSL configuration file is unreadable.</span><span class="perl_Comment"></span>
<span class="perl_Comment"></span>OPENSSL_config(NULL);
@@ -35,8 +35,8 @@
<span class="perl_Comment">// Register ciphers.</span><span class="perl_Comment"></span>
<span class="perl_Comment"></span>SSL_library_init();
</pre></div></div><br class="example-break" /><div class="para">
- After that, a context object has to be created, which acts as a factory for connection objects (<a class="xref" href="sect-Defensive_Coding-TLS-Client.html#ex-Defensive_Coding-TLS-Client-OpenSSL-CTX">Example 13.4, “OpenSSL client context creation”</a>). We use an explicit cipher list so that we do not pick up any strange ciphers when OpenSSL is upgraded. The actual version requested in the client hello depends on additional restrictions in the OpenSSL library. If possible, you should follow the example code and use the default list of trusted root certificate authorities provided by the system because you would have to maintain your own set otherwise, which can be cumbersome.
- </div><div class="example" id="ex-Defensive_Coding-TLS-Client-OpenSSL-CTX"><h6>Example 13.4. OpenSSL client context creation</h6><div class="example-contents"><pre xml:lang="en-US" class="programlisting" lang="en-US">
+ After that, a context object has to be created, which acts as a factory for connection objects (<a class="xref" href="sect-Defensive_Coding-TLS-Client.html#ex-Defensive_Coding-TLS-Client-OpenSSL-CTX">Example 16.4, “OpenSSL client context creation”</a>). We use an explicit cipher list so that we do not pick up any strange ciphers when OpenSSL is upgraded. The actual version requested in the client hello depends on additional restrictions in the OpenSSL library. If possible, you should follow the example code and use the default list of trusted root certificate authorities provided by the system because you would have to maintain your own set otherwise, which can be cumbersome.
+ </div><div class="example" id="ex-Defensive_Coding-TLS-Client-OpenSSL-CTX"><h6>Example 16.4. OpenSSL client context creation</h6><div class="example-contents"><pre xml:lang="en-US" class="programlisting" lang="en-US">
<span class="perl_Comment">// Configure a client connection context. Send a hendshake for the</span><span class="perl_Comment"></span>
<span class="perl_Comment"></span><span class="perl_Comment">// highest supported TLS version, and disable compression.</span><span class="perl_Comment"></span>
<span class="perl_Comment"></span><span class="perl_DataType">const</span> SSL_METHOD *<span class="perl_DataType">const</span> req_method = SSLv23_client_method();
@@ -105,12 +105,12 @@ SSL_CTX_set_options(ctx, SSL_OP_NO_SSLv2 | SSL_OP_NO_COMPRESSION);
</pre></div></div><br class="example-break" /><div class="para">
A single context object can be used to create multiple connection objects. It is safe to use the same <code class="literal">SSL_CTX</code> object for creating connections concurrently from multiple threads, provided that the <code class="literal">SSL_CTX</code> object is not modified (e.g., callbacks must not be changed).
</div><div class="para">
- After creating the TCP socket and disabling the Nagle algorithm (per <a class="xref" href="chap-Defensive_Coding-TLS.html#ex-Defensive_Coding-TLS-Nagle">Example 13.1, “Deactivating the TCP Nagle algorithm”</a>), the actual connection object needs to be created, as show in <a class="xref" href="sect-Defensive_Coding-TLS-Client.html#ex-Defensive_Coding-TLS-Client-OpenSSL-CTX">Example 13.4, “OpenSSL client context creation”</a>. If the handshake started by <code class="function">SSL_connect</code> fails, the <code class="function">ssl_print_error_and_exit</code> function from <a class="xref" href="chap-Defensive_Coding-TLS.html#ex-Defensive_Coding-TLS-OpenSSL-Errors">Example 13.2, “Obtaining OpenSSL error codes”</a> is called.
+ After creating the TCP socket and disabling the Nagle algorithm (per <a class="xref" href="chap-Defensive_Coding-TLS.html#ex-Defensive_Coding-TLS-Nagle">Example 16.1, “Deactivating the TCP Nagle algorithm”</a>), the actual connection object needs to be created, as show in <a class="xref" href="sect-Defensive_Coding-TLS-Client.html#ex-Defensive_Coding-TLS-Client-OpenSSL-CTX">Example 16.4, “OpenSSL client context creation”</a>. If the handshake started by <code class="function">SSL_connect</code> fails, the <code class="function">ssl_print_error_and_exit</code> function from <a class="xref" href="chap-Defensive_Coding-TLS.html#ex-Defensive_Coding-TLS-OpenSSL-Errors">Example 16.2, “Obtaining OpenSSL error codes”</a> is called.
</div><div class="para">
The <code class="function">certificate_validity_override</code> function provides an opportunity to override the validity of the certificate in case the OpenSSL check fails. If such functionality is not required, the call can be removed, otherwise, the application developer has to implement it.
</div><div class="para">
The host name passed to the functions <code class="function">SSL_set_tlsext_host_name</code> and <code class="function">X509_check_host</code> must be the name that was passed to <code class="function">getaddrinfo</code> or a similar name resolution function. No host name canonicalization must be performed. The <code class="function">X509_check_host</code> function used in the final step for host name matching is currently only implemented in OpenSSL 1.1, which is not released yet. In case host name matching fails, the function <code class="function">certificate_host_name_override</code> is called. This function should check user-specific certificate store, to allow a connection even if the host name does not match the certificate. This function has to be provided by the application developer. Note that the override must be keyed by both the certificate <span class="emphasis"><em>and</em></span> the host name.
- </div><div class="example" id="ex-Defensive_Coding-TLS-Client-OpenSSL-Connect"><h6>Example 13.5. Creating a client connection using OpenSSL</h6><div class="example-contents"><pre xml:lang="en-US" class="programlisting" lang="en-US">
+ </div><div class="example" id="ex-Defensive_Coding-TLS-Client-OpenSSL-Connect"><h6>Example 16.5. Creating a client connection using OpenSSL</h6><div class="example-contents"><pre xml:lang="en-US" class="programlisting" lang="en-US">
<span class="perl_Comment">// Create the connection object.</span><span class="perl_Comment"></span>
<span class="perl_Comment"></span>SSL *ssl = SSL_new(ctx);
<span class="perl_Keyword">if</span> (ssl == NULL) {
@@ -161,8 +161,8 @@ SSL_set_fd(ssl, sockfd);
X509_free(peercert);
</pre></div></div><br class="example-break" /><div class="para">
- The connection object can be used for sending and receiving data, as in <a class="xref" href="sect-Defensive_Coding-TLS-Client.html#ex-Defensive_Coding-TLS-OpenSSL-Connection-Use">Example 13.6, “Using an OpenSSL connection to send and receive data”</a>. It is also possible to create a <code class="literal">BIO</code> object and use the <code class="literal">SSL</code> object as the underlying transport, using <code class="function">BIO_set_ssl</code>.
- </div><div class="example" id="ex-Defensive_Coding-TLS-OpenSSL-Connection-Use"><h6>Example 13.6. Using an OpenSSL connection to send and receive data</h6><div class="example-contents"><pre xml:lang="en-US" class="programlisting" lang="en-US">
+ The connection object can be used for sending and receiving data, as in <a class="xref" href="sect-Defensive_Coding-TLS-Client.html#ex-Defensive_Coding-TLS-OpenSSL-Connection-Use">Example 16.6, “Using an OpenSSL connection to send and receive data”</a>. It is also possible to create a <code class="literal">BIO</code> object and use the <code class="literal">SSL</code> object as the underlying transport, using <code class="function">BIO_set_ssl</code>.
+ </div><div class="example" id="ex-Defensive_Coding-TLS-OpenSSL-Connection-Use"><h6>Example 16.6. Using an OpenSSL connection to send and receive data</h6><div class="example-contents"><pre xml:lang="en-US" class="programlisting" lang="en-US">
<span class="perl_DataType">const</span> <span class="perl_DataType">char</span> *<span class="perl_DataType">const</span> req = <span class="perl_String">"GET / HTTP/1.0</span><span class="perl_Char">\r\n\r\n</span><span class="perl_String">"</span>;
<span class="perl_Keyword">if</span> (SSL_write(ssl, req, strlen(req)) < 0) {
ssl_print_error_and_exit(ssl, <span class="perl_String">"SSL_write"</span>, ret);
@@ -173,8 +173,8 @@ ret = SSL_read(ssl, buf, <span class="perl_Keyword">sizeof</span>(buf));
ssl_print_error_and_exit(ssl, <span class="perl_String">"SSL_read"</span>, ret);
}
</pre></div></div><br class="example-break" /><div class="para">
- When it is time to close the connection, the <code class="function">SSL_shutdown</code> function needs to be called twice for an orderly, synchronous connection termination (<a class="xref" href="sect-Defensive_Coding-TLS-Client.html#ex-Defensive_Coding-TLS-OpenSSL-Connection-Close">Example 13.7, “Closing an OpenSSL connection in an orderly fashion”</a>). This exchanges <code class="literal">close_notify</code> alerts with the server. The additional logic is required to deal with an unexpected <code class="literal">close_notify</code> from the server. Note that is necessary to explicitly close the underlying socket after the connection object has been freed.
- </div><div class="example" id="ex-Defensive_Coding-TLS-OpenSSL-Connection-Close"><h6>Example 13.7. Closing an OpenSSL connection in an orderly fashion</h6><div class="example-contents"><pre xml:lang="en-US" class="programlisting" lang="en-US">
+ When it is time to close the connection, the <code class="function">SSL_shutdown</code> function needs to be called twice for an orderly, synchronous connection termination (<a class="xref" href="sect-Defensive_Coding-TLS-Client.html#ex-Defensive_Coding-TLS-OpenSSL-Connection-Close">Example 16.7, “Closing an OpenSSL connection in an orderly fashion”</a>). This exchanges <code class="literal">close_notify</code> alerts with the server. The additional logic is required to deal with an unexpected <code class="literal">close_notify</code> from the server. Note that is necessary to explicitly close the underlying socket after the connection object has been freed.
+ </div><div class="example" id="ex-Defensive_Coding-TLS-OpenSSL-Connection-Close"><h6>Example 16.7. Closing an OpenSSL connection in an orderly fashion</h6><div class="example-contents"><pre xml:lang="en-US" class="programlisting" lang="en-US">
<span class="perl_Comment">// Send the close_notify alert.</span><span class="perl_Comment"></span>
<span class="perl_Comment"></span>ret = SSL_shutdown(ssl);
<span class="perl_Keyword">switch</span> (ret) {
@@ -200,7 +200,7 @@ ret = SSL_read(ssl, buf, <span class="perl_Keyword">sizeof</span>(buf));
SSL_free(ssl);
close(sockfd);
</pre></div></div><br class="example-break" /><div class="para">
- <a class="xref" href="sect-Defensive_Coding-TLS-Client.html#ex-Defensive_Coding-TLS-OpenSSL-Context-Close">Example 13.8, “Closing an OpenSSL connection in an orderly fashion”</a> shows how to deallocate the context object when it is no longer needed because no further TLS connections will be established.
- </div><div class="example" id="ex-Defensive_Coding-TLS-OpenSSL-Context-Close"><h6>Example 13.8. Closing an OpenSSL connection in an orderly fashion</h6><div class="example-contents"><pre xml:lang="en-US" class="programlisting" lang="en-US">
+ <a class="xref" href="sect-Defensive_Coding-TLS-Client.html#ex-Defensive_Coding-TLS-OpenSSL-Context-Close">Example 16.8, “Closing an OpenSSL connection in an orderly fashion”</a> shows how to deallocate the context object when it is no longer needed because no further TLS connections will be established.
+ </div><div class="example" id="ex-Defensive_Coding-TLS-OpenSSL-Context-Close"><h6>Example 16.8. Closing an OpenSSL connection in an orderly fashion</h6><div class="example-contents"><pre xml:lang="en-US" class="programlisting" lang="en-US">
SSL_CTX_free(ctx);
-</pre></div></div><br class="example-break" /></div></div><ul class="docnav"><li class="previous"><a accesskey="p" href="chap-Defensive_Coding-TLS.html"><strong>Prev</strong>Chapter 13. Transport Layer Security</a></li><li class="up"><a accesskey="u" href="#"><strong>Up</strong></a></li><li class="home"><a accesskey="h" href="index.html"><strong>Home</strong></a></li><li class="next"><a accesskey="n" href="sect-Defensive_Coding-TLS-Client-GNUTLS.html"><strong>Next</strong>13.2.2. Implementation TLS Clients With GNUTLS</a></li></ul></body></html>
\ No newline at end of file
+</pre></div></div><br class="example-break" /></div></div><ul class="docnav"><li class="previous"><a accesskey="p" href="chap-Defensive_Coding-TLS.html"><strong>Prev</strong>Chapter 16. Transport Layer Security</a></li><li class="up"><a accesskey="u" href="#"><strong>Up</strong></a></li><li class="home"><a accesskey="h" href="index.html"><strong>Home</strong></a></li><li class="next"><a accesskey="n" href="sect-Defensive_Coding-TLS-Client-GNUTLS.html"><strong>Next</strong>16.2.2. Implementation TLS Clients With GNUTLS</a></li></ul></body></html>
\ No newline at end of file
diff --git a/public_html/en-US/Fedora_Security_Team/1/html/Defensive_Coding/sect-Defensive_Coding-Tasks-Descriptors-Child_Processes.html b/public_html/en-US/Fedora_Security_Team/1/html/Defensive_Coding/sect-Defensive_Coding-Tasks-Descriptors-Child_Processes.html
index 32c0bfe..e27def6 100644
--- a/public_html/en-US/Fedora_Security_Team/1/html/Defensive_Coding/sect-Defensive_Coding-Tasks-Descriptors-Child_Processes.html
+++ b/public_html/en-US/Fedora_Security_Team/1/html/Defensive_Coding/sect-Defensive_Coding-Tasks-Descriptors-Child_Processes.html
@@ -1,12 +1,12 @@
<?xml version="1.0" encoding="UTF-8" standalone="no"?>
-<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd"><html xmlns="http://www.w3.org/1999/xhtml"><head><meta http-equiv="Content-Type" content="text/html; charset=UTF-8" /><title>6.2. Preventing file descriptor leaks to child processes</title><link rel="stylesheet" type="text/css" href="Common_Content/css/default.css" /><link rel="stylesheet" media="print" href="Common_Content/css/print.css" type="text/css" /><meta name="generator" content="publican 2.8" /><meta name="package" content="Fedora_Security_Team-Defensive_Coding-1-en-US--" /><script type="text/javascript" src="../../../../../toc.js"></script><script type="text/javascript">
+<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd"><html xmlns="http://www.w3.org/1999/xhtml"><head><meta http-equiv="Content-Type" content="text/html; charset=UTF-8" /><title>8.2. Preventing file descriptor leaks to child processes</title><link rel="stylesheet" type="text/css" href="Common_Content/css/default.css" /><link rel="stylesheet" media="print" href="Common_Content/css/print.css" type="text/css" /><meta name="generator" content="publican 2.8" /><meta name="package" content="Fedora_Security_Team-Defensive_Coding-1-en-US-1-1" /><script type="text/javascript" src="../../../../../toc.js"></script><script type="text/javascript">
addID('Fedora_Security_Team');
addID('Fedora_Security_Team.1');
addID('Fedora_Security_Team.1.books');
addID('Fedora_Security_Team.1.Defensive_Coding');
- </script><link rel="home" href="index.html" title="Defensive Coding" /><link rel="up" href="sect-Defensive_Coding-Tasks-Descriptors.html" title="Chapter 6. File Descriptor Management" /><link rel="prev" href="sect-Defensive_Coding-Tasks-Descriptors.html" title="Chapter 6. File Descriptor Management" /><link rel="next" href="sect-Defensive_Coding-Tasks-Descriptors-Limit.html" title="6.3. Dealing with the select limit" /></head><body class="toc_embeded "><div id="tocdiv" class="toc"><iframe id="tocframe" class="toc" src="../../../../toc.html">This is an iframe, to view it upgrade your browser or enable iframe display.</iframe></div><p id="title"><a class="left" href="http://www.fedoraproject.org"><img src="Common_Content/images/image_left.png" alt="Product Site" /></a><a class="right" href="http://docs.fedoraproject.org"><img src="Common_Content/images/image_right.png" alt="Documentation Site" /></a></p><ul class="docnav"><li class="previous"><a accesskey="p
" href="sect-Defensive_Coding-Tasks-Descriptors.html"><strong>Prev</strong></a></li><li class="next"><a accesskey="n" href="sect-Defensive_Coding-Tasks-Descriptors-Limit.html"><strong>Next</strong></a></li></ul><div class="section" id="sect-Defensive_Coding-Tasks-Descriptors-Child_Processes"><div class="titlepage"><div><div keep-together.within-column="always"><h2 class="title">6.2. Preventing file descriptor leaks to child processes</h2></div></div></div><div class="para">
+ </script><link rel="home" href="index.html" title="Defensive Coding" /><link rel="up" href="sect-Defensive_Coding-Tasks-Descriptors.html" title="Chapter 8. File Descriptor Management" /><link rel="prev" href="sect-Defensive_Coding-Tasks-Descriptors.html" title="Chapter 8. File Descriptor Management" /><link rel="next" href="sect-Defensive_Coding-Tasks-Descriptors-Limit.html" title="8.3. Dealing with the select limit" /></head><body class="toc_embeded "><div id="tocdiv" class="toc"><iframe id="tocframe" class="toc" src="../../../../toc.html">This is an iframe, to view it upgrade your browser or enable iframe display.</iframe></div><p id="title"><a class="left" href="http://www.fedoraproject.org"><img src="Common_Content/images/image_left.png" alt="Product Site" /></a><a class="right" href="http://docs.fedoraproject.org"><img src="Common_Content/images/image_right.png" alt="Documentation Site" /></a></p><ul class="docnav"><li class="previous"><a accesskey="p
" href="sect-Defensive_Coding-Tasks-Descriptors.html"><strong>Prev</strong></a></li><li class="next"><a accesskey="n" href="sect-Defensive_Coding-Tasks-Descriptors-Limit.html"><strong>Next</strong></a></li></ul><div class="section" id="sect-Defensive_Coding-Tasks-Descriptors-Child_Processes"><div class="titlepage"><div><div keep-together.within-column="always"><h2 class="title">8.2. Preventing file descriptor leaks to child processes</h2></div></div></div><div class="para">
Child processes created with <code class="function">fork</code> share the initial set of file descriptors with their parent process. By default, file descriptors are also preserved if a new process image is created with <code class="function">execve</code> (or any of the other functions such as <code class="function">system</code> or <code class="function">posix_spawn</code>).
</div><div class="para">
Usually, this behavior is not desirable. There are two ways to turn it off, that is, to prevent new process images from inheriting the file descriptors in the parent process:
@@ -19,7 +19,7 @@
</div></li><li class="listitem"><div class="para">
After calling <code class="function">fork</code>, but before creating a new process image with <code class="function">execve</code>, all file descriptors which the child process will not need are closed.
</div><div class="para">
- Traditionally, this was implemented as a loop over file descriptors ranging from <code class="literal">3</code> to <code class="literal">255</code> and later <code class="literal">1023</code>. But this is only an approximatio because it is possible to create file descriptors outside this range easily (see <a class="xref" href="sect-Defensive_Coding-Tasks-Descriptors-Limit.html">Section 6.3, “Dealing with the <code class="function">select</code> limit”</a>). Another approach reads <code class="filename">/proc/self/fd</code> and closes the unexpected descriptors listed there, but this approach is much slower.
+ Traditionally, this was implemented as a loop over file descriptors ranging from <code class="literal">3</code> to <code class="literal">255</code> and later <code class="literal">1023</code>. But this is only an approximatio because it is possible to create file descriptors outside this range easily (see <a class="xref" href="sect-Defensive_Coding-Tasks-Descriptors-Limit.html">Section 8.3, “Dealing with the <code class="function">select</code> limit”</a>). Another approach reads <code class="filename">/proc/self/fd</code> and closes the unexpected descriptors listed there, but this approach is much slower.
</div></li></ul></div><div class="para">
At present, environments which care about file descriptor leakage implement the second approach. OpenJDK 6 and 7 are among them.
- </div></div><ul class="docnav"><li class="previous"><a accesskey="p" href="sect-Defensive_Coding-Tasks-Descriptors.html"><strong>Prev</strong>Chapter 6. File Descriptor Management</a></li><li class="up"><a accesskey="u" href="#"><strong>Up</strong></a></li><li class="home"><a accesskey="h" href="index.html"><strong>Home</strong></a></li><li class="next"><a accesskey="n" href="sect-Defensive_Coding-Tasks-Descriptors-Limit.html"><strong>Next</strong>6.3. Dealing with the select limit</a></li></ul></body></html>
\ No newline at end of file
+ </div></div><ul class="docnav"><li class="previous"><a accesskey="p" href="sect-Defensive_Coding-Tasks-Descriptors.html"><strong>Prev</strong>Chapter 8. File Descriptor Management</a></li><li class="up"><a accesskey="u" href="#"><strong>Up</strong></a></li><li class="home"><a accesskey="h" href="index.html"><strong>Home</strong></a></li><li class="next"><a accesskey="n" href="sect-Defensive_Coding-Tasks-Descriptors-Limit.html"><strong>Next</strong>8.3. Dealing with the select limit</a></li></ul></body></html>
\ No newline at end of file
diff --git a/public_html/en-US/Fedora_Security_Team/1/html/Defensive_Coding/sect-Defensive_Coding-Tasks-Descriptors-Limit.html b/public_html/en-US/Fedora_Security_Team/1/html/Defensive_Coding/sect-Defensive_Coding-Tasks-Descriptors-Limit.html
index 1d357ff..3217d4f 100644
--- a/public_html/en-US/Fedora_Security_Team/1/html/Defensive_Coding/sect-Defensive_Coding-Tasks-Descriptors-Limit.html
+++ b/public_html/en-US/Fedora_Security_Team/1/html/Defensive_Coding/sect-Defensive_Coding-Tasks-Descriptors-Limit.html
@@ -1,12 +1,12 @@
<?xml version="1.0" encoding="UTF-8" standalone="no"?>
-<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd"><html xmlns="http://www.w3.org/1999/xhtml"><head><meta http-equiv="Content-Type" content="text/html; charset=UTF-8" /><title>6.3. Dealing with the select limit</title><link rel="stylesheet" type="text/css" href="Common_Content/css/default.css" /><link rel="stylesheet" media="print" href="Common_Content/css/print.css" type="text/css" /><meta name="generator" content="publican 2.8" /><meta name="package" content="Fedora_Security_Team-Defensive_Coding-1-en-US--" /><script type="text/javascript" src="../../../../../toc.js"></script><script type="text/javascript">
+<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd"><html xmlns="http://www.w3.org/1999/xhtml"><head><meta http-equiv="Content-Type" content="text/html; charset=UTF-8" /><title>8.3. Dealing with the select limit</title><link rel="stylesheet" type="text/css" href="Common_Content/css/default.css" /><link rel="stylesheet" media="print" href="Common_Content/css/print.css" type="text/css" /><meta name="generator" content="publican 2.8" /><meta name="package" content="Fedora_Security_Team-Defensive_Coding-1-en-US-1-1" /><script type="text/javascript" src="../../../../../toc.js"></script><script type="text/javascript">
addID('Fedora_Security_Team');
addID('Fedora_Security_Team.1');
addID('Fedora_Security_Team.1.books');
addID('Fedora_Security_Team.1.Defensive_Coding');
- </script><link rel="home" href="index.html" title="Defensive Coding" /><link rel="up" href="sect-Defensive_Coding-Tasks-Descriptors.html" title="Chapter 6. File Descriptor Management" /><link rel="prev" href="sect-Defensive_Coding-Tasks-Descriptors-Child_Processes.html" title="6.2. Preventing file descriptor leaks to child processes" /><link rel="next" href="chap-Defensive_Coding-Tasks-File_System.html" title="Chapter 7. File system manipulation" /></head><body class="toc_embeded "><div id="tocdiv" class="toc"><iframe id="tocframe" class="toc" src="../../../../toc.html">This is an iframe, to view it upgrade your browser or enable iframe display.</iframe></div><p id="title"><a class="left" href="http://www.fedoraproject.org"><img src="Common_Content/images/image_left.png" alt="Product Site" /></a><a class="right" href="http://docs.fedoraproject.org"><img src="Common_Content/images/image_right.png" alt="Documentation Site" /></a></p><ul class="docnav"><li cl
ass="previous"><a accesskey="p" href="sect-Defensive_Coding-Tasks-Descriptors-Child_Processes.html"><strong>Prev</strong></a></li><li class="next"><a accesskey="n" href="chap-Defensive_Coding-Tasks-File_System.html"><strong>Next</strong></a></li></ul><div class="section" id="sect-Defensive_Coding-Tasks-Descriptors-Limit"><div class="titlepage"><div><div keep-together.within-column="always"><h2 class="title">6.3. Dealing with the <code class="function">select</code> limit</h2></div></div></div><div class="para">
+ </script><link rel="home" href="index.html" title="Defensive Coding" /><link rel="up" href="sect-Defensive_Coding-Tasks-Descriptors.html" title="Chapter 8. File Descriptor Management" /><link rel="prev" href="sect-Defensive_Coding-Tasks-Descriptors-Child_Processes.html" title="8.2. Preventing file descriptor leaks to child processes" /><link rel="next" href="chap-Defensive_Coding-Tasks-File_System.html" title="Chapter 9. File system manipulation" /></head><body class="toc_embeded "><div id="tocdiv" class="toc"><iframe id="tocframe" class="toc" src="../../../../toc.html">This is an iframe, to view it upgrade your browser or enable iframe display.</iframe></div><p id="title"><a class="left" href="http://www.fedoraproject.org"><img src="Common_Content/images/image_left.png" alt="Product Site" /></a><a class="right" href="http://docs.fedoraproject.org"><img src="Common_Content/images/image_right.png" alt="Documentation Site" /></a></p><ul class="docnav"><li cl
ass="previous"><a accesskey="p" href="sect-Defensive_Coding-Tasks-Descriptors-Child_Processes.html"><strong>Prev</strong></a></li><li class="next"><a accesskey="n" href="chap-Defensive_Coding-Tasks-File_System.html"><strong>Next</strong></a></li></ul><div class="section" id="sect-Defensive_Coding-Tasks-Descriptors-Limit"><div class="titlepage"><div><div keep-together.within-column="always"><h2 class="title">8.3. Dealing with the <code class="function">select</code> limit</h2></div></div></div><div class="para">
By default, a user is allowed to open only 1024 files in a single process, but the system administrator can easily change this limit (which is necessary for busy network servers). However, there is another restriction which is more difficult to overcome.
</div><div class="para">
The <code class="function">select</code> function only supports a maximum of <code class="literal">FD_SETSIZE</code> file descriptors (that is, the maximum permitted value for a file descriptor is <code class="literal">FD_SETSIZE - 1</code>, usually 1023.) If a process opens many files, descriptors may exceed such limits. It is impossible to query such descriptors using <code class="function">select</code>.
@@ -26,4 +26,4 @@
Close <code class="literal">fd</code> and continue to use <code class="literal">newfd</code>.
</div></li></ul></div><div class="para">
The new descriptor has been allocated above the <code class="literal">FD_SETSIZE</code>. Even though this algorithm is racy in the sense that the <code class="literal">FD_SETSIZE</code> first descriptors could fill up, a very high degree of physical parallelism is required before this becomes a problem.
- </div></div><ul class="docnav"><li class="previous"><a accesskey="p" href="sect-Defensive_Coding-Tasks-Descriptors-Child_Processes.html"><strong>Prev</strong>6.2. Preventing file descriptor leaks to child pr...</a></li><li class="up"><a accesskey="u" href="#"><strong>Up</strong></a></li><li class="home"><a accesskey="h" href="index.html"><strong>Home</strong></a></li><li class="next"><a accesskey="n" href="chap-Defensive_Coding-Tasks-File_System.html"><strong>Next</strong>Chapter 7. File system manipulation</a></li></ul></body></html>
\ No newline at end of file
+ </div></div><ul class="docnav"><li class="previous"><a accesskey="p" href="sect-Defensive_Coding-Tasks-Descriptors-Child_Processes.html"><strong>Prev</strong>8.2. Preventing file descriptor leaks to child pr...</a></li><li class="up"><a accesskey="u" href="#"><strong>Up</strong></a></li><li class="home"><a accesskey="h" href="index.html"><strong>Home</strong></a></li><li class="next"><a accesskey="n" href="chap-Defensive_Coding-Tasks-File_System.html"><strong>Next</strong>Chapter 9. File system manipulation</a></li></ul></body></html>
\ No newline at end of file
diff --git a/public_html/en-US/Fedora_Security_Team/1/html/Defensive_Coding/sect-Defensive_Coding-Tasks-Descriptors.html b/public_html/en-US/Fedora_Security_Team/1/html/Defensive_Coding/sect-Defensive_Coding-Tasks-Descriptors.html
index 74fd3e4..3417132 100644
--- a/public_html/en-US/Fedora_Security_Team/1/html/Defensive_Coding/sect-Defensive_Coding-Tasks-Descriptors.html
+++ b/public_html/en-US/Fedora_Security_Team/1/html/Defensive_Coding/sect-Defensive_Coding-Tasks-Descriptors.html
@@ -1,20 +1,20 @@
<?xml version="1.0" encoding="UTF-8" standalone="no"?>
-<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd"><html xmlns="http://www.w3.org/1999/xhtml"><head><meta http-equiv="Content-Type" content="text/html; charset=UTF-8" /><title>Chapter 6. File Descriptor Management</title><link rel="stylesheet" type="text/css" href="Common_Content/css/default.css" /><link rel="stylesheet" media="print" href="Common_Content/css/print.css" type="text/css" /><meta name="generator" content="publican 2.8" /><meta name="package" content="Fedora_Security_Team-Defensive_Coding-1-en-US--" /><script type="text/javascript" src="../../../../../toc.js"></script><script type="text/javascript">
+<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd"><html xmlns="http://www.w3.org/1999/xhtml"><head><meta http-equiv="Content-Type" content="text/html; charset=UTF-8" /><title>Chapter 8. File Descriptor Management</title><link rel="stylesheet" type="text/css" href="Common_Content/css/default.css" /><link rel="stylesheet" media="print" href="Common_Content/css/print.css" type="text/css" /><meta name="generator" content="publican 2.8" /><meta name="package" content="Fedora_Security_Team-Defensive_Coding-1-en-US-1-1" /><script type="text/javascript" src="../../../../../toc.js"></script><script type="text/javascript">
addID('Fedora_Security_Team');
addID('Fedora_Security_Team.1');
addID('Fedora_Security_Team.1.books');
addID('Fedora_Security_Team.1.Defensive_Coding');
- </script><link rel="home" href="index.html" title="Defensive Coding" /><link rel="up" href="pt02.html" title="Part II. Specific Programming Tasks" /><link rel="prev" href="ch05s04.html" title="5.4. Process attributes" /><link rel="next" href="sect-Defensive_Coding-Tasks-Descriptors-Child_Processes.html" title="6.2. Preventing file descriptor leaks to child processes" /></head><body class="toc_embeded "><div id="tocdiv" class="toc"><iframe id="tocframe" class="toc" src="../../../../toc.html">This is an iframe, to view it upgrade your browser or enable iframe display.</iframe></div><p id="title"><a class="left" href="http://www.fedoraproject.org"><img src="Common_Content/images/image_left.png" alt="Product Site" /></a><a class="right" href="http://docs.fedoraproject.org"><img src="Common_Content/images/image_right.png" alt="Documentation Site" /></a></p><ul class="docnav"><li class="previous"><a accesskey="p" href="ch05s04.html"><strong>Prev</strong></a></li>
<li class="next"><a accesskey="n" href="sect-Defensive_Coding-Tasks-Descriptors-Child_Processes.html"><strong>Next</strong></a></li></ul><div xml:lang="en-US" class="chapter" id="sect-Defensive_Coding-Tasks-Descriptors" lang="en-US"><div class="titlepage"><div><div><h2 class="title">Chapter 6. File Descriptor Management</h2></div></div></div><div class="toc"><dl class="toc"><dt><span class="section"><a href="sect-Defensive_Coding-Tasks-Descriptors.html#idm217651037600">6.1. Closing descriptors</a></span></dt><dd><dl><dt><span class="section"><a href="sect-Defensive_Coding-Tasks-Descriptors.html#idm217622290176">6.1.1. Error handling during descriptor close</a></span></dt><dt><span class="section"><a href="sect-Defensive_Coding-Tasks-Descriptors.html#idm217615274224">6.1.2. Closing descriptors and race conditions</a></span></dt><dt><span class="section"><a href="sect-Defensive_Coding-Tasks-Descriptors.html#idm217617186816">6.1.3. Lingering state after close</a></span></dt><
/dl></dd><dt><span class="section"><a href="sect-Defensive_Coding-Tasks-Descriptors-Child_Processes.html">6.2. Preventing file descriptor leaks to child processes</a></span></dt><dt><span class="section"><a href="sect-Defensive_Coding-Tasks-Descriptors-Limit.html">6.3. Dealing with the <code class="function">select</code> limit</a></span></dt></dl></div><div class="para">
+ </script><link rel="home" href="index.html" title="Defensive Coding" /><link rel="up" href="pt02.html" title="Part II. Specific Programming Tasks" /><link rel="prev" href="ch07s04.html" title="7.4. Process attributes" /><link rel="next" href="sect-Defensive_Coding-Tasks-Descriptors-Child_Processes.html" title="8.2. Preventing file descriptor leaks to child processes" /></head><body class="toc_embeded "><div id="tocdiv" class="toc"><iframe id="tocframe" class="toc" src="../../../../toc.html">This is an iframe, to view it upgrade your browser or enable iframe display.</iframe></div><p id="title"><a class="left" href="http://www.fedoraproject.org"><img src="Common_Content/images/image_left.png" alt="Product Site" /></a><a class="right" href="http://docs.fedoraproject.org"><img src="Common_Content/images/image_right.png" alt="Documentation Site" /></a></p><ul class="docnav"><li class="previous"><a accesskey="p" href="ch07s04.html"><strong>Prev</strong></a></li>
<li class="next"><a accesskey="n" href="sect-Defensive_Coding-Tasks-Descriptors-Child_Processes.html"><strong>Next</strong></a></li></ul><div xml:lang="en-US" class="chapter" id="sect-Defensive_Coding-Tasks-Descriptors" lang="en-US"><div class="titlepage"><div><div><h2 class="title">Chapter 8. File Descriptor Management</h2></div></div></div><div class="toc"><dl class="toc"><dt><span class="section"><a href="sect-Defensive_Coding-Tasks-Descriptors.html#idm225440737696">8.1. Closing descriptors</a></span></dt><dd><dl><dt><span class="section"><a href="sect-Defensive_Coding-Tasks-Descriptors.html#idm225454974624">8.1.1. Error handling during descriptor close</a></span></dt><dt><span class="section"><a href="sect-Defensive_Coding-Tasks-Descriptors.html#idm225452561072">8.1.2. Closing descriptors and race conditions</a></span></dt><dt><span class="section"><a href="sect-Defensive_Coding-Tasks-Descriptors.html#idm225462035824">8.1.3. Lingering state after close</a></span></dt><
/dl></dd><dt><span class="section"><a href="sect-Defensive_Coding-Tasks-Descriptors-Child_Processes.html">8.2. Preventing file descriptor leaks to child processes</a></span></dt><dt><span class="section"><a href="sect-Defensive_Coding-Tasks-Descriptors-Limit.html">8.3. Dealing with the <code class="function">select</code> limit</a></span></dt></dl></div><div class="para">
File descriptors underlie all input/output mechanisms offered by the system. They are used to implementation the <code class="literal">FILE *</code>-based functions found in <code class="literal"><stdio.h></code>, and all the file and network communication facilities provided by the Python and Java environments are eventually implemented in them.
</div><div class="para">
File descriptors are small, non-negative integers in userspace, and are backed on the kernel side with complicated data structures which can sometimes grow very large.
- </div><div class="section" id="idm217651037600"><div class="titlepage"><div><div keep-together.within-column="always"><h2 class="title" id="idm217651037600">6.1. Closing descriptors</h2></div></div></div><div class="para">
- If a descriptor is no longer used by a program and is not closed explicitly, its number cannot be reused (which is problematic in itself, see <a class="xref" href="sect-Defensive_Coding-Tasks-Descriptors-Limit.html">Section 6.3, “Dealing with the <code class="function">select</code> limit”</a>), and the kernel resources are not freed. Therefore, it is important to close all descriptors at the earlierst point in time possible, but not earlier.
- </div><div class="section" id="idm217622290176"><div class="titlepage"><div><div keep-together.within-column="always"><h3 class="title" id="idm217622290176">6.1.1. Error handling during descriptor close</h3></div></div></div><div class="para">
+ </div><div class="section" id="idm225440737696"><div class="titlepage"><div><div keep-together.within-column="always"><h2 class="title" id="idm225440737696">8.1. Closing descriptors</h2></div></div></div><div class="para">
+ If a descriptor is no longer used by a program and is not closed explicitly, its number cannot be reused (which is problematic in itself, see <a class="xref" href="sect-Defensive_Coding-Tasks-Descriptors-Limit.html">Section 8.3, “Dealing with the <code class="function">select</code> limit”</a>), and the kernel resources are not freed. Therefore, it is important to close all descriptors at the earlierst point in time possible, but not earlier.
+ </div><div class="section" id="idm225454974624"><div class="titlepage"><div><div keep-together.within-column="always"><h3 class="title" id="idm225454974624">8.1.1. Error handling during descriptor close</h3></div></div></div><div class="para">
The <code class="function">close</code> system call is always successful in the sense that the passed file descriptor is never valid after the function has been called. However, <code class="function">close</code> still can return an error, for example if there was a file system failure. But this error is not very useful because the absence of an error does not mean that all caches have been emptied and previous writes have been made durable. Programs which need such guarantees must open files with <code class="literal">O_SYNC</code> or use <code class="literal">fsync</code> or <code class="literal">fdatasync</code>, and may also have to <code class="literal">fsync</code> the directory containing the file.
- </div></div><div class="section" id="idm217615274224"><div class="titlepage"><div><div keep-together.within-column="always"><h3 class="title" id="idm217615274224">6.1.2. Closing descriptors and race conditions</h3></div></div></div><div class="para">
+ </div></div><div class="section" id="idm225452561072"><div class="titlepage"><div><div keep-together.within-column="always"><h3 class="title" id="idm225452561072">8.1.2. Closing descriptors and race conditions</h3></div></div></div><div class="para">
Unlike process IDs, which are recycle only gradually, the kernel always allocates the lowest unused file descriptor when a new descriptor is created. This means that in a multi-threaded program which constantly opens and closes file descriptors, descriptors are reused very quickly. Unless descriptor closing and other operations on the same file descriptor are synchronized (typically, using a mutex), there will be race coniditons and I/O operations will be applied to the wrong file descriptor.
</div><div class="para">
Sometimes, it is necessary to close a file descriptor concurrently, while another thread might be about to use it in a system call. In order to support this, a program needs to create a single special file descriptor, one on which all I/O operations fail. One way to achieve this is to use <code class="function">socketpair</code>, close one of the descriptors, and call <code class="literal">shutdown(fd, SHUTRDWR)</code> on the other.
@@ -22,7 +22,7 @@
When a descriptor is closed concurrently, the program does not call <code class="function">close</code> on the descriptor. Instead it program uses <code class="function">dup2</code> to replace the descriptor to be closed with the dummy descriptor created earlier. This way, the kernel will not reuse the descriptor, but it will carry out all other steps associated with calling a descriptor (for instance, if the descriptor refers to a stream socket, the peer will be notified).
</div><div class="para">
This is just a sketch, and many details are missing. Additional data structures are needed to determine when it is safe to really close the descriptor, and proper locking is required for that.
- </div></div><div class="section" id="idm217617186816"><div class="titlepage"><div><div keep-together.within-column="always"><h3 class="title" id="idm217617186816">6.1.3. Lingering state after close</h3></div></div></div><div class="para">
+ </div></div><div class="section" id="idm225462035824"><div class="titlepage"><div><div keep-together.within-column="always"><h3 class="title" id="idm225462035824">8.1.3. Lingering state after close</h3></div></div></div><div class="para">
By default, closing a stream socket returns immediately, and the kernel will try to send the data in the background. This means that it is impossible to implement accurate accounting of network-related resource utilization from userspace.
</div><div class="para">
The <code class="literal">SO_LINGER</code> socket option alters the behavior of <code class="function">close</code>, so that it will return only after the lingering data has been processed, either by sending it to the peer successfully, or by discarding it after the configured timeout. However, there is no interface which could perform this operation in the background, so a separate userspace thread is needed for each <code class="function">close</code> call, causing scalability issues.
@@ -30,4 +30,4 @@
Currently, there is no application-level countermeasure which applies universally. Mitigation is possible with <span class="application"><strong>iptables</strong></span> (the <code class="literal">connlimit</code> match type in particular) and specialized filtering devices for denial-of-service network traffic.
</div><div class="para">
These problems are not related to the <code class="literal">TIME_WAIT</code> state commonly seen in <span class="application"><strong>netstat</strong></span> output. The kernel automatically expires such sockets if necessary.
- </div></div></div></div><ul class="docnav"><li class="previous"><a accesskey="p" href="ch05s04.html"><strong>Prev</strong>5.4. Process attributes</a></li><li class="up"><a accesskey="u" href="#"><strong>Up</strong></a></li><li class="home"><a accesskey="h" href="index.html"><strong>Home</strong></a></li><li class="next"><a accesskey="n" href="sect-Defensive_Coding-Tasks-Descriptors-Child_Processes.html"><strong>Next</strong>6.2. Preventing file descriptor leaks to child pr...</a></li></ul></body></html>
\ No newline at end of file
+ </div></div></div></div><ul class="docnav"><li class="previous"><a accesskey="p" href="ch07s04.html"><strong>Prev</strong>7.4. Process attributes</a></li><li class="up"><a accesskey="u" href="#"><strong>Up</strong></a></li><li class="home"><a accesskey="h" href="index.html"><strong>Home</strong></a></li><li class="next"><a accesskey="n" href="sect-Defensive_Coding-Tasks-Descriptors-Child_Processes.html"><strong>Next</strong>8.2. Preventing file descriptor leaks to child pr...</a></li></ul></body></html>
\ No newline at end of file
diff --git a/public_html/en-US/Fedora_Security_Team/1/html/Defensive_Coding/sect-Defensive_Coding-Tasks-File_System-Features.html b/public_html/en-US/Fedora_Security_Team/1/html/Defensive_Coding/sect-Defensive_Coding-Tasks-File_System-Features.html
index 6d95ea5..f0af83f 100644
--- a/public_html/en-US/Fedora_Security_Team/1/html/Defensive_Coding/sect-Defensive_Coding-Tasks-File_System-Features.html
+++ b/public_html/en-US/Fedora_Security_Team/1/html/Defensive_Coding/sect-Defensive_Coding-Tasks-File_System-Features.html
@@ -1,12 +1,12 @@
<?xml version="1.0" encoding="UTF-8" standalone="no"?>
-<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd"><html xmlns="http://www.w3.org/1999/xhtml"><head><meta http-equiv="Content-Type" content="text/html; charset=UTF-8" /><title>7.4. File system features</title><link rel="stylesheet" type="text/css" href="Common_Content/css/default.css" /><link rel="stylesheet" media="print" href="Common_Content/css/print.css" type="text/css" /><meta name="generator" content="publican 2.8" /><meta name="package" content="Fedora_Security_Team-Defensive_Coding-1-en-US--" /><script type="text/javascript" src="../../../../../toc.js"></script><script type="text/javascript">
+<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd"><html xmlns="http://www.w3.org/1999/xhtml"><head><meta http-equiv="Content-Type" content="text/html; charset=UTF-8" /><title>9.4. File system features</title><link rel="stylesheet" type="text/css" href="Common_Content/css/default.css" /><link rel="stylesheet" media="print" href="Common_Content/css/print.css" type="text/css" /><meta name="generator" content="publican 2.8" /><meta name="package" content="Fedora_Security_Team-Defensive_Coding-1-en-US-1-1" /><script type="text/javascript" src="../../../../../toc.js"></script><script type="text/javascript">
addID('Fedora_Security_Team');
addID('Fedora_Security_Team.1');
addID('Fedora_Security_Team.1.books');
addID('Fedora_Security_Team.1.Defensive_Coding');
- </script><link rel="home" href="index.html" title="Defensive Coding" /><link rel="up" href="chap-Defensive_Coding-Tasks-File_System.html" title="Chapter 7. File system manipulation" /><link rel="prev" href="sect-Defensive_Coding-Tasks-File_System-Limits.html" title="7.3. File system limits" /><link rel="next" href="sect-Defensive_Coding-Tasks-File_System-Free_Space.html" title="7.5. Checking free space" /></head><body class="toc_embeded "><div id="tocdiv" class="toc"><iframe id="tocframe" class="toc" src="../../../../toc.html">This is an iframe, to view it upgrade your browser or enable iframe display.</iframe></div><p id="title"><a class="left" href="http://www.fedoraproject.org"><img src="Common_Content/images/image_left.png" alt="Product Site" /></a><a class="right" href="http://docs.fedoraproject.org"><img src="Common_Content/images/image_right.png" alt="Documentation Site" /></a></p><ul class="docnav"><li class="previous"><a accesskey="p" href="sect-De
fensive_Coding-Tasks-File_System-Limits.html"><strong>Prev</strong></a></li><li class="next"><a accesskey="n" href="sect-Defensive_Coding-Tasks-File_System-Free_Space.html"><strong>Next</strong></a></li></ul><div class="section" id="sect-Defensive_Coding-Tasks-File_System-Features"><div class="titlepage"><div><div keep-together.within-column="always"><h2 class="title">7.4. File system features</h2></div></div></div><div class="para">
+ </script><link rel="home" href="index.html" title="Defensive Coding" /><link rel="up" href="chap-Defensive_Coding-Tasks-File_System.html" title="Chapter 9. File system manipulation" /><link rel="prev" href="sect-Defensive_Coding-Tasks-File_System-Limits.html" title="9.3. File system limits" /><link rel="next" href="sect-Defensive_Coding-Tasks-File_System-Free_Space.html" title="9.5. Checking free space" /></head><body class="toc_embeded "><div id="tocdiv" class="toc"><iframe id="tocframe" class="toc" src="../../../../toc.html">This is an iframe, to view it upgrade your browser or enable iframe display.</iframe></div><p id="title"><a class="left" href="http://www.fedoraproject.org"><img src="Common_Content/images/image_left.png" alt="Product Site" /></a><a class="right" href="http://docs.fedoraproject.org"><img src="Common_Content/images/image_right.png" alt="Documentation Site" /></a></p><ul class="docnav"><li class="previous"><a accesskey="p" href="sect-De
fensive_Coding-Tasks-File_System-Limits.html"><strong>Prev</strong></a></li><li class="next"><a accesskey="n" href="sect-Defensive_Coding-Tasks-File_System-Free_Space.html"><strong>Next</strong></a></li></ul><div class="section" id="sect-Defensive_Coding-Tasks-File_System-Features"><div class="titlepage"><div><div keep-together.within-column="always"><h2 class="title">9.4. File system features</h2></div></div></div><div class="para">
Not all file systems support all features. This makes it very difficult to write general-purpose tools for copying files. For example, a copy operation intending to preserve file permissions will generally fail when copying to a FAT file system.
</div><div class="itemizedlist"><ul><li class="listitem"><div class="para">
Some file systems are case-insensitive. Most should be case-preserving, though.
@@ -32,4 +32,4 @@
Locking semantics vary among file systems. This affects advisory and mandatory locks. For example, some network file systems do not allow deleting files which are opened by any process.
</div></li><li class="listitem"><div class="para">
Resolution of time stamps varies from two seconds to nanoseconds. Not all time stamps are available on all file systems. File creation time (<span class="emphasis"><em>birth time</em></span>) is not exposed over the <code class="function">stat</code>/<code class="function">fstat</code> interface, even if stored by the file system.
- </div></li></ul></div></div><ul class="docnav"><li class="previous"><a accesskey="p" href="sect-Defensive_Coding-Tasks-File_System-Limits.html"><strong>Prev</strong>7.3. File system limits</a></li><li class="up"><a accesskey="u" href="#"><strong>Up</strong></a></li><li class="home"><a accesskey="h" href="index.html"><strong>Home</strong></a></li><li class="next"><a accesskey="n" href="sect-Defensive_Coding-Tasks-File_System-Free_Space.html"><strong>Next</strong>7.5. Checking free space</a></li></ul></body></html>
\ No newline at end of file
+ </div></li></ul></div></div><ul class="docnav"><li class="previous"><a accesskey="p" href="sect-Defensive_Coding-Tasks-File_System-Limits.html"><strong>Prev</strong>9.3. File system limits</a></li><li class="up"><a accesskey="u" href="#"><strong>Up</strong></a></li><li class="home"><a accesskey="h" href="index.html"><strong>Home</strong></a></li><li class="next"><a accesskey="n" href="sect-Defensive_Coding-Tasks-File_System-Free_Space.html"><strong>Next</strong>9.5. Checking free space</a></li></ul></body></html>
\ No newline at end of file
diff --git a/public_html/en-US/Fedora_Security_Team/1/html/Defensive_Coding/sect-Defensive_Coding-Tasks-File_System-Foreign.html b/public_html/en-US/Fedora_Security_Team/1/html/Defensive_Coding/sect-Defensive_Coding-Tasks-File_System-Foreign.html
index 67d5336..efb9dde 100644
--- a/public_html/en-US/Fedora_Security_Team/1/html/Defensive_Coding/sect-Defensive_Coding-Tasks-File_System-Foreign.html
+++ b/public_html/en-US/Fedora_Security_Team/1/html/Defensive_Coding/sect-Defensive_Coding-Tasks-File_System-Foreign.html
@@ -1,17 +1,17 @@
<?xml version="1.0" encoding="UTF-8" standalone="no"?>
-<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd"><html xmlns="http://www.w3.org/1999/xhtml"><head><meta http-equiv="Content-Type" content="text/html; charset=UTF-8" /><title>7.2. Accessing the file system as a different user</title><link rel="stylesheet" type="text/css" href="Common_Content/css/default.css" /><link rel="stylesheet" media="print" href="Common_Content/css/print.css" type="text/css" /><meta name="generator" content="publican 2.8" /><meta name="package" content="Fedora_Security_Team-Defensive_Coding-1-en-US--" /><script type="text/javascript" src="../../../../../toc.js"></script><script type="text/javascript">
+<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd"><html xmlns="http://www.w3.org/1999/xhtml"><head><meta http-equiv="Content-Type" content="text/html; charset=UTF-8" /><title>9.2. Accessing the file system as a different user</title><link rel="stylesheet" type="text/css" href="Common_Content/css/default.css" /><link rel="stylesheet" media="print" href="Common_Content/css/print.css" type="text/css" /><meta name="generator" content="publican 2.8" /><meta name="package" content="Fedora_Security_Team-Defensive_Coding-1-en-US-1-1" /><script type="text/javascript" src="../../../../../toc.js"></script><script type="text/javascript">
addID('Fedora_Security_Team');
addID('Fedora_Security_Team.1');
addID('Fedora_Security_Team.1.books');
addID('Fedora_Security_Team.1.Defensive_Coding');
- </script><link rel="home" href="index.html" title="Defensive Coding" /><link rel="up" href="chap-Defensive_Coding-Tasks-File_System.html" title="Chapter 7. File system manipulation" /><link rel="prev" href="chap-Defensive_Coding-Tasks-File_System.html" title="Chapter 7. File system manipulation" /><link rel="next" href="sect-Defensive_Coding-Tasks-File_System-Limits.html" title="7.3. File system limits" /></head><body class="toc_embeded "><div id="tocdiv" class="toc"><iframe id="tocframe" class="toc" src="../../../../toc.html">This is an iframe, to view it upgrade your browser or enable iframe display.</iframe></div><p id="title"><a class="left" href="http://www.fedoraproject.org"><img src="Common_Content/images/image_left.png" alt="Product Site" /></a><a class="right" href="http://docs.fedoraproject.org"><img src="Common_Content/images/image_right.png" alt="Documentation Site" /></a></p><ul class="docnav"><li class="previous"><a accesskey="p" href="chap-D
efensive_Coding-Tasks-File_System.html"><strong>Prev</strong></a></li><li class="next"><a accesskey="n" href="sect-Defensive_Coding-Tasks-File_System-Limits.html"><strong>Next</strong></a></li></ul><div class="section" id="sect-Defensive_Coding-Tasks-File_System-Foreign"><div class="titlepage"><div><div keep-together.within-column="always"><h2 class="title">7.2. Accessing the file system as a different user</h2></div></div></div><div class="para">
- This section deals with access to the file system as a specific user. This is different from accessing files and directories owned by a different, potentially untrusted user; see <a class="xref" href="sect-Defensive_Coding-Tasks-File_System-Foreign.html">Section 7.2, “Accessing the file system as a different user”</a>.
+ </script><link rel="home" href="index.html" title="Defensive Coding" /><link rel="up" href="chap-Defensive_Coding-Tasks-File_System.html" title="Chapter 9. File system manipulation" /><link rel="prev" href="chap-Defensive_Coding-Tasks-File_System.html" title="Chapter 9. File system manipulation" /><link rel="next" href="sect-Defensive_Coding-Tasks-File_System-Limits.html" title="9.3. File system limits" /></head><body class="toc_embeded "><div id="tocdiv" class="toc"><iframe id="tocframe" class="toc" src="../../../../toc.html">This is an iframe, to view it upgrade your browser or enable iframe display.</iframe></div><p id="title"><a class="left" href="http://www.fedoraproject.org"><img src="Common_Content/images/image_left.png" alt="Product Site" /></a><a class="right" href="http://docs.fedoraproject.org"><img src="Common_Content/images/image_right.png" alt="Documentation Site" /></a></p><ul class="docnav"><li class="previous"><a accesskey="p" href="chap-D
efensive_Coding-Tasks-File_System.html"><strong>Prev</strong></a></li><li class="next"><a accesskey="n" href="sect-Defensive_Coding-Tasks-File_System-Limits.html"><strong>Next</strong></a></li></ul><div class="section" id="sect-Defensive_Coding-Tasks-File_System-Foreign"><div class="titlepage"><div><div keep-together.within-column="always"><h2 class="title">9.2. Accessing the file system as a different user</h2></div></div></div><div class="para">
+ This section deals with access to the file system as a specific user. This is different from accessing files and directories owned by a different, potentially untrusted user; see <a class="xref" href="sect-Defensive_Coding-Tasks-File_System-Foreign.html">Section 9.2, “Accessing the file system as a different user”</a>.
</div><div class="para">
One approach is to spawn a child process which runs under the target user and group IDs (both effective and real IDs). Note that this child process can block indefinitely, even when processing regular files only. For example, a special FUSE file system could cause the process to hang in uninterruptible sleep inside a <code class="function">stat</code> system call.
</div><div class="para">
An existing process could change its user and group ID using <code class="function">setfsuid</code> and <code class="function">setfsgid</code>. (These functions are preferred over <code class="function">seteuid</code> and <code class="function">setegid</code> because they do not allow the impersonated user to send signals to the process.) These functions are not thread safe. In multi-threaded processes, these operations need to be performed in a single-threaded child process. Unexpected blocking may occur as well.
</div><div class="para">
It is not recommended to try to reimplement the kernel permission checks in user space because the required checks are complex. It is also very difficult to avoid race conditions during path name resolution.
- </div></div><ul class="docnav"><li class="previous"><a accesskey="p" href="chap-Defensive_Coding-Tasks-File_System.html"><strong>Prev</strong>Chapter 7. File system manipulation</a></li><li class="up"><a accesskey="u" href="#"><strong>Up</strong></a></li><li class="home"><a accesskey="h" href="index.html"><strong>Home</strong></a></li><li class="next"><a accesskey="n" href="sect-Defensive_Coding-Tasks-File_System-Limits.html"><strong>Next</strong>7.3. File system limits</a></li></ul></body></html>
\ No newline at end of file
+ </div></div><ul class="docnav"><li class="previous"><a accesskey="p" href="chap-Defensive_Coding-Tasks-File_System.html"><strong>Prev</strong>Chapter 9. File system manipulation</a></li><li class="up"><a accesskey="u" href="#"><strong>Up</strong></a></li><li class="home"><a accesskey="h" href="index.html"><strong>Home</strong></a></li><li class="next"><a accesskey="n" href="sect-Defensive_Coding-Tasks-File_System-Limits.html"><strong>Next</strong>9.3. File system limits</a></li></ul></body></html>
\ No newline at end of file
diff --git a/public_html/en-US/Fedora_Security_Team/1/html/Defensive_Coding/sect-Defensive_Coding-Tasks-File_System-Free_Space.html b/public_html/en-US/Fedora_Security_Team/1/html/Defensive_Coding/sect-Defensive_Coding-Tasks-File_System-Free_Space.html
index 0b471c6..b0a0642 100644
--- a/public_html/en-US/Fedora_Security_Team/1/html/Defensive_Coding/sect-Defensive_Coding-Tasks-File_System-Free_Space.html
+++ b/public_html/en-US/Fedora_Security_Team/1/html/Defensive_Coding/sect-Defensive_Coding-Tasks-File_System-Free_Space.html
@@ -1,11 +1,11 @@
<?xml version="1.0" encoding="UTF-8" standalone="no"?>
-<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd"><html xmlns="http://www.w3.org/1999/xhtml"><head><meta http-equiv="Content-Type" content="text/html; charset=UTF-8" /><title>7.5. Checking free space</title><link rel="stylesheet" type="text/css" href="Common_Content/css/default.css" /><link rel="stylesheet" media="print" href="Common_Content/css/print.css" type="text/css" /><meta name="generator" content="publican 2.8" /><meta name="package" content="Fedora_Security_Team-Defensive_Coding-1-en-US--" /><script type="text/javascript" src="../../../../../toc.js"></script><script type="text/javascript">
+<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd"><html xmlns="http://www.w3.org/1999/xhtml"><head><meta http-equiv="Content-Type" content="text/html; charset=UTF-8" /><title>9.5. Checking free space</title><link rel="stylesheet" type="text/css" href="Common_Content/css/default.css" /><link rel="stylesheet" media="print" href="Common_Content/css/print.css" type="text/css" /><meta name="generator" content="publican 2.8" /><meta name="package" content="Fedora_Security_Team-Defensive_Coding-1-en-US-1-1" /><script type="text/javascript" src="../../../../../toc.js"></script><script type="text/javascript">
addID('Fedora_Security_Team');
addID('Fedora_Security_Team.1');
addID('Fedora_Security_Team.1.books');
addID('Fedora_Security_Team.1.Defensive_Coding');
- </script><link rel="home" href="index.html" title="Defensive Coding" /><link rel="up" href="chap-Defensive_Coding-Tasks-File_System.html" title="Chapter 7. File system manipulation" /><link rel="prev" href="sect-Defensive_Coding-Tasks-File_System-Features.html" title="7.4. File system features" /><link rel="next" href="chap-Defensive_Coding-Tasks-Temporary_Files.html" title="Chapter 8. Temporary files" /></head><body class="toc_embeded "><div id="tocdiv" class="toc"><iframe id="tocframe" class="toc" src="../../../../toc.html">This is an iframe, to view it upgrade your browser or enable iframe display.</iframe></div><p id="title"><a class="left" href="http://www.fedoraproject.org"><img src="Common_Content/images/image_left.png" alt="Product Site" /></a><a class="right" href="http://docs.fedoraproject.org"><img src="Common_Content/images/image_right.png" alt="Documentation Site" /></a></p><ul class="docnav"><li class="previous"><a accesskey="p" href="sect-De
fensive_Coding-Tasks-File_System-Features.html"><strong>Prev</strong></a></li><li class="next"><a accesskey="n" href="chap-Defensive_Coding-Tasks-Temporary_Files.html"><strong>Next</strong></a></li></ul><div class="section" id="sect-Defensive_Coding-Tasks-File_System-Free_Space"><div class="titlepage"><div><div keep-together.within-column="always"><h2 class="title">7.5. Checking free space</h2></div></div></div><div class="para">
+ </script><link rel="home" href="index.html" title="Defensive Coding" /><link rel="up" href="chap-Defensive_Coding-Tasks-File_System.html" title="Chapter 9. File system manipulation" /><link rel="prev" href="sect-Defensive_Coding-Tasks-File_System-Features.html" title="9.4. File system features" /><link rel="next" href="chap-Defensive_Coding-Tasks-Temporary_Files.html" title="Chapter 10. Temporary files" /></head><body class="toc_embeded "><div id="tocdiv" class="toc"><iframe id="tocframe" class="toc" src="../../../../toc.html">This is an iframe, to view it upgrade your browser or enable iframe display.</iframe></div><p id="title"><a class="left" href="http://www.fedoraproject.org"><img src="Common_Content/images/image_left.png" alt="Product Site" /></a><a class="right" href="http://docs.fedoraproject.org"><img src="Common_Content/images/image_right.png" alt="Documentation Site" /></a></p><ul class="docnav"><li class="previous"><a accesskey="p" href="sect-D
efensive_Coding-Tasks-File_System-Features.html"><strong>Prev</strong></a></li><li class="next"><a accesskey="n" href="chap-Defensive_Coding-Tasks-Temporary_Files.html"><strong>Next</strong></a></li></ul><div class="section" id="sect-Defensive_Coding-Tasks-File_System-Free_Space"><div class="titlepage"><div><div keep-together.within-column="always"><h2 class="title">9.5. Checking free space</h2></div></div></div><div class="para">
The <code class="function">statvfs</code> and <code class="function">fstatvfs</code> functions allow programs to examine the number of available blocks and inodes, through the members <code class="literal">f_bfree</code>, <code class="literal">f_bavail</code>, <code class="literal">f_ffree</code>, and <code class="literal">f_favail</code> of <code class="literal">struct statvfs</code>. Some file systems return fictional values in the <code class="literal">f_ffree</code> and <code class="literal">f_favail</code> fields, so the only reliable way to discover if the file system still has space for a file is to try to create it. The <code class="literal">f_bfree</code> field should be reasonably accurate, though.
- </div></div><ul class="docnav"><li class="previous"><a accesskey="p" href="sect-Defensive_Coding-Tasks-File_System-Features.html"><strong>Prev</strong>7.4. File system features</a></li><li class="up"><a accesskey="u" href="#"><strong>Up</strong></a></li><li class="home"><a accesskey="h" href="index.html"><strong>Home</strong></a></li><li class="next"><a accesskey="n" href="chap-Defensive_Coding-Tasks-Temporary_Files.html"><strong>Next</strong>Chapter 8. Temporary files</a></li></ul></body></html>
\ No newline at end of file
+ </div></div><ul class="docnav"><li class="previous"><a accesskey="p" href="sect-Defensive_Coding-Tasks-File_System-Features.html"><strong>Prev</strong>9.4. File system features</a></li><li class="up"><a accesskey="u" href="#"><strong>Up</strong></a></li><li class="home"><a accesskey="h" href="index.html"><strong>Home</strong></a></li><li class="next"><a accesskey="n" href="chap-Defensive_Coding-Tasks-Temporary_Files.html"><strong>Next</strong>Chapter 10. Temporary files</a></li></ul></body></html>
\ No newline at end of file
diff --git a/public_html/en-US/Fedora_Security_Team/1/html/Defensive_Coding/sect-Defensive_Coding-Tasks-File_System-Limits.html b/public_html/en-US/Fedora_Security_Team/1/html/Defensive_Coding/sect-Defensive_Coding-Tasks-File_System-Limits.html
index 66cc537..c6f19cb 100644
--- a/public_html/en-US/Fedora_Security_Team/1/html/Defensive_Coding/sect-Defensive_Coding-Tasks-File_System-Limits.html
+++ b/public_html/en-US/Fedora_Security_Team/1/html/Defensive_Coding/sect-Defensive_Coding-Tasks-File_System-Limits.html
@@ -1,13 +1,13 @@
<?xml version="1.0" encoding="UTF-8" standalone="no"?>
-<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd"><html xmlns="http://www.w3.org/1999/xhtml"><head><meta http-equiv="Content-Type" content="text/html; charset=UTF-8" /><title>7.3. File system limits</title><link rel="stylesheet" type="text/css" href="Common_Content/css/default.css" /><link rel="stylesheet" media="print" href="Common_Content/css/print.css" type="text/css" /><meta name="generator" content="publican 2.8" /><meta name="package" content="Fedora_Security_Team-Defensive_Coding-1-en-US--" /><script type="text/javascript" src="../../../../../toc.js"></script><script type="text/javascript">
+<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd"><html xmlns="http://www.w3.org/1999/xhtml"><head><meta http-equiv="Content-Type" content="text/html; charset=UTF-8" /><title>9.3. File system limits</title><link rel="stylesheet" type="text/css" href="Common_Content/css/default.css" /><link rel="stylesheet" media="print" href="Common_Content/css/print.css" type="text/css" /><meta name="generator" content="publican 2.8" /><meta name="package" content="Fedora_Security_Team-Defensive_Coding-1-en-US-1-1" /><script type="text/javascript" src="../../../../../toc.js"></script><script type="text/javascript">
addID('Fedora_Security_Team');
addID('Fedora_Security_Team.1');
addID('Fedora_Security_Team.1.books');
addID('Fedora_Security_Team.1.Defensive_Coding');
- </script><link rel="home" href="index.html" title="Defensive Coding" /><link rel="up" href="chap-Defensive_Coding-Tasks-File_System.html" title="Chapter 7. File system manipulation" /><link rel="prev" href="sect-Defensive_Coding-Tasks-File_System-Foreign.html" title="7.2. Accessing the file system as a different user" /><link rel="next" href="sect-Defensive_Coding-Tasks-File_System-Features.html" title="7.4. File system features" /></head><body class="toc_embeded "><div id="tocdiv" class="toc"><iframe id="tocframe" class="toc" src="../../../../toc.html">This is an iframe, to view it upgrade your browser or enable iframe display.</iframe></div><p id="title"><a class="left" href="http://www.fedoraproject.org"><img src="Common_Content/images/image_left.png" alt="Product Site" /></a><a class="right" href="http://docs.fedoraproject.org"><img src="Common_Content/images/image_right.png" alt="Documentation Site" /></a></p><ul class="docnav"><li class="previous"><a
accesskey="p" href="sect-Defensive_Coding-Tasks-File_System-Foreign.html"><strong>Prev</strong></a></li><li class="next"><a accesskey="n" href="sect-Defensive_Coding-Tasks-File_System-Features.html"><strong>Next</strong></a></li></ul><div class="section" id="sect-Defensive_Coding-Tasks-File_System-Limits"><div class="titlepage"><div><div keep-together.within-column="always"><h2 class="title">7.3. File system limits</h2></div></div></div><div class="para">
+ </script><link rel="home" href="index.html" title="Defensive Coding" /><link rel="up" href="chap-Defensive_Coding-Tasks-File_System.html" title="Chapter 9. File system manipulation" /><link rel="prev" href="sect-Defensive_Coding-Tasks-File_System-Foreign.html" title="9.2. Accessing the file system as a different user" /><link rel="next" href="sect-Defensive_Coding-Tasks-File_System-Features.html" title="9.4. File system features" /></head><body class="toc_embeded "><div id="tocdiv" class="toc"><iframe id="tocframe" class="toc" src="../../../../toc.html">This is an iframe, to view it upgrade your browser or enable iframe display.</iframe></div><p id="title"><a class="left" href="http://www.fedoraproject.org"><img src="Common_Content/images/image_left.png" alt="Product Site" /></a><a class="right" href="http://docs.fedoraproject.org"><img src="Common_Content/images/image_right.png" alt="Documentation Site" /></a></p><ul class="docnav"><li class="previous"><a
accesskey="p" href="sect-Defensive_Coding-Tasks-File_System-Foreign.html"><strong>Prev</strong></a></li><li class="next"><a accesskey="n" href="sect-Defensive_Coding-Tasks-File_System-Features.html"><strong>Next</strong></a></li></ul><div class="section" id="sect-Defensive_Coding-Tasks-File_System-Limits"><div class="titlepage"><div><div keep-together.within-column="always"><h2 class="title">9.3. File system limits</h2></div></div></div><div class="para">
For historical reasons, there are preprocessor constants such as <code class="literal">PATH_MAX</code>, <code class="literal">NAME_MAX</code>. However, on most systems, the length of canonical path names (absolute path names with all symbolic links resolved, as returned by <code class="function">realpath</code> or <code class="function">canonicalize_file_name</code>) can exceed <code class="literal">PATH_MAX</code> bytes, and individual file name components can be longer than <code class="literal">NAME_MAX</code>. This is also true of the <code class="literal">_PC_PATH_MAX</code> and <code class="literal">_PC_NAME_MAX</code> values returned by <code class="function">pathconf</code>, and the <code class="literal">f_namemax</code> member of <code class="literal">struct statvfs</code>. Therefore, these constants should not be used. This is also reason why the <code class="function">readdir_r</code> should never be used (instead, use <code class="function">readdir</code>).
</div><div class="para">
You should not write code in a way that assumes that there is an upper limit on the number of subdirectories of a directory, the number of regular files in a directory, or the link count of an inode.
- </div></div><ul class="docnav"><li class="previous"><a accesskey="p" href="sect-Defensive_Coding-Tasks-File_System-Foreign.html"><strong>Prev</strong>7.2. Accessing the file system as a different user</a></li><li class="up"><a accesskey="u" href="#"><strong>Up</strong></a></li><li class="home"><a accesskey="h" href="index.html"><strong>Home</strong></a></li><li class="next"><a accesskey="n" href="sect-Defensive_Coding-Tasks-File_System-Features.html"><strong>Next</strong>7.4. File system features</a></li></ul></body></html>
\ No newline at end of file
+ </div></div><ul class="docnav"><li class="previous"><a accesskey="p" href="sect-Defensive_Coding-Tasks-File_System-Foreign.html"><strong>Prev</strong>9.2. Accessing the file system as a different user</a></li><li class="up"><a accesskey="u" href="#"><strong>Up</strong></a></li><li class="home"><a accesskey="h" href="index.html"><strong>Home</strong></a></li><li class="next"><a accesskey="n" href="sect-Defensive_Coding-Tasks-File_System-Features.html"><strong>Next</strong>9.4. File system features</a></li></ul></body></html>
\ No newline at end of file
diff --git a/public_html/en-US/Fedora_Security_Team/1/html/Defensive_Coding/sect-Defensive_Coding-Tasks-Library_Design-Callbacks.html b/public_html/en-US/Fedora_Security_Team/1/html/Defensive_Coding/sect-Defensive_Coding-Tasks-Library_Design-Callbacks.html
index a7fc812..b03e6a4 100644
--- a/public_html/en-US/Fedora_Security_Team/1/html/Defensive_Coding/sect-Defensive_Coding-Tasks-Library_Design-Callbacks.html
+++ b/public_html/en-US/Fedora_Security_Team/1/html/Defensive_Coding/sect-Defensive_Coding-Tasks-Library_Design-Callbacks.html
@@ -1,12 +1,12 @@
<?xml version="1.0" encoding="UTF-8" standalone="no"?>
-<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd"><html xmlns="http://www.w3.org/1999/xhtml"><head><meta http-equiv="Content-Type" content="text/html; charset=UTF-8" /><title>5.3. Callbacks</title><link rel="stylesheet" type="text/css" href="Common_Content/css/default.css" /><link rel="stylesheet" media="print" href="Common_Content/css/print.css" type="text/css" /><meta name="generator" content="publican 2.8" /><meta name="package" content="Fedora_Security_Team-Defensive_Coding-1-en-US--" /><script type="text/javascript" src="../../../../../toc.js"></script><script type="text/javascript">
+<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd"><html xmlns="http://www.w3.org/1999/xhtml"><head><meta http-equiv="Content-Type" content="text/html; charset=UTF-8" /><title>7.3. Callbacks</title><link rel="stylesheet" type="text/css" href="Common_Content/css/default.css" /><link rel="stylesheet" media="print" href="Common_Content/css/print.css" type="text/css" /><meta name="generator" content="publican 2.8" /><meta name="package" content="Fedora_Security_Team-Defensive_Coding-1-en-US-1-1" /><script type="text/javascript" src="../../../../../toc.js"></script><script type="text/javascript">
addID('Fedora_Security_Team');
addID('Fedora_Security_Team.1');
addID('Fedora_Security_Team.1.books');
addID('Fedora_Security_Team.1.Defensive_Coding');
- </script><link rel="home" href="index.html" title="Defensive Coding" /><link rel="up" href="chap-Defensive_Coding-Tasks-Library_Design.html" title="Chapter 5. Library Design" /><link rel="prev" href="ch05s02.html" title="5.2. Object orientation" /><link rel="next" href="ch05s04.html" title="5.4. Process attributes" /></head><body class="toc_embeded "><div id="tocdiv" class="toc"><iframe id="tocframe" class="toc" src="../../../../toc.html">This is an iframe, to view it upgrade your browser or enable iframe display.</iframe></div><p id="title"><a class="left" href="http://www.fedoraproject.org"><img src="Common_Content/images/image_left.png" alt="Product Site" /></a><a class="right" href="http://docs.fedoraproject.org"><img src="Common_Content/images/image_right.png" alt="Documentation Site" /></a></p><ul class="docnav"><li class="previous"><a accesskey="p" href="ch05s02.html"><strong>Prev</strong></a></li><li class="next"><a accesskey="n" href="ch05s04.html"
><strong>Next</strong></a></li></ul><div class="section" id="sect-Defensive_Coding-Tasks-Library_Design-Callbacks"><div class="titlepage"><div><div keep-together.within-column="always"><h2 class="title">5.3. Callbacks</h2></div></div></div><div class="para">
+ </script><link rel="home" href="index.html" title="Defensive Coding" /><link rel="up" href="chap-Defensive_Coding-Tasks-Library_Design.html" title="Chapter 7. Library Design" /><link rel="prev" href="ch07s02.html" title="7.2. Object orientation" /><link rel="next" href="ch07s04.html" title="7.4. Process attributes" /></head><body class="toc_embeded "><div id="tocdiv" class="toc"><iframe id="tocframe" class="toc" src="../../../../toc.html">This is an iframe, to view it upgrade your browser or enable iframe display.</iframe></div><p id="title"><a class="left" href="http://www.fedoraproject.org"><img src="Common_Content/images/image_left.png" alt="Product Site" /></a><a class="right" href="http://docs.fedoraproject.org"><img src="Common_Content/images/image_right.png" alt="Documentation Site" /></a></p><ul class="docnav"><li class="previous"><a accesskey="p" href="ch07s02.html"><strong>Prev</strong></a></li><li class="next"><a accesskey="n" href="ch07s04.html"
><strong>Next</strong></a></li></ul><div class="section" id="sect-Defensive_Coding-Tasks-Library_Design-Callbacks"><div class="titlepage"><div><div keep-together.within-column="always"><h2 class="title">7.3. Callbacks</h2></div></div></div><div class="para">
Higher-order code is difficult to analyze for humans and computers alike, so it should be avoided. Often, an iterator-based interface (a library function which is called repeatedly by client code and returns a stream of events) leads to a better design which is easier to document and use.
</div><div class="para">
If callbacks are unavoidable, some guidelines for them follow.
@@ -18,4 +18,4 @@
Callbacks can throw exceptions or call <code class="function">longjmp</code>. If possible, all library objects should remain in a valid state. (All further operations on them can fail, but it should be possible to deallocate them without causing resource leaks.)
</div><div class="para">
The presence of callbacks raises the question if functions provided by the library are <span class="emphasis"><em>reentrant</em></span>. Unless a library was designed for such use, bad things will happen if a callback function uses functions in the same library (particularly if they are invoked on the same objects and manipulate the same state). When the callback is invoked, the library can be in an inconsistent state. Reentrant functions are more difficult to write than thread-safe functions (by definition, simple locking would immediately lead to deadlocks). It is also difficult to decide what to do when destruction of an object which is currently processing a callback is requested.
- </div></div><ul class="docnav"><li class="previous"><a accesskey="p" href="ch05s02.html"><strong>Prev</strong>5.2. Object orientation</a></li><li class="up"><a accesskey="u" href="#"><strong>Up</strong></a></li><li class="home"><a accesskey="h" href="index.html"><strong>Home</strong></a></li><li class="next"><a accesskey="n" href="ch05s04.html"><strong>Next</strong>5.4. Process attributes</a></li></ul></body></html>
\ No newline at end of file
+ </div></div><ul class="docnav"><li class="previous"><a accesskey="p" href="ch07s02.html"><strong>Prev</strong>7.2. Object orientation</a></li><li class="up"><a accesskey="u" href="#"><strong>Up</strong></a></li><li class="home"><a accesskey="h" href="index.html"><strong>Home</strong></a></li><li class="next"><a accesskey="n" href="ch07s04.html"><strong>Next</strong>7.4. Process attributes</a></li></ul></body></html>
\ No newline at end of file
diff --git a/public_html/en-US/Fedora_Security_Team/1/html/Defensive_Coding/sect-Defensive_Coding-Tasks-Packaging-Certificates-Service.html b/public_html/en-US/Fedora_Security_Team/1/html/Defensive_Coding/sect-Defensive_Coding-Tasks-Packaging-Certificates-Service.html
new file mode 100644
index 0000000..51e4a59
--- /dev/null
+++ b/public_html/en-US/Fedora_Security_Team/1/html/Defensive_Coding/sect-Defensive_Coding-Tasks-Packaging-Certificates-Service.html
@@ -0,0 +1,15 @@
+<?xml version="1.0" encoding="UTF-8" standalone="no"?>
+<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd"><html xmlns="http://www.w3.org/1999/xhtml"><head><meta http-equiv="Content-Type" content="text/html; charset=UTF-8" /><title>14.2. Generating X.509 self-signed certificates before service start</title><link rel="stylesheet" type="text/css" href="Common_Content/css/default.css" /><link rel="stylesheet" media="print" href="Common_Content/css/print.css" type="text/css" /><meta name="generator" content="publican 2.8" /><meta name="package" content="Fedora_Security_Team-Defensive_Coding-1-en-US-1-1" /><script type="text/javascript" src="../../../../../toc.js"></script><script type="text/javascript">
+ addID('Fedora_Security_Team');
+
+ addID('Fedora_Security_Team.1');
+
+ addID('Fedora_Security_Team.1.books');
+ addID('Fedora_Security_Team.1.Defensive_Coding');
+ </script><link rel="home" href="index.html" title="Defensive Coding" /><link rel="up" href="chap-Defensive_Coding-Tasks-Packaging.html" title="Chapter 14. RPM packaging" /><link rel="prev" href="chap-Defensive_Coding-Tasks-Packaging.html" title="Chapter 14. RPM packaging" /><link rel="next" href="pt03.html" title="Part III. Implementing Security Features" /></head><body class="toc_embeded "><div id="tocdiv" class="toc"><iframe id="tocframe" class="toc" src="../../../../toc.html">This is an iframe, to view it upgrade your browser or enable iframe display.</iframe></div><p id="title"><a class="left" href="http://www.fedoraproject.org"><img src="Common_Content/images/image_left.png" alt="Product Site" /></a><a class="right" href="http://docs.fedoraproject.org"><img src="Common_Content/images/image_right.png" alt="Documentation Site" /></a></p><ul class="docnav"><li class="previous"><a accesskey="p" href="chap-Defensive_Coding-Tasks-Packaging.html"><strong>Pr
ev</strong></a></li><li class="next"><a accesskey="n" href="pt03.html"><strong>Next</strong></a></li></ul><div class="section" id="sect-Defensive_Coding-Tasks-Packaging-Certificates-Service"><div class="titlepage"><div><div keep-together.within-column="always"><h2 class="title">14.2. Generating X.509 self-signed certificates before service start</h2></div></div></div><div class="para">
+ An alternative way to automatically provide an X.509 key pair is to create it just before the service is started for the first time. This ensures that installation images which are created from installed RPM packages receive different key material. Creating the key pair at package installation time (see <a class="xref" href="chap-Defensive_Coding-Tasks-Packaging.html#sect-Defensive_Coding-Tasks-Packaging-Certificates">Section 14.1, “Generating X.509 self-signed certificates during installation”</a>) would put the key into the image, which may or may not make sense.
+ </div><div class="important"><div class="admonition_header"><h2>Important</h2></div><div class="admonition"><div class="para">
+ The caveats about the way the key is generated in <a class="xref" href="chap-Defensive_Coding-Tasks-Packaging.html#sect-Defensive_Coding-Tasks-Packaging-Certificates">Section 14.1, “Generating X.509 self-signed certificates during installation”</a> apply to this procedure as well.
+ </div></div></div><div class="para">
+ Generating key material before service start may happen very early during boot, when the kernel randomness pool has not yet been initialized. Currently, the only way to check for the initialization is to look for the kernel message <code class="literal">random: nonblocking pool is initialized</code>. In theory, it is also possible to read from <code class="filename">/dev/random</code> while generating the key material (instead of <code class="filename">/dev/urandom</code>), but this can block not just during the boot process, but also much later at run time, and generally results in a poor user experience.
+ </div></div><ul class="docnav"><li class="previous"><a accesskey="p" href="chap-Defensive_Coding-Tasks-Packaging.html"><strong>Prev</strong>Chapter 14. RPM packaging</a></li><li class="up"><a accesskey="u" href="#"><strong>Up</strong></a></li><li class="home"><a accesskey="h" href="index.html"><strong>Home</strong></a></li><li class="next"><a accesskey="n" href="pt03.html"><strong>Next</strong>Part III. Implementing Security Features</a></li></ul></body></html>
\ No newline at end of file
diff --git a/public_html/en-US/Fedora_Security_Team/1/html/Defensive_Coding/sect-Defensive_Coding-Tasks-Processes-Daemons.html b/public_html/en-US/Fedora_Security_Team/1/html/Defensive_Coding/sect-Defensive_Coding-Tasks-Processes-Daemons.html
index fb4c673..c42f095 100644
--- a/public_html/en-US/Fedora_Security_Team/1/html/Defensive_Coding/sect-Defensive_Coding-Tasks-Processes-Daemons.html
+++ b/public_html/en-US/Fedora_Security_Team/1/html/Defensive_Coding/sect-Defensive_Coding-Tasks-Processes-Daemons.html
@@ -1,12 +1,12 @@
<?xml version="1.0" encoding="UTF-8" standalone="no"?>
-<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd"><html xmlns="http://www.w3.org/1999/xhtml"><head><meta http-equiv="Content-Type" content="text/html; charset=UTF-8" /><title>9.4. Daemons</title><link rel="stylesheet" type="text/css" href="Common_Content/css/default.css" /><link rel="stylesheet" media="print" href="Common_Content/css/print.css" type="text/css" /><meta name="generator" content="publican 2.8" /><meta name="package" content="Fedora_Security_Team-Defensive_Coding-1-en-US--" /><script type="text/javascript" src="../../../../../toc.js"></script><script type="text/javascript">
+<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd"><html xmlns="http://www.w3.org/1999/xhtml"><head><meta http-equiv="Content-Type" content="text/html; charset=UTF-8" /><title>11.4. Daemons</title><link rel="stylesheet" type="text/css" href="Common_Content/css/default.css" /><link rel="stylesheet" media="print" href="Common_Content/css/print.css" type="text/css" /><meta name="generator" content="publican 2.8" /><meta name="package" content="Fedora_Security_Team-Defensive_Coding-1-en-US-1-1" /><script type="text/javascript" src="../../../../../toc.js"></script><script type="text/javascript">
addID('Fedora_Security_Team');
addID('Fedora_Security_Team.1');
addID('Fedora_Security_Team.1.books');
addID('Fedora_Security_Team.1.Defensive_Coding');
- </script><link rel="home" href="index.html" title="Defensive Coding" /><link rel="up" href="sect-Defensive_Coding-Tasks-Processes.html" title="Chapter 9. Processes" /><link rel="prev" href="ch09s03.html" title="9.3. SUID/SGID processes" /><link rel="next" href="ch09s05.html" title="9.5. Semantics of command line arguments" /></head><body class="toc_embeded "><div id="tocdiv" class="toc"><iframe id="tocframe" class="toc" src="../../../../toc.html">This is an iframe, to view it upgrade your browser or enable iframe display.</iframe></div><p id="title"><a class="left" href="http://www.fedoraproject.org"><img src="Common_Content/images/image_left.png" alt="Product Site" /></a><a class="right" href="http://docs.fedoraproject.org"><img src="Common_Content/images/image_right.png" alt="Documentation Site" /></a></p><ul class="docnav"><li class="previous"><a accesskey="p" href="ch09s03.html"><strong>Prev</strong></a></li><li class="next"><a accesskey="n" href="ch09s
05.html"><strong>Next</strong></a></li></ul><div class="section" id="sect-Defensive_Coding-Tasks-Processes-Daemons"><div class="titlepage"><div><div keep-together.within-column="always"><h2 class="title">9.4. Daemons</h2></div></div></div><div class="para">
+ </script><link rel="home" href="index.html" title="Defensive Coding" /><link rel="up" href="sect-Defensive_Coding-Tasks-Processes.html" title="Chapter 11. Processes" /><link rel="prev" href="ch11s03.html" title="11.3. SUID/SGID processes" /><link rel="next" href="ch11s05.html" title="11.5. Semantics of command line arguments" /></head><body class="toc_embeded "><div id="tocdiv" class="toc"><iframe id="tocframe" class="toc" src="../../../../toc.html">This is an iframe, to view it upgrade your browser or enable iframe display.</iframe></div><p id="title"><a class="left" href="http://www.fedoraproject.org"><img src="Common_Content/images/image_left.png" alt="Product Site" /></a><a class="right" href="http://docs.fedoraproject.org"><img src="Common_Content/images/image_right.png" alt="Documentation Site" /></a></p><ul class="docnav"><li class="previous"><a accesskey="p" href="ch11s03.html"><strong>Prev</strong></a></li><li class="next"><a accesskey="n" href="ch
11s05.html"><strong>Next</strong></a></li></ul><div class="section" id="sect-Defensive_Coding-Tasks-Processes-Daemons"><div class="titlepage"><div><div keep-together.within-column="always"><h2 class="title">11.4. Daemons</h2></div></div></div><div class="para">
Background processes providing system services (<span class="emphasis"><em>daemons</em></span>) need to decouple themselves from the controlling terminal and the parent process environment:
</div><div class="itemizedlist"><ul><li class="listitem"><div class="para">
Fork.
@@ -22,4 +22,4 @@
Other aspects of the process environment may have to changed as well (environment variables, signal handler disposition).
</div><div class="para">
It is increasingly common that server processes do not run as background processes, but as regular foreground process under a supervising master process (such as <span class="application"><strong>systemd</strong></span>). Server processes should offer a command line option which disables forking and replacement of the standard output and standard error streams. Such an option is also useful for debugging.
- </div></div><ul class="docnav"><li class="previous"><a accesskey="p" href="ch09s03.html"><strong>Prev</strong>9.3. SUID/SGID processes</a></li><li class="up"><a accesskey="u" href="#"><strong>Up</strong></a></li><li class="home"><a accesskey="h" href="index.html"><strong>Home</strong></a></li><li class="next"><a accesskey="n" href="ch09s05.html"><strong>Next</strong>9.5. Semantics of command line arguments</a></li></ul></body></html>
\ No newline at end of file
+ </div></div><ul class="docnav"><li class="previous"><a accesskey="p" href="ch11s03.html"><strong>Prev</strong>11.3. SUID/SGID processes</a></li><li class="up"><a accesskey="u" href="#"><strong>Up</strong></a></li><li class="home"><a accesskey="h" href="index.html"><strong>Home</strong></a></li><li class="next"><a accesskey="n" href="ch11s05.html"><strong>Next</strong>11.5. Semantics of command line arguments</a></li></ul></body></html>
\ No newline at end of file
diff --git a/public_html/en-US/Fedora_Security_Team/1/html/Defensive_Coding/sect-Defensive_Coding-Tasks-Processes-Fork-Parallel.html b/public_html/en-US/Fedora_Security_Team/1/html/Defensive_Coding/sect-Defensive_Coding-Tasks-Processes-Fork-Parallel.html
index 95299d3..9335d1b 100644
--- a/public_html/en-US/Fedora_Security_Team/1/html/Defensive_Coding/sect-Defensive_Coding-Tasks-Processes-Fork-Parallel.html
+++ b/public_html/en-US/Fedora_Security_Team/1/html/Defensive_Coding/sect-Defensive_Coding-Tasks-Processes-Fork-Parallel.html
@@ -1,11 +1,11 @@
<?xml version="1.0" encoding="UTF-8" standalone="no"?>
-<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd"><html xmlns="http://www.w3.org/1999/xhtml"><head><meta http-equiv="Content-Type" content="text/html; charset=UTF-8" /><title>9.6. fork as a primitive for parallelism</title><link rel="stylesheet" type="text/css" href="Common_Content/css/default.css" /><link rel="stylesheet" media="print" href="Common_Content/css/print.css" type="text/css" /><meta name="generator" content="publican 2.8" /><meta name="package" content="Fedora_Security_Team-Defensive_Coding-1-en-US--" /><script type="text/javascript" src="../../../../../toc.js"></script><script type="text/javascript">
+<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd"><html xmlns="http://www.w3.org/1999/xhtml"><head><meta http-equiv="Content-Type" content="text/html; charset=UTF-8" /><title>11.6. fork as a primitive for parallelism</title><link rel="stylesheet" type="text/css" href="Common_Content/css/default.css" /><link rel="stylesheet" media="print" href="Common_Content/css/print.css" type="text/css" /><meta name="generator" content="publican 2.8" /><meta name="package" content="Fedora_Security_Team-Defensive_Coding-1-en-US-1-1" /><script type="text/javascript" src="../../../../../toc.js"></script><script type="text/javascript">
addID('Fedora_Security_Team');
addID('Fedora_Security_Team.1');
addID('Fedora_Security_Team.1.books');
addID('Fedora_Security_Team.1.Defensive_Coding');
- </script><link rel="home" href="index.html" title="Defensive Coding" /><link rel="up" href="sect-Defensive_Coding-Tasks-Processes.html" title="Chapter 9. Processes" /><link rel="prev" href="ch09s05.html" title="9.5. Semantics of command line arguments" /><link rel="next" href="chap-Defensive_Coding-Tasks-Serialization.html" title="Chapter 10. Serialization and Deserialization" /></head><body class="toc_embeded "><div id="tocdiv" class="toc"><iframe id="tocframe" class="toc" src="../../../../toc.html">This is an iframe, to view it upgrade your browser or enable iframe display.</iframe></div><p id="title"><a class="left" href="http://www.fedoraproject.org"><img src="Common_Content/images/image_left.png" alt="Product Site" /></a><a class="right" href="http://docs.fedoraproject.org"><img src="Common_Content/images/image_right.png" alt="Documentation Site" /></a></p><ul class="docnav"><li class="previous"><a accesskey="p" href="ch09s05.html"><strong>Prev</stron
g></a></li><li class="next"><a accesskey="n" href="chap-Defensive_Coding-Tasks-Serialization.html"><strong>Next</strong></a></li></ul><div class="section" id="sect-Defensive_Coding-Tasks-Processes-Fork-Parallel"><div class="titlepage"><div><div keep-together.within-column="always"><h2 class="title">9.6. <code class="function">fork</code> as a primitive for parallelism</h2></div></div></div><div class="para">
+ </script><link rel="home" href="index.html" title="Defensive Coding" /><link rel="up" href="sect-Defensive_Coding-Tasks-Processes.html" title="Chapter 11. Processes" /><link rel="prev" href="ch11s05.html" title="11.5. Semantics of command line arguments" /><link rel="next" href="chap-Defensive_Coding-Tasks-Serialization.html" title="Chapter 12. Serialization and Deserialization" /></head><body class="toc_embeded "><div id="tocdiv" class="toc"><iframe id="tocframe" class="toc" src="../../../../toc.html">This is an iframe, to view it upgrade your browser or enable iframe display.</iframe></div><p id="title"><a class="left" href="http://www.fedoraproject.org"><img src="Common_Content/images/image_left.png" alt="Product Site" /></a><a class="right" href="http://docs.fedoraproject.org"><img src="Common_Content/images/image_right.png" alt="Documentation Site" /></a></p><ul class="docnav"><li class="previous"><a accesskey="p" href="ch11s05.html"><strong>Prev</str
ong></a></li><li class="next"><a accesskey="n" href="chap-Defensive_Coding-Tasks-Serialization.html"><strong>Next</strong></a></li></ul><div class="section" id="sect-Defensive_Coding-Tasks-Processes-Fork-Parallel"><div class="titlepage"><div><div keep-together.within-column="always"><h2 class="title">11.6. <code class="function">fork</code> as a primitive for parallelism</h2></div></div></div><div class="para">
A call to <code class="function">fork</code> which is not immediately followed by a call to <code class="function">execve</code> (perhaps after rearranging and closing file descriptors) is typically unsafe, especially from a library which does not control the state of the entire process. Such use of <code class="function">fork</code> should be replaced with proper child processes or threads.
- </div></div><ul class="docnav"><li class="previous"><a accesskey="p" href="ch09s05.html"><strong>Prev</strong>9.5. Semantics of command line arguments</a></li><li class="up"><a accesskey="u" href="#"><strong>Up</strong></a></li><li class="home"><a accesskey="h" href="index.html"><strong>Home</strong></a></li><li class="next"><a accesskey="n" href="chap-Defensive_Coding-Tasks-Serialization.html"><strong>Next</strong>Chapter 10. Serialization and Deserialization</a></li></ul></body></html>
\ No newline at end of file
+ </div></div><ul class="docnav"><li class="previous"><a accesskey="p" href="ch11s05.html"><strong>Prev</strong>11.5. Semantics of command line arguments</a></li><li class="up"><a accesskey="u" href="#"><strong>Up</strong></a></li><li class="home"><a accesskey="h" href="index.html"><strong>Home</strong></a></li><li class="next"><a accesskey="n" href="chap-Defensive_Coding-Tasks-Serialization.html"><strong>Next</strong>Chapter 12. Serialization and Deserialization</a></li></ul></body></html>
\ No newline at end of file
diff --git a/public_html/en-US/Fedora_Security_Team/1/html/Defensive_Coding/sect-Defensive_Coding-Tasks-Processes.html b/public_html/en-US/Fedora_Security_Team/1/html/Defensive_Coding/sect-Defensive_Coding-Tasks-Processes.html
index 290de02..ab35d80 100644
--- a/public_html/en-US/Fedora_Security_Team/1/html/Defensive_Coding/sect-Defensive_Coding-Tasks-Processes.html
+++ b/public_html/en-US/Fedora_Security_Team/1/html/Defensive_Coding/sect-Defensive_Coding-Tasks-Processes.html
@@ -1,20 +1,20 @@
<?xml version="1.0" encoding="UTF-8" standalone="no"?>
-<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd"><html xmlns="http://www.w3.org/1999/xhtml"><head><meta http-equiv="Content-Type" content="text/html; charset=UTF-8" /><title>Chapter 9. Processes</title><link rel="stylesheet" type="text/css" href="Common_Content/css/default.css" /><link rel="stylesheet" media="print" href="Common_Content/css/print.css" type="text/css" /><meta name="generator" content="publican 2.8" /><meta name="package" content="Fedora_Security_Team-Defensive_Coding-1-en-US--" /><script type="text/javascript" src="../../../../../toc.js"></script><script type="text/javascript">
+<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd"><html xmlns="http://www.w3.org/1999/xhtml"><head><meta http-equiv="Content-Type" content="text/html; charset=UTF-8" /><title>Chapter 11. Processes</title><link rel="stylesheet" type="text/css" href="Common_Content/css/default.css" /><link rel="stylesheet" media="print" href="Common_Content/css/print.css" type="text/css" /><meta name="generator" content="publican 2.8" /><meta name="package" content="Fedora_Security_Team-Defensive_Coding-1-en-US-1-1" /><script type="text/javascript" src="../../../../../toc.js"></script><script type="text/javascript">
addID('Fedora_Security_Team');
addID('Fedora_Security_Team.1');
addID('Fedora_Security_Team.1.books');
addID('Fedora_Security_Team.1.Defensive_Coding');
- </script><link rel="home" href="index.html" title="Defensive Coding" /><link rel="up" href="pt02.html" title="Part II. Specific Programming Tasks" /><link rel="prev" href="ch08s05.html" title="8.5. Compensating for unsafe file creation" /><link rel="next" href="ch09s02.html" title="9.2. Handling child process termination" /></head><body class="toc_embeded "><div id="tocdiv" class="toc"><iframe id="tocframe" class="toc" src="../../../../toc.html">This is an iframe, to view it upgrade your browser or enable iframe display.</iframe></div><p id="title"><a class="left" href="http://www.fedoraproject.org"><img src="Common_Content/images/image_left.png" alt="Product Site" /></a><a class="right" href="http://docs.fedoraproject.org"><img src="Common_Content/images/image_right.png" alt="Documentation Site" /></a></p><ul class="docnav"><li class="previous"><a accesskey="p" href="ch08s05.html"><strong>Prev</strong></a></li><li class="next"><a accesskey="n" href="ch09s0
2.html"><strong>Next</strong></a></li></ul><div xml:lang="en-US" class="chapter" id="sect-Defensive_Coding-Tasks-Processes" lang="en-US"><div class="titlepage"><div><div><h2 class="title">Chapter 9. Processes</h2></div></div></div><div class="toc"><dl class="toc"><dt><span class="section"><a href="sect-Defensive_Coding-Tasks-Processes.html#sect-Defensive_Coding-Tasks-Processes-Creation">9.1. Safe process creation</a></span></dt><dd><dl><dt><span class="section"><a href="sect-Defensive_Coding-Tasks-Processes.html#idm217610205904">9.1.1. Obtaining the program path and the command line template</a></span></dt><dt><span class="section"><a href="sect-Defensive_Coding-Tasks-Processes.html#sect-Defensive_Coding-Tasks-Processes-execve">9.1.2. Bypassing the shell</a></span></dt><dt><span class="section"><a href="sect-Defensive_Coding-Tasks-Processes.html#sect-Defensive_Coding-Tasks-Processes-environ">9.1.3. Specifying the process environment</a></span></dt><dt><span class="section"
><a href="sect-Defensive_Coding-Tasks-Processes.html#idm217621505504">9.1.4. Robust argument list processing</a></span></dt><dt><span class="section"><a href="sect-Defensive_Coding-Tasks-Processes.html#sect-Defensive_Coding-Tasks-Processes-Command_Line_Visibility">9.1.5. Passing secrets to subprocesses</a></span></dt></dl></dd><dt><span class="section"><a href="ch09s02.html">9.2. Handling child process termination</a></span></dt><dt><span class="section"><a href="ch09s03.html">9.3. <code class="literal">SUID</code>/<code class="literal">SGID</code> processes</a></span></dt><dd><dl><dt><span class="section"><a href="ch09s03.html#sect-Defensive_Coding-Tasks-secure_getenv">9.3.1. Accessing environment variables</a></span></dt></dl></dd><dt><span class="section"><a href="sect-Defensive_Coding-Tasks-Processes-Daemons.html">9.4. Daemons</a></span></dt><dt><span class="section"><a href="ch09s05.html">9.5. Semantics of command line arguments</a></span></dt><dt><span class="section">
<a href="sect-Defensive_Coding-Tasks-Processes-Fork-Parallel.html">9.6. <code class="function">fork</code> as a primitive for parallelism</a></span></dt></dl></div><div class="section" id="sect-Defensive_Coding-Tasks-Processes-Creation"><div class="titlepage"><div><div keep-together.within-column="always"><h2 class="title">9.1. Safe process creation</h2></div></div></div><div class="para">
- This section describes how to create new child processes in a safe manner. In addition to the concerns addressed below, there is the possibility of file descriptor leaks, see <a class="xref" href="sect-Defensive_Coding-Tasks-Descriptors-Child_Processes.html">Section 6.2, “Preventing file descriptor leaks to child processes”</a>.
- </div><div class="section" id="idm217610205904"><div class="titlepage"><div><div keep-together.within-column="always"><h3 class="title" id="idm217610205904">9.1.1. Obtaining the program path and the command line template</h3></div></div></div><div class="para">
+ </script><link rel="home" href="index.html" title="Defensive Coding" /><link rel="up" href="pt02.html" title="Part II. Specific Programming Tasks" /><link rel="prev" href="ch10s05.html" title="10.5. Compensating for unsafe file creation" /><link rel="next" href="ch11s02.html" title="11.2. Handling child process termination" /></head><body class="toc_embeded "><div id="tocdiv" class="toc"><iframe id="tocframe" class="toc" src="../../../../toc.html">This is an iframe, to view it upgrade your browser or enable iframe display.</iframe></div><p id="title"><a class="left" href="http://www.fedoraproject.org"><img src="Common_Content/images/image_left.png" alt="Product Site" /></a><a class="right" href="http://docs.fedoraproject.org"><img src="Common_Content/images/image_right.png" alt="Documentation Site" /></a></p><ul class="docnav"><li class="previous"><a accesskey="p" href="ch10s05.html"><strong>Prev</strong></a></li><li class="next"><a accesskey="n" href="ch11
s02.html"><strong>Next</strong></a></li></ul><div xml:lang="en-US" class="chapter" id="sect-Defensive_Coding-Tasks-Processes" lang="en-US"><div class="titlepage"><div><div><h2 class="title">Chapter 11. Processes</h2></div></div></div><div class="toc"><dl class="toc"><dt><span class="section"><a href="sect-Defensive_Coding-Tasks-Processes.html#sect-Defensive_Coding-Tasks-Processes-Creation">11.1. Safe process creation</a></span></dt><dd><dl><dt><span class="section"><a href="sect-Defensive_Coding-Tasks-Processes.html#idm225447262352">11.1.1. Obtaining the program path and the command line template</a></span></dt><dt><span class="section"><a href="sect-Defensive_Coding-Tasks-Processes.html#sect-Defensive_Coding-Tasks-Processes-execve">11.1.2. Bypassing the shell</a></span></dt><dt><span class="section"><a href="sect-Defensive_Coding-Tasks-Processes.html#sect-Defensive_Coding-Tasks-Processes-environ">11.1.3. Specifying the process environment</a></span></dt><dt><span class="s
ection"><a href="sect-Defensive_Coding-Tasks-Processes.html#idm225452426368">11.1.4. Robust argument list processing</a></span></dt><dt><span class="section"><a href="sect-Defensive_Coding-Tasks-Processes.html#sect-Defensive_Coding-Tasks-Processes-Command_Line_Visibility">11.1.5. Passing secrets to subprocesses</a></span></dt></dl></dd><dt><span class="section"><a href="ch11s02.html">11.2. Handling child process termination</a></span></dt><dt><span class="section"><a href="ch11s03.html">11.3. <code class="literal">SUID</code>/<code class="literal">SGID</code> processes</a></span></dt><dd><dl><dt><span class="section"><a href="ch11s03.html#sect-Defensive_Coding-Tasks-secure_getenv">11.3.1. Accessing environment variables</a></span></dt></dl></dd><dt><span class="section"><a href="sect-Defensive_Coding-Tasks-Processes-Daemons.html">11.4. Daemons</a></span></dt><dt><span class="section"><a href="ch11s05.html">11.5. Semantics of command line arguments</a></span></dt><dt><span cl
ass="section"><a href="sect-Defensive_Coding-Tasks-Processes-Fork-Parallel.html">11.6. <code class="function">fork</code> as a primitive for parallelism</a></span></dt></dl></div><div class="section" id="sect-Defensive_Coding-Tasks-Processes-Creation"><div class="titlepage"><div><div keep-together.within-column="always"><h2 class="title">11.1. Safe process creation</h2></div></div></div><div class="para">
+ This section describes how to create new child processes in a safe manner. In addition to the concerns addressed below, there is the possibility of file descriptor leaks, see <a class="xref" href="sect-Defensive_Coding-Tasks-Descriptors-Child_Processes.html">Section 8.2, “Preventing file descriptor leaks to child processes”</a>.
+ </div><div class="section" id="idm225447262352"><div class="titlepage"><div><div keep-together.within-column="always"><h3 class="title" id="idm225447262352">11.1.1. Obtaining the program path and the command line template</h3></div></div></div><div class="para">
The name and path to the program being invoked should be hard-coded or controlled by a static configuration file stored at a fixed location (at an file system absolute path). The same applies to the template for generating the command line.
</div><div class="para">
- The configured program name should be an absolute path. If it is a relative path, the contents of the <code class="envar">PATH</code> must be obtained in s secure manner (see <a class="xref" href="ch09s03.html#sect-Defensive_Coding-Tasks-secure_getenv">Section 9.3.1, “Accessing environment variables”</a>). If the <code class="envar">PATH</code> variable is not set or untrusted, the safe default <code class="literal">/bin:/usr/bin</code> must be used.
+ The configured program name should be an absolute path. If it is a relative path, the contents of the <code class="envar">PATH</code> must be obtained in a secure manner (see <a class="xref" href="ch11s03.html#sect-Defensive_Coding-Tasks-secure_getenv">Section 11.3.1, “Accessing environment variables”</a>). If the <code class="envar">PATH</code> variable is not set or untrusted, the safe default <code class="literal">/bin:/usr/bin</code> must be used.
</div><div class="para">
If too much flexibility is provided here, it may allow invocation of arbitrary programs without proper authorization.
- </div></div><div class="section" id="sect-Defensive_Coding-Tasks-Processes-execve"><div class="titlepage"><div><div keep-together.within-column="always"><h3 class="title">9.1.2. Bypassing the shell</h3></div></div></div><div class="para">
+ </div></div><div class="section" id="sect-Defensive_Coding-Tasks-Processes-execve"><div class="titlepage"><div><div keep-together.within-column="always"><h3 class="title">11.1.2. Bypassing the shell</h3></div></div></div><div class="para">
Child processes should be created without involving the system shell.
</div><div class="para">
For C/C++, <code class="function">system</code> should not be used. The <code class="function">posix_spawn</code> function can be used instead, or a combination <code class="function">fork</code> and <code class="function">execve</code>. (In some cases, it may be preferable to use <code class="function">vfork</code> or the Linux-specific <code class="function">clone</code> system call instead of <code class="function">fork</code>.)
@@ -26,7 +26,7 @@
On Windows, there is no argument vector, only a single argument string. Each application is responsible for parsing this string into an argument vector. There is considerable variance among the quoting style recognized by applications. Some of them expand shell wildcards, others do not. Extensive application-specific testing is required to make this secure.
</div></div></div><div class="para">
Note that some common applications (notably <span class="application"><strong>ssh</strong></span>) unconditionally introduce the use of a shell, even if invoked directly without a shell. It is difficult to use these applications in a secure manner. In this case, untrusted data should be supplied by other means. For example, standard input could be used, instead of the command line.
- </div></div><div class="section" id="sect-Defensive_Coding-Tasks-Processes-environ"><div class="titlepage"><div><div keep-together.within-column="always"><h3 class="title">9.1.3. Specifying the process environment</h3></div></div></div><div class="para">
+ </div></div><div class="section" id="sect-Defensive_Coding-Tasks-Processes-environ"><div class="titlepage"><div><div keep-together.within-column="always"><h3 class="title">11.1.3. Specifying the process environment</h3></div></div></div><div class="para">
Child processes should be created with a minimal set of environment variables. This is absolutely essential if there is a trust transition involved, either when the parent process was created, or during the creation of the child process.
</div><div class="para">
In C/C++, the environment should be constructed as an array of strings and passed as the <code class="varname">envp</code> argument to <code class="function">posix_spawn</code> or <code class="function">execve</code>. The functions <code class="function">setenv</code>, <code class="function">unsetenv</code> and <code class="function">putenv</code> should not be used. They are not thread-safe and suffer from memory leaks.
@@ -43,21 +43,21 @@
</div></li><li class="listitem"><div class="para">
The location-related environment variables <code class="envar">LANG</code>, <code class="envar">LANGUAGE</code>, <code class="envar">LC_ADDRESS</code>, <code class="envar">LC_ALL</code>, <code class="envar">LC_COLLATE</code>, <code class="envar">LC_CTYPE</code>, <code class="envar">LC_IDENTIFICATION</code>, <code class="envar">LC_MEASUREMENT</code>, <code class="envar">LC_MESSAGES</code>, <code class="envar">LC_MONETARY</code>, <code class="envar">LC_NAME</code>, <code class="envar">LC_NUMERIC</code>, <code class="envar">LC_PAPER</code>, <code class="envar">LC_TELEPHONE</code> and <code class="envar">LC_TIME</code> can be passed to the subprocess if present.
</div></li><li class="listitem"><div class="para">
- The called process may need application-specific environment variables, for example for passing passwords. (See <a class="xref" href="sect-Defensive_Coding-Tasks-Processes.html#sect-Defensive_Coding-Tasks-Processes-Command_Line_Visibility">Section 9.1.5, “Passing secrets to subprocesses”</a>.)
+ The called process may need application-specific environment variables, for example for passing passwords. (See <a class="xref" href="sect-Defensive_Coding-Tasks-Processes.html#sect-Defensive_Coding-Tasks-Processes-Command_Line_Visibility">Section 11.1.5, “Passing secrets to subprocesses”</a>.)
</div></li><li class="listitem"><div class="para">
All other environment variables should be dropped. Names for new environment variables should not be accepted from untrusted sources.
- </div></li></ul></div></div><div class="section" id="idm217621505504"><div class="titlepage"><div><div keep-together.within-column="always"><h3 class="title" id="idm217621505504">9.1.4. Robust argument list processing</h3></div></div></div><div class="para">
- When invoking a program, it is sometimes necessary to include data from untrusted sources. Such data should be check against embedded <code class="literal">NUL</code> characters because the system APIs will sliently truncate argument strings at the first <code class="literal">NUL</code> character.
+ </div></li></ul></div></div><div class="section" id="idm225452426368"><div class="titlepage"><div><div keep-together.within-column="always"><h3 class="title" id="idm225452426368">11.1.4. Robust argument list processing</h3></div></div></div><div class="para">
+ When invoking a program, it is sometimes necessary to include data from untrusted sources. Such data should be checked against embedded <code class="literal">NUL</code> characters because the system APIs will silently truncate argument strings at the first <code class="literal">NUL</code> character.
</div><div class="para">
The following recommendations assume that the program being invoked uses GNU-style option processing using <code class="function">getopt_long</code>. This convention is widely used, but it is just that, and individual programs might interpret a command line in a different way.
</div><div class="para">
If the untrusted data has to go into an option, use the <code class="literal">--option-name=VALUE</code> syntax, placing the option and its value into the same command line argument. This avoids any potential confusion if the data starts with <code class="literal">-</code>.
</div><div class="para">
For positional arguments, terminate the option list with a single <code class="option">--</code> marker after the last option, and include the data at the right position. The <code class="option">--</code> marker terminates option processing, and the data will not be treated as an option even if it starts with a dash.
- </div></div><div class="section" id="sect-Defensive_Coding-Tasks-Processes-Command_Line_Visibility"><div class="titlepage"><div><div keep-together.within-column="always"><h3 class="title">9.1.5. Passing secrets to subprocesses</h3></div></div></div><div class="para">
- The command line (the name of the program and its argument) of a running process is traditionally available to all local users. The called program can overwrite this information, but only after it has run for a bit of time, during which the information may have been read by other processes. However, on Linux, the process environment is restricted to the user who runs the process. Therefore, if you need a convenient way to pass a password to a child process, use an environment variable, and not a command line argument. (See <a class="xref" href="sect-Defensive_Coding-Tasks-Processes.html#sect-Defensive_Coding-Tasks-Processes-environ">Section 9.1.3, “Specifying the process environment”</a>.)
+ </div></div><div class="section" id="sect-Defensive_Coding-Tasks-Processes-Command_Line_Visibility"><div class="titlepage"><div><div keep-together.within-column="always"><h3 class="title">11.1.5. Passing secrets to subprocesses</h3></div></div></div><div class="para">
+ The command line (the name of the program and its argument) of a running process is traditionally available to all local users. The called program can overwrite this information, but only after it has run for a bit of time, during which the information may have been read by other processes. However, on Linux, the process environment is restricted to the user who runs the process. Therefore, if you need a convenient way to pass a password to a child process, use an environment variable, and not a command line argument. (See <a class="xref" href="sect-Defensive_Coding-Tasks-Processes.html#sect-Defensive_Coding-Tasks-Processes-environ">Section 11.1.3, “Specifying the process environment”</a>.)
</div><div class="important"><div class="admonition_header"><h2>Portability notice</h2></div><div class="admonition"><div class="para">
On some UNIX-like systems (notably Solaris), environment variables can be read by any system user, just like command lines.
</div></div></div><div class="para">
If the environment-based approach cannot be used due to portability concerns, the data can be passed on standard input. Some programs (notably <span class="application"><strong>gpg</strong></span>) use special file descriptors whose numbers are specified on the command line. Temporary files are an option as well, but they might give digital forensics access to sensitive data (such as passphrases) because it is difficult to safely delete them in all cases.
- </div></div></div></div><ul class="docnav"><li class="previous"><a accesskey="p" href="ch08s05.html"><strong>Prev</strong>8.5. Compensating for unsafe file creation</a></li><li class="up"><a accesskey="u" href="#"><strong>Up</strong></a></li><li class="home"><a accesskey="h" href="index.html"><strong>Home</strong></a></li><li class="next"><a accesskey="n" href="ch09s02.html"><strong>Next</strong>9.2. Handling child process termination</a></li></ul></body></html>
\ No newline at end of file
+ </div></div></div></div><ul class="docnav"><li class="previous"><a accesskey="p" href="ch10s05.html"><strong>Prev</strong>10.5. Compensating for unsafe file creation</a></li><li class="up"><a accesskey="u" href="#"><strong>Up</strong></a></li><li class="home"><a accesskey="h" href="index.html"><strong>Home</strong></a></li><li class="next"><a accesskey="n" href="ch11s02.html"><strong>Next</strong>11.2. Handling child process termination</a></li></ul></body></html>
\ No newline at end of file
diff --git a/public_html/en-US/Fedora_Security_Team/1/html/Defensive_Coding/sect-Defensive_Coding-Tasks-Serialization-Fragmentation.html b/public_html/en-US/Fedora_Security_Team/1/html/Defensive_Coding/sect-Defensive_Coding-Tasks-Serialization-Fragmentation.html
new file mode 100644
index 0000000..b0e7d92
--- /dev/null
+++ b/public_html/en-US/Fedora_Security_Team/1/html/Defensive_Coding/sect-Defensive_Coding-Tasks-Serialization-Fragmentation.html
@@ -0,0 +1,33 @@
+<?xml version="1.0" encoding="UTF-8" standalone="no"?>
+<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd"><html xmlns="http://www.w3.org/1999/xhtml"><head><meta http-equiv="Content-Type" content="text/html; charset=UTF-8" /><title>12.3. Fragmentation</title><link rel="stylesheet" type="text/css" href="Common_Content/css/default.css" /><link rel="stylesheet" media="print" href="Common_Content/css/print.css" type="text/css" /><meta name="generator" content="publican 2.8" /><meta name="package" content="Fedora_Security_Team-Defensive_Coding-1-en-US-1-1" /><script type="text/javascript" src="../../../../../toc.js"></script><script type="text/javascript">
+ addID('Fedora_Security_Team');
+
+ addID('Fedora_Security_Team.1');
+
+ addID('Fedora_Security_Team.1.books');
+ addID('Fedora_Security_Team.1.Defensive_Coding');
+ </script><link rel="home" href="index.html" title="Defensive Coding" /><link rel="up" href="chap-Defensive_Coding-Tasks-Serialization.html" title="Chapter 12. Serialization and Deserialization" /><link rel="prev" href="ch12s02.html" title="12.2. Protocol design" /><link rel="next" href="ch12s04.html" title="12.4. Library support for deserialization" /></head><body class="toc_embeded "><div id="tocdiv" class="toc"><iframe id="tocframe" class="toc" src="../../../../toc.html">This is an iframe, to view it upgrade your browser or enable iframe display.</iframe></div><p id="title"><a class="left" href="http://www.fedoraproject.org"><img src="Common_Content/images/image_left.png" alt="Product Site" /></a><a class="right" href="http://docs.fedoraproject.org"><img src="Common_Content/images/image_right.png" alt="Documentation Site" /></a></p><ul class="docnav"><li class="previous"><a accesskey="p" href="ch12s02.html"><strong>Prev</strong></a></li><li class="next"><
a accesskey="n" href="ch12s04.html"><strong>Next</strong></a></li></ul><div class="section" id="sect-Defensive_Coding-Tasks-Serialization-Fragmentation"><div class="titlepage"><div><div keep-together.within-column="always"><h2 class="title">12.3. Fragmentation</h2></div></div></div><div class="para">
+ Some serialization formats use frames or protocol data units (PDUs) on lower levels which are smaller than the PDUs on higher levels. With such an architecture, higher-level PDUs may have to be <span class="emphasis"><em>fragmented</em></span> into smaller frames during serialization, and frames may need <span class="emphasis"><em>reassembly</em></span> into large PDUs during deserialization.
+ </div><div class="para">
+ Serialization formats may use conceptually similar structures for completely different purposes, for example storing multiple layers and color channels in a single image file.
+ </div><div class="para">
+ When fragmenting PDUs, establish a reasonable lower bound for the size of individual fragments (as large as possible—limits as low as one or even zero can add substantial overhead). Avoid fragmentation if at all possible, and try to obtain the maximum acceptable fragment length from a trusted data source.
+ </div><div class="para">
+ When implementing reassembly, consider the following aspects.
+ </div><div class="itemizedlist"><ul><li class="listitem"><div class="para">
+ Avoid allocating significant amount of resources without proper authentication. Allocate memory for the unfragmented PDU as more and more and fragments are encountered, and not based on the initially advertised unfragmented PDU size, unless there is a sufficiently low limit on the unfragmented PDU size, so that over-allocation cannot lead to performance problems.
+ </div></li><li class="listitem"><div class="para">
+ Reassembly queues on top of datagram-oriented transports should be bounded, both in the combined size of the arrived partial PDUs waiting for reassembly, and the total number of partially reassembled fragments. The latter limit helps to reduce the risk of accidental reassembly of unrelated fragments, as it can happen with small fragment IDs (see <a class="xref" href="sect-Defensive_Coding-Tasks-Serialization-Fragmentation.html#sect-Defensive_Coding-Tasks-Serialization-Fragmentation-ID">Section 12.3.1, “Fragment IDs”</a>). It also guards to some extent against deliberate injection of fragments, by guessing fragment IDs.
+ </div></li><li class="listitem"><div class="para">
+ Carefully keep track of which bytes in the unfragmented PDU have been covered by fragments so far. If message reordering is a concern, the most straightforward data structure for this is an array of bits, with one bit for every byte (or other atomic unit) in the unfragmented PDU. Complete reassembly can be determined by increasing a counter of set bits in the bit array as the bit array is updated, taking overlapping fragments into consideration.
+ </div></li><li class="listitem"><div class="para">
+ Reject overlapping fragments (that is, multiple fragments which provide data at the same offset of the PDU being fragmented), unless the protocol explicitly requires accepting overlapping fragments. The bit array used for tracking already arrived bytes can be used for this purpose.
+ </div></li><li class="listitem"><div class="para">
+ Check for conflicting values of unfragmented PDU lengths (if this length information is part of every fragment) and reject fragments which are inconsistent.
+ </div></li><li class="listitem"><div class="para">
+ Validate fragment lengths and offsets of individual fragments against the unfragmented PDU length (if they are present). Check that the last byte in the fragment does not lie after the end of the unfragmented PDU. Avoid integer overflows in these computations (see <a class="xref" href="chap-Defensive_Coding-C.html#sect-Defensive_Coding-C-Arithmetic">Section 1.1.3, “Recommendations for integer arithmetic”</a>).
+ </div></li></ul></div><div class="section" id="sect-Defensive_Coding-Tasks-Serialization-Fragmentation-ID"><div class="titlepage"><div><div keep-together.within-column="always"><h3 class="title">12.3.1. Fragment IDs</h3></div></div></div><div class="para">
+ If the underlying transport is datagram-oriented (so that PDUs can be reordered, duplicated or be lost, like with UDP), fragment reassembly needs to take into account endpoint addresses of the communication channel, and there has to be some sort of fragment ID which identifies the individual fragments as part of a larger PDU. In addition, the fragmentation protocol will typically involve fragment offsets and fragment lengths, as mentioned above.
+ </div><div class="para">
+ If the transport may be subject to blind PDU injection (again, like UDP), the fragment ID must be generated randomly. If the fragment ID is 64 bit or larger (strongly recommended), it can be generated in a completely random fashion for most traffic volumes. If it is less than 64 bits large (so that accidental collisions can happen if a lot of PDUs are transmitted), the fragment ID should be incremented sequentially from a starting value. The starting value should be derived using a HMAC-like construction from the endpoint addresses, using a long-lived random key. This construction ensures that despite the limited range of the ID, accidental collisions are as unlikely as possible. (This will not work reliable with really short fragment IDs, such as the 16 bit IDs used by the Internet Protocol.)
+ </div></div></div><ul class="docnav"><li class="previous"><a accesskey="p" href="ch12s02.html"><strong>Prev</strong>12.2. Protocol design</a></li><li class="up"><a accesskey="u" href="#"><strong>Up</strong></a></li><li class="home"><a accesskey="h" href="index.html"><strong>Home</strong></a></li><li class="next"><a accesskey="n" href="ch12s04.html"><strong>Next</strong>12.4. Library support for deserialization</a></li></ul></body></html>
\ No newline at end of file
diff --git a/public_html/en-US/Fedora_Security_Team/1/html/Defensive_Coding/sect-Defensive_Coding-Tasks-Serialization-Qt.html b/public_html/en-US/Fedora_Security_Team/1/html/Defensive_Coding/sect-Defensive_Coding-Tasks-Serialization-Qt.html
index 5571148..44b9650 100644
--- a/public_html/en-US/Fedora_Security_Team/1/html/Defensive_Coding/sect-Defensive_Coding-Tasks-Serialization-Qt.html
+++ b/public_html/en-US/Fedora_Security_Team/1/html/Defensive_Coding/sect-Defensive_Coding-Tasks-Serialization-Qt.html
@@ -1,16 +1,16 @@
<?xml version="1.0" encoding="UTF-8" standalone="no"?>
-<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd"><html xmlns="http://www.w3.org/1999/xhtml"><head><meta http-equiv="Content-Type" content="text/html; charset=UTF-8" /><title>10.4.6. Using Qt for XML parsing</title><link rel="stylesheet" type="text/css" href="Common_Content/css/default.css" /><link rel="stylesheet" media="print" href="Common_Content/css/print.css" type="text/css" /><meta name="generator" content="publican 2.8" /><meta name="package" content="Fedora_Security_Team-Defensive_Coding-1-en-US--" /><script type="text/javascript" src="../../../../../toc.js"></script><script type="text/javascript">
+<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd"><html xmlns="http://www.w3.org/1999/xhtml"><head><meta http-equiv="Content-Type" content="text/html; charset=UTF-8" /><title>12.5.6. Using Qt for XML parsing</title><link rel="stylesheet" type="text/css" href="Common_Content/css/default.css" /><link rel="stylesheet" media="print" href="Common_Content/css/print.css" type="text/css" /><meta name="generator" content="publican 2.8" /><meta name="package" content="Fedora_Security_Team-Defensive_Coding-1-en-US-1-1" /><script type="text/javascript" src="../../../../../toc.js"></script><script type="text/javascript">
addID('Fedora_Security_Team');
addID('Fedora_Security_Team.1');
addID('Fedora_Security_Team.1.books');
addID('Fedora_Security_Team.1.Defensive_Coding');
- </script><link rel="home" href="index.html" title="Defensive Coding" /><link rel="up" href="sect-Defensive_Coding-Tasks-Serialization-XML.html" title="10.4. XML serialization" /><link rel="prev" href="sect-Defensive_Coding-Tasks-Serialization-XML-Expat.html" title="10.4.5. Using Expat for XML parsing" /><link rel="next" href="sect-Defensive_Coding-Tasks-Serialization-XML-OpenJDK_Parse.html" title="10.4.7. Using OpenJDK for XML parsing and validation" /></head><body class="toc_embeded "><div id="tocdiv" class="toc"><iframe id="tocframe" class="toc" src="../../../../toc.html">This is an iframe, to view it upgrade your browser or enable iframe display.</iframe></div><p id="title"><a class="left" href="http://www.fedoraproject.org"><img src="Common_Content/images/image_left.png" alt="Product Site" /></a><a class="right" href="http://docs.fedoraproject.org"><img src="Common_Content/images/image_right.png" alt="Documentation Site" /></a></p><ul class="docnav"><li
class="previous"><a accesskey="p" href="sect-Defensive_Coding-Tasks-Serialization-XML-Expat.html"><strong>Prev</strong></a></li><li class="next"><a accesskey="n" href="sect-Defensive_Coding-Tasks-Serialization-XML-OpenJDK_Parse.html"><strong>Next</strong></a></li></ul><div class="section" id="sect-Defensive_Coding-Tasks-Serialization-Qt"><div class="titlepage"><div><div keep-together.within-column="always"><h3 class="title">10.4.6. Using Qt for XML parsing</h3></div></div></div><div class="para">
+ </script><link rel="home" href="index.html" title="Defensive Coding" /><link rel="up" href="sect-Defensive_Coding-Tasks-Serialization-XML.html" title="12.5. XML serialization" /><link rel="prev" href="sect-Defensive_Coding-Tasks-Serialization-XML-Expat.html" title="12.5.5. Using Expat for XML parsing" /><link rel="next" href="sect-Defensive_Coding-Tasks-Serialization-XML-OpenJDK_Parse.html" title="12.5.7. Using OpenJDK for XML parsing and validation" /></head><body class="toc_embeded "><div id="tocdiv" class="toc"><iframe id="tocframe" class="toc" src="../../../../toc.html">This is an iframe, to view it upgrade your browser or enable iframe display.</iframe></div><p id="title"><a class="left" href="http://www.fedoraproject.org"><img src="Common_Content/images/image_left.png" alt="Product Site" /></a><a class="right" href="http://docs.fedoraproject.org"><img src="Common_Content/images/image_right.png" alt="Documentation Site" /></a></p><ul class="docnav"><li
class="previous"><a accesskey="p" href="sect-Defensive_Coding-Tasks-Serialization-XML-Expat.html"><strong>Prev</strong></a></li><li class="next"><a accesskey="n" href="sect-Defensive_Coding-Tasks-Serialization-XML-OpenJDK_Parse.html"><strong>Next</strong></a></li></ul><div class="section" id="sect-Defensive_Coding-Tasks-Serialization-Qt"><div class="titlepage"><div><div keep-together.within-column="always"><h3 class="title">12.5.6. Using Qt for XML parsing</h3></div></div></div><div class="para">
The XML component of Qt, QtXml, does not resolve external IDs by default, so it is not requred to prevent such resolution. Internal entities are processed, though. To change that, a custom <code class="literal">QXmlDeclHandler</code> and <code class="literal">QXmlSimpleReader</code> subclasses are needed. It is not possible to use the <code class="function">QDomDocument::setContent(const QByteArray &)</code> convenience methods.
</div><div class="para">
- <a class="xref" href="sect-Defensive_Coding-Tasks-Serialization-Qt.html#ex-Defensive_Coding-Tasks-Serialization-XML-Qt-NoEntityHandler">Example 10.3, “A QtXml entity handler which blocks entity processing”</a> shows an entity handler which always returns errors, causing parsing to stop when encountering entity declarations.
- </div><div class="example" id="ex-Defensive_Coding-Tasks-Serialization-XML-Qt-NoEntityHandler"><h6>Example 10.3. A QtXml entity handler which blocks entity processing</h6><div class="example-contents"><pre xml:lang="en-US" class="programlisting" lang="en-US">
+ <a class="xref" href="sect-Defensive_Coding-Tasks-Serialization-Qt.html#ex-Defensive_Coding-Tasks-Serialization-XML-Qt-NoEntityHandler">Example 12.3, “A QtXml entity handler which blocks entity processing”</a> shows an entity handler which always returns errors, causing parsing to stop when encountering entity declarations.
+ </div><div class="example" id="ex-Defensive_Coding-Tasks-Serialization-XML-Qt-NoEntityHandler"><h6>Example 12.3. A QtXml entity handler which blocks entity processing</h6><div class="example-contents"><pre xml:lang="en-US" class="programlisting" lang="en-US">
class NoEntityHandler : public QXmlDeclHandler {
public:
bool attributeDecl(<span class="perl_DataType">const</span> QString&, <span class="perl_DataType">const</span> QString&, <span class="perl_DataType">const</span> QString&,
@@ -48,8 +48,8 @@ NoEntityHandler::errorString() <span class="perl_DataType">const</span>
<span class="perl_Keyword">return</span> <span class="perl_String">"XML declaration not permitted"</span>;
}
</pre></div></div><br class="example-break" /><div class="para">
- This handler is used in the custom <code class="literal">QXmlReader</code> subclass in <a class="xref" href="sect-Defensive_Coding-Tasks-Serialization-Qt.html#ex-Defensive_Coding-Tasks-Serialization-XML-Qt-NoEntityReader">Example 10.4, “A QtXml XML reader which blocks entity processing”</a>. Some parts of QtXml will call the <code class="function">setDeclHandler(QXmlDeclHandler *)</code> method. Consequently, we prevent overriding our custom handler by providing a definition of this method which does nothing. In the constructor, we activate namespace processing; this part may need adjusting.
- </div><div class="example" id="ex-Defensive_Coding-Tasks-Serialization-XML-Qt-NoEntityReader"><h6>Example 10.4. A QtXml XML reader which blocks entity processing</h6><div class="example-contents"><pre xml:lang="en-US" class="programlisting" lang="en-US">
+ This handler is used in the custom <code class="literal">QXmlReader</code> subclass in <a class="xref" href="sect-Defensive_Coding-Tasks-Serialization-Qt.html#ex-Defensive_Coding-Tasks-Serialization-XML-Qt-NoEntityReader">Example 12.4, “A QtXml XML reader which blocks entity processing”</a>. Some parts of QtXml will call the <code class="function">setDeclHandler(QXmlDeclHandler *)</code> method. Consequently, we prevent overriding our custom handler by providing a definition of this method which does nothing. In the constructor, we activate namespace processing; this part may need adjusting.
+ </div><div class="example" id="ex-Defensive_Coding-Tasks-Serialization-XML-Qt-NoEntityReader"><h6>Example 12.4. A QtXml XML reader which blocks entity processing</h6><div class="example-contents"><pre xml:lang="en-US" class="programlisting" lang="en-US">
class NoEntityReader : public QXmlSimpleReader {
NoEntityHandler handler;
public:
@@ -70,8 +70,8 @@ NoEntityReader::setDeclHandler(QXmlDeclHandler *)
<span class="perl_Comment">// Ignore the handler which was passed in.</span><span class="perl_Comment"></span>
<span class="perl_Comment"></span>}
</pre></div></div><br class="example-break" /><div class="para">
- Our <code class="literal">NoEntityReader</code> class can be used with one of the overloaded <code class="function">QDomDocument::setContent</code> methods. <a class="xref" href="sect-Defensive_Coding-Tasks-Serialization-Qt.html#ex-Defensive_Coding-Tasks-Serialization-XML-Qt-QDomDocument">Example 10.5, “Parsing an XML document with QDomDocument, without entity expansion”</a> shows how the <code class="literal">buffer</code> object (of type <code class="literal">QByteArray</code>) is wrapped as a <code class="literal">QXmlInputSource</code>. After calling the <code class="function">setContent</code> method, you should check the return value and report any error.
- </div><div class="example" id="ex-Defensive_Coding-Tasks-Serialization-XML-Qt-QDomDocument"><h6>Example 10.5. Parsing an XML document with QDomDocument, without entity expansion</h6><div class="example-contents"><pre xml:lang="en-US" class="programlisting" lang="en-US">
+ Our <code class="literal">NoEntityReader</code> class can be used with one of the overloaded <code class="function">QDomDocument::setContent</code> methods. <a class="xref" href="sect-Defensive_Coding-Tasks-Serialization-Qt.html#ex-Defensive_Coding-Tasks-Serialization-XML-Qt-QDomDocument">Example 12.5, “Parsing an XML document with QDomDocument, without entity expansion”</a> shows how the <code class="literal">buffer</code> object (of type <code class="literal">QByteArray</code>) is wrapped as a <code class="literal">QXmlInputSource</code>. After calling the <code class="function">setContent</code> method, you should check the return value and report any error.
+ </div><div class="example" id="ex-Defensive_Coding-Tasks-Serialization-XML-Qt-QDomDocument"><h6>Example 12.5. Parsing an XML document with QDomDocument, without entity expansion</h6><div class="example-contents"><pre xml:lang="en-US" class="programlisting" lang="en-US">
NoEntityReader reader;
QBuffer buffer(&data);
buffer.open(QIODevice::ReadOnly);
@@ -82,4 +82,4 @@ QString errorMsg;
<span class="perl_DataType">int</span> errorColumn;
bool okay = doc.setContent
(&source, &reader, &errorMsg, &errorLine, &errorColumn);
-</pre></div></div><br class="example-break" /></div><ul class="docnav"><li class="previous"><a accesskey="p" href="sect-Defensive_Coding-Tasks-Serialization-XML-Expat.html"><strong>Prev</strong>10.4.5. Using Expat for XML parsing</a></li><li class="up"><a accesskey="u" href="#"><strong>Up</strong></a></li><li class="home"><a accesskey="h" href="index.html"><strong>Home</strong></a></li><li class="next"><a accesskey="n" href="sect-Defensive_Coding-Tasks-Serialization-XML-OpenJDK_Parse.html"><strong>Next</strong>10.4.7. Using OpenJDK for XML parsing and validat...</a></li></ul></body></html>
\ No newline at end of file
+</pre></div></div><br class="example-break" /></div><ul class="docnav"><li class="previous"><a accesskey="p" href="sect-Defensive_Coding-Tasks-Serialization-XML-Expat.html"><strong>Prev</strong>12.5.5. Using Expat for XML parsing</a></li><li class="up"><a accesskey="u" href="#"><strong>Up</strong></a></li><li class="home"><a accesskey="h" href="index.html"><strong>Home</strong></a></li><li class="next"><a accesskey="n" href="sect-Defensive_Coding-Tasks-Serialization-XML-OpenJDK_Parse.html"><strong>Next</strong>12.5.7. Using OpenJDK for XML parsing and validat...</a></li></ul></body></html>
\ No newline at end of file
diff --git a/public_html/en-US/Fedora_Security_Team/1/html/Defensive_Coding/sect-Defensive_Coding-Tasks-Serialization-XML-Entities.html b/public_html/en-US/Fedora_Security_Team/1/html/Defensive_Coding/sect-Defensive_Coding-Tasks-Serialization-XML-Entities.html
index 5f68b31..f1f19f0 100644
--- a/public_html/en-US/Fedora_Security_Team/1/html/Defensive_Coding/sect-Defensive_Coding-Tasks-Serialization-XML-Entities.html
+++ b/public_html/en-US/Fedora_Security_Team/1/html/Defensive_Coding/sect-Defensive_Coding-Tasks-Serialization-XML-Entities.html
@@ -1,13 +1,13 @@
<?xml version="1.0" encoding="UTF-8" standalone="no"?>
-<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd"><html xmlns="http://www.w3.org/1999/xhtml"><head><meta http-equiv="Content-Type" content="text/html; charset=UTF-8" /><title>10.4.2. Entity expansion</title><link rel="stylesheet" type="text/css" href="Common_Content/css/default.css" /><link rel="stylesheet" media="print" href="Common_Content/css/print.css" type="text/css" /><meta name="generator" content="publican 2.8" /><meta name="package" content="Fedora_Security_Team-Defensive_Coding-1-en-US--" /><script type="text/javascript" src="../../../../../toc.js"></script><script type="text/javascript">
+<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd"><html xmlns="http://www.w3.org/1999/xhtml"><head><meta http-equiv="Content-Type" content="text/html; charset=UTF-8" /><title>12.5.2. Entity expansion</title><link rel="stylesheet" type="text/css" href="Common_Content/css/default.css" /><link rel="stylesheet" media="print" href="Common_Content/css/print.css" type="text/css" /><meta name="generator" content="publican 2.8" /><meta name="package" content="Fedora_Security_Team-Defensive_Coding-1-en-US-1-1" /><script type="text/javascript" src="../../../../../toc.js"></script><script type="text/javascript">
addID('Fedora_Security_Team');
addID('Fedora_Security_Team.1');
addID('Fedora_Security_Team.1.books');
addID('Fedora_Security_Team.1.Defensive_Coding');
- </script><link rel="home" href="index.html" title="Defensive Coding" /><link rel="up" href="sect-Defensive_Coding-Tasks-Serialization-XML.html" title="10.4. XML serialization" /><link rel="prev" href="sect-Defensive_Coding-Tasks-Serialization-XML.html" title="10.4. XML serialization" /><link rel="next" href="sect-Defensive_Coding-Tasks-Serialization-XML-XInclude.html" title="10.4.3. XInclude processing" /></head><body class="toc_embeded "><div id="tocdiv" class="toc"><iframe id="tocframe" class="toc" src="../../../../toc.html">This is an iframe, to view it upgrade your browser or enable iframe display.</iframe></div><p id="title"><a class="left" href="http://www.fedoraproject.org"><img src="Common_Content/images/image_left.png" alt="Product Site" /></a><a class="right" href="http://docs.fedoraproject.org"><img src="Common_Content/images/image_right.png" alt="Documentation Site" /></a></p><ul class="docnav"><li class="previous"><a accesskey="p" href="sect-Def
ensive_Coding-Tasks-Serialization-XML.html"><strong>Prev</strong></a></li><li class="next"><a accesskey="n" href="sect-Defensive_Coding-Tasks-Serialization-XML-XInclude.html"><strong>Next</strong></a></li></ul><div class="section" id="sect-Defensive_Coding-Tasks-Serialization-XML-Entities"><div class="titlepage"><div><div keep-together.within-column="always"><h3 class="title">10.4.2. Entity expansion</h3></div></div></div><div class="para">
+ </script><link rel="home" href="index.html" title="Defensive Coding" /><link rel="up" href="sect-Defensive_Coding-Tasks-Serialization-XML.html" title="12.5. XML serialization" /><link rel="prev" href="sect-Defensive_Coding-Tasks-Serialization-XML.html" title="12.5. XML serialization" /><link rel="next" href="sect-Defensive_Coding-Tasks-Serialization-XML-XInclude.html" title="12.5.3. XInclude processing" /></head><body class="toc_embeded "><div id="tocdiv" class="toc"><iframe id="tocframe" class="toc" src="../../../../toc.html">This is an iframe, to view it upgrade your browser or enable iframe display.</iframe></div><p id="title"><a class="left" href="http://www.fedoraproject.org"><img src="Common_Content/images/image_left.png" alt="Product Site" /></a><a class="right" href="http://docs.fedoraproject.org"><img src="Common_Content/images/image_right.png" alt="Documentation Site" /></a></p><ul class="docnav"><li class="previous"><a accesskey="p" href="sect-Def
ensive_Coding-Tasks-Serialization-XML.html"><strong>Prev</strong></a></li><li class="next"><a accesskey="n" href="sect-Defensive_Coding-Tasks-Serialization-XML-XInclude.html"><strong>Next</strong></a></li></ul><div class="section" id="sect-Defensive_Coding-Tasks-Serialization-XML-Entities"><div class="titlepage"><div><div keep-together.within-column="always"><h3 class="title">12.5.2. Entity expansion</h3></div></div></div><div class="para">
When external DTD processing is disabled, an internal DTD subset can still contain entity definitions. Entity declarations can reference other entities. Some XML libraries expand entities automatically, and this processing cannot be switched off in some places (such as attribute values or content models). Without limits on the entity nesting level, this expansion results in data which can grow exponentially in length with size of the input. (If there is a limit on the nesting level, the growth is still polynomial, unless further limits are imposed.)
</div><div class="para">
Consequently, the processing internal DTD subsets should be disabled if possible, and only trusted DTDs should be processed. If a particular XML application does not permit such restrictions, then application-specific limits are called for.
- </div></div><ul class="docnav"><li class="previous"><a accesskey="p" href="sect-Defensive_Coding-Tasks-Serialization-XML.html"><strong>Prev</strong>10.4. XML serialization</a></li><li class="up"><a accesskey="u" href="#"><strong>Up</strong></a></li><li class="home"><a accesskey="h" href="index.html"><strong>Home</strong></a></li><li class="next"><a accesskey="n" href="sect-Defensive_Coding-Tasks-Serialization-XML-XInclude.html"><strong>Next</strong>10.4.3. XInclude processing</a></li></ul></body></html>
\ No newline at end of file
+ </div></div><ul class="docnav"><li class="previous"><a accesskey="p" href="sect-Defensive_Coding-Tasks-Serialization-XML.html"><strong>Prev</strong>12.5. XML serialization</a></li><li class="up"><a accesskey="u" href="#"><strong>Up</strong></a></li><li class="home"><a accesskey="h" href="index.html"><strong>Home</strong></a></li><li class="next"><a accesskey="n" href="sect-Defensive_Coding-Tasks-Serialization-XML-XInclude.html"><strong>Next</strong>12.5.3. XInclude processing</a></li></ul></body></html>
\ No newline at end of file
diff --git a/public_html/en-US/Fedora_Security_Team/1/html/Defensive_Coding/sect-Defensive_Coding-Tasks-Serialization-XML-Expat.html b/public_html/en-US/Fedora_Security_Team/1/html/Defensive_Coding/sect-Defensive_Coding-Tasks-Serialization-XML-Expat.html
index cc080c7..3052a18 100644
--- a/public_html/en-US/Fedora_Security_Team/1/html/Defensive_Coding/sect-Defensive_Coding-Tasks-Serialization-XML-Expat.html
+++ b/public_html/en-US/Fedora_Security_Team/1/html/Defensive_Coding/sect-Defensive_Coding-Tasks-Serialization-XML-Expat.html
@@ -1,14 +1,14 @@
<?xml version="1.0" encoding="UTF-8" standalone="no"?>
-<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd"><html xmlns="http://www.w3.org/1999/xhtml"><head><meta http-equiv="Content-Type" content="text/html; charset=UTF-8" /><title>10.4.5. Using Expat for XML parsing</title><link rel="stylesheet" type="text/css" href="Common_Content/css/default.css" /><link rel="stylesheet" media="print" href="Common_Content/css/print.css" type="text/css" /><meta name="generator" content="publican 2.8" /><meta name="package" content="Fedora_Security_Team-Defensive_Coding-1-en-US--" /><script type="text/javascript" src="../../../../../toc.js"></script><script type="text/javascript">
+<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd"><html xmlns="http://www.w3.org/1999/xhtml"><head><meta http-equiv="Content-Type" content="text/html; charset=UTF-8" /><title>12.5.5. Using Expat for XML parsing</title><link rel="stylesheet" type="text/css" href="Common_Content/css/default.css" /><link rel="stylesheet" media="print" href="Common_Content/css/print.css" type="text/css" /><meta name="generator" content="publican 2.8" /><meta name="package" content="Fedora_Security_Team-Defensive_Coding-1-en-US-1-1" /><script type="text/javascript" src="../../../../../toc.js"></script><script type="text/javascript">
addID('Fedora_Security_Team');
addID('Fedora_Security_Team.1');
addID('Fedora_Security_Team.1.books');
addID('Fedora_Security_Team.1.Defensive_Coding');
- </script><link rel="home" href="index.html" title="Defensive Coding" /><link rel="up" href="sect-Defensive_Coding-Tasks-Serialization-XML.html" title="10.4. XML serialization" /><link rel="prev" href="sect-Defensive_Coding-Tasks-Serialization-XML-Validation.html" title="10.4.4. Algorithmic complexity of XML validation" /><link rel="next" href="sect-Defensive_Coding-Tasks-Serialization-Qt.html" title="10.4.6. Using Qt for XML parsing" /></head><body class="toc_embeded "><div id="tocdiv" class="toc"><iframe id="tocframe" class="toc" src="../../../../toc.html">This is an iframe, to view it upgrade your browser or enable iframe display.</iframe></div><p id="title"><a class="left" href="http://www.fedoraproject.org"><img src="Common_Content/images/image_left.png" alt="Product Site" /></a><a class="right" href="http://docs.fedoraproject.org"><img src="Common_Content/images/image_right.png" alt="Documentation Site" /></a></p><ul class="docnav"><li class="previous">
<a accesskey="p" href="sect-Defensive_Coding-Tasks-Serialization-XML-Validation.html"><strong>Prev</strong></a></li><li class="next"><a accesskey="n" href="sect-Defensive_Coding-Tasks-Serialization-Qt.html"><strong>Next</strong></a></li></ul><div class="section" id="sect-Defensive_Coding-Tasks-Serialization-XML-Expat"><div class="titlepage"><div><div keep-together.within-column="always"><h3 class="title">10.4.5. Using Expat for XML parsing</h3></div></div></div><div class="para">
- By default, Expat does not try to resolve external IDs, so no steps are required to block them. However, internal entity declarations are processed. Installing a callback which stops parsing as soon as such entities are encountered disables them, see <a class="xref" href="sect-Defensive_Coding-Tasks-Serialization-XML-Expat.html#ex-Defensive_Coding-Tasks-Serialization-XML-Expat-EntityDeclHandler">Example 10.1, “Disabling XML entity processing with Expat”</a>. Expat does not perform any validation, so there are no problems related to that.
- </div><div class="example" id="ex-Defensive_Coding-Tasks-Serialization-XML-Expat-EntityDeclHandler"><h6>Example 10.1. Disabling XML entity processing with Expat</h6><div class="example-contents"><pre xml:lang="en-US" class="programlisting" lang="en-US">
+ </script><link rel="home" href="index.html" title="Defensive Coding" /><link rel="up" href="sect-Defensive_Coding-Tasks-Serialization-XML.html" title="12.5. XML serialization" /><link rel="prev" href="sect-Defensive_Coding-Tasks-Serialization-XML-Validation.html" title="12.5.4. Algorithmic complexity of XML validation" /><link rel="next" href="sect-Defensive_Coding-Tasks-Serialization-Qt.html" title="12.5.6. Using Qt for XML parsing" /></head><body class="toc_embeded "><div id="tocdiv" class="toc"><iframe id="tocframe" class="toc" src="../../../../toc.html">This is an iframe, to view it upgrade your browser or enable iframe display.</iframe></div><p id="title"><a class="left" href="http://www.fedoraproject.org"><img src="Common_Content/images/image_left.png" alt="Product Site" /></a><a class="right" href="http://docs.fedoraproject.org"><img src="Common_Content/images/image_right.png" alt="Documentation Site" /></a></p><ul class="docnav"><li class="previous">
<a accesskey="p" href="sect-Defensive_Coding-Tasks-Serialization-XML-Validation.html"><strong>Prev</strong></a></li><li class="next"><a accesskey="n" href="sect-Defensive_Coding-Tasks-Serialization-Qt.html"><strong>Next</strong></a></li></ul><div class="section" id="sect-Defensive_Coding-Tasks-Serialization-XML-Expat"><div class="titlepage"><div><div keep-together.within-column="always"><h3 class="title">12.5.5. Using Expat for XML parsing</h3></div></div></div><div class="para">
+ By default, Expat does not try to resolve external IDs, so no steps are required to block them. However, internal entity declarations are processed. Installing a callback which stops parsing as soon as such entities are encountered disables them, see <a class="xref" href="sect-Defensive_Coding-Tasks-Serialization-XML-Expat.html#ex-Defensive_Coding-Tasks-Serialization-XML-Expat-EntityDeclHandler">Example 12.1, “Disabling XML entity processing with Expat”</a>. Expat does not perform any validation, so there are no problems related to that.
+ </div><div class="example" id="ex-Defensive_Coding-Tasks-Serialization-XML-Expat-EntityDeclHandler"><h6>Example 12.1. Disabling XML entity processing with Expat</h6><div class="example-contents"><pre xml:lang="en-US" class="programlisting" lang="en-US">
<span class="perl_Comment">// Stop the parser when an entity declaration is encountered.</span><span class="perl_Comment"></span>
<span class="perl_Comment"></span><span class="perl_DataType">static</span> <span class="perl_DataType">void</span>
EntityDeclHandler(<span class="perl_DataType">void</span> *userData,
@@ -20,8 +20,8 @@ EntityDeclHandler(<span class="perl_DataType">void</span> *userData,
XML_StopParser((XML_Parser)userData, XML_FALSE);
}
</pre></div></div><br class="example-break" /><div class="para">
- This handler must be installed when the <code class="literal">XML_Parser</code> object is created (<a class="xref" href="sect-Defensive_Coding-Tasks-Serialization-XML-Expat.html#ex-Defensive_Coding-Tasks-Serialization-XML-Expat-Create">Example 10.2, “Creating an Expat XML parser”</a>).
- </div><div class="example" id="ex-Defensive_Coding-Tasks-Serialization-XML-Expat-Create"><h6>Example 10.2. Creating an Expat XML parser</h6><div class="example-contents"><pre xml:lang="en-US" class="programlisting" lang="en-US">
+ This handler must be installed when the <code class="literal">XML_Parser</code> object is created (<a class="xref" href="sect-Defensive_Coding-Tasks-Serialization-XML-Expat.html#ex-Defensive_Coding-Tasks-Serialization-XML-Expat-Create">Example 12.2, “Creating an Expat XML parser”</a>).
+ </div><div class="example" id="ex-Defensive_Coding-Tasks-Serialization-XML-Expat-Create"><h6>Example 12.2. Creating an Expat XML parser</h6><div class="example-contents"><pre xml:lang="en-US" class="programlisting" lang="en-US">
XML_Parser parser = XML_ParserCreate(<span class="perl_String">"UTF-8"</span>);
<span class="perl_Keyword">if</span> (parser == NULL) {
fprintf(stderr, <span class="perl_String">"XML_ParserCreate failed</span><span class="perl_Char">\n</span><span class="perl_String">"</span>);
@@ -35,4 +35,4 @@ XML_Parser parser = XML_ParserCreate(<span class="perl_String">"UTF-8"</span>);
<span class="perl_Comment"></span>XML_SetEntityDeclHandler(parser, EntityDeclHandler);
</pre></div></div><br class="example-break" /><div class="para">
It is also possible to reject internal DTD subsets altogeher, using a suitable <code class="literal">XML_StartDoctypeDeclHandler</code> handler installed with <code class="function">XML_SetDoctypeDeclHandler</code>.
- </div></div><ul class="docnav"><li class="previous"><a accesskey="p" href="sect-Defensive_Coding-Tasks-Serialization-XML-Validation.html"><strong>Prev</strong>10.4.4. Algorithmic complexity of XML validation</a></li><li class="up"><a accesskey="u" href="#"><strong>Up</strong></a></li><li class="home"><a accesskey="h" href="index.html"><strong>Home</strong></a></li><li class="next"><a accesskey="n" href="sect-Defensive_Coding-Tasks-Serialization-Qt.html"><strong>Next</strong>10.4.6. Using Qt for XML parsing</a></li></ul></body></html>
\ No newline at end of file
+ </div></div><ul class="docnav"><li class="previous"><a accesskey="p" href="sect-Defensive_Coding-Tasks-Serialization-XML-Validation.html"><strong>Prev</strong>12.5.4. Algorithmic complexity of XML validation</a></li><li class="up"><a accesskey="u" href="#"><strong>Up</strong></a></li><li class="home"><a accesskey="h" href="index.html"><strong>Home</strong></a></li><li class="next"><a accesskey="n" href="sect-Defensive_Coding-Tasks-Serialization-Qt.html"><strong>Next</strong>12.5.6. Using Qt for XML parsing</a></li></ul></body></html>
\ No newline at end of file
diff --git a/public_html/en-US/Fedora_Security_Team/1/html/Defensive_Coding/sect-Defensive_Coding-Tasks-Serialization-XML-OpenJDK_Parse-Other.html b/public_html/en-US/Fedora_Security_Team/1/html/Defensive_Coding/sect-Defensive_Coding-Tasks-Serialization-XML-OpenJDK_Parse-Other.html
index 0ec5695..e8cf115 100644
--- a/public_html/en-US/Fedora_Security_Team/1/html/Defensive_Coding/sect-Defensive_Coding-Tasks-Serialization-XML-OpenJDK_Parse-Other.html
+++ b/public_html/en-US/Fedora_Security_Team/1/html/Defensive_Coding/sect-Defensive_Coding-Tasks-Serialization-XML-OpenJDK_Parse-Other.html
@@ -1,13 +1,13 @@
<?xml version="1.0" encoding="UTF-8" standalone="no"?>
-<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd"><html xmlns="http://www.w3.org/1999/xhtml"><head><meta http-equiv="Content-Type" content="text/html; charset=UTF-8" /><title>10.4.7.3. Other XML parsers in OpenJDK</title><link rel="stylesheet" type="text/css" href="Common_Content/css/default.css" /><link rel="stylesheet" media="print" href="Common_Content/css/print.css" type="text/css" /><meta name="generator" content="publican 2.8" /><meta name="package" content="Fedora_Security_Team-Defensive_Coding-1-en-US--" /><script type="text/javascript" src="../../../../../toc.js"></script><script type="text/javascript">
+<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd"><html xmlns="http://www.w3.org/1999/xhtml"><head><meta http-equiv="Content-Type" content="text/html; charset=UTF-8" /><title>12.5.7.3. Other XML parsers in OpenJDK</title><link rel="stylesheet" type="text/css" href="Common_Content/css/default.css" /><link rel="stylesheet" media="print" href="Common_Content/css/print.css" type="text/css" /><meta name="generator" content="publican 2.8" /><meta name="package" content="Fedora_Security_Team-Defensive_Coding-1-en-US-1-1" /><script type="text/javascript" src="../../../../../toc.js"></script><script type="text/javascript">
addID('Fedora_Security_Team');
addID('Fedora_Security_Team.1');
addID('Fedora_Security_Team.1.books');
addID('Fedora_Security_Team.1.Defensive_Coding');
- </script><link rel="home" href="index.html" title="Defensive Coding" /><link rel="up" href="sect-Defensive_Coding-Tasks-Serialization-XML-OpenJDK_Parse.html" title="10.4.7. Using OpenJDK for XML parsing and validation" /><link rel="prev" href="sect-Defensive_Coding-Tasks-Serialization-XML-OpenJDK_Parse-SAX.html" title="10.4.7.2. XML Schema validation in OpenJDK" /><link rel="next" href="ch10s05.html" title="10.5. Protocol Encoders" /></head><body class="toc_embeded "><div id="tocdiv" class="toc"><iframe id="tocframe" class="toc" src="../../../../toc.html">This is an iframe, to view it upgrade your browser or enable iframe display.</iframe></div><p id="title"><a class="left" href="http://www.fedoraproject.org"><img src="Common_Content/images/image_left.png" alt="Product Site" /></a><a class="right" href="http://docs.fedoraproject.org"><img src="Common_Content/images/image_right.png" alt="Documentation Site" /></a></p><ul class="docnav"><li class="previous"><a
accesskey="p" href="sect-Defensive_Coding-Tasks-Serialization-XML-OpenJDK_Parse-SAX.html"><strong>Prev</strong></a></li><li class="next"><a accesskey="n" href="ch10s05.html"><strong>Next</strong></a></li></ul><div class="section" id="sect-Defensive_Coding-Tasks-Serialization-XML-OpenJDK_Parse-Other"><div class="titlepage"><div><div keep-together.within-column="always"><h4 class="title">10.4.7.3. Other XML parsers in OpenJDK</h4></div></div></div><div class="para">
+ </script><link rel="home" href="index.html" title="Defensive Coding" /><link rel="up" href="sect-Defensive_Coding-Tasks-Serialization-XML-OpenJDK_Parse.html" title="12.5.7. Using OpenJDK for XML parsing and validation" /><link rel="prev" href="sect-Defensive_Coding-Tasks-Serialization-XML-OpenJDK_Parse-SAX.html" title="12.5.7.2. XML Schema validation in OpenJDK" /><link rel="next" href="ch12s06.html" title="12.6. Protocol Encoders" /></head><body class="toc_embeded "><div id="tocdiv" class="toc"><iframe id="tocframe" class="toc" src="../../../../toc.html">This is an iframe, to view it upgrade your browser or enable iframe display.</iframe></div><p id="title"><a class="left" href="http://www.fedoraproject.org"><img src="Common_Content/images/image_left.png" alt="Product Site" /></a><a class="right" href="http://docs.fedoraproject.org"><img src="Common_Content/images/image_right.png" alt="Documentation Site" /></a></p><ul class="docnav"><li class="previous"><a
accesskey="p" href="sect-Defensive_Coding-Tasks-Serialization-XML-OpenJDK_Parse-SAX.html"><strong>Prev</strong></a></li><li class="next"><a accesskey="n" href="ch12s06.html"><strong>Next</strong></a></li></ul><div class="section" id="sect-Defensive_Coding-Tasks-Serialization-XML-OpenJDK_Parse-Other"><div class="titlepage"><div><div keep-together.within-column="always"><h4 class="title">12.5.7.3. Other XML parsers in OpenJDK</h4></div></div></div><div class="para">
OpenJDK contains additional XML parsing and processing facilities. Some of them are insecure.
</div><div class="para">
- The class <span class="type">java.beans.XMLDecoder</span> acts as a bridge between the Java object serialization format and XML. It is close to impossible to securely deserialize Java objects in this format from untrusted inputs, so its use is not recommended, as with the Java object serialization format itself. See <a class="xref" href="ch10s03.html#sect-Defensive_Coding-Tasks-Serialization-Library">Section 10.3, “Library support for deserialization”</a>.
- </div></div><ul class="docnav"><li class="previous"><a accesskey="p" href="sect-Defensive_Coding-Tasks-Serialization-XML-OpenJDK_Parse-SAX.html"><strong>Prev</strong>10.4.7.2. XML Schema validation in OpenJDK</a></li><li class="up"><a accesskey="u" href="#"><strong>Up</strong></a></li><li class="home"><a accesskey="h" href="index.html"><strong>Home</strong></a></li><li class="next"><a accesskey="n" href="ch10s05.html"><strong>Next</strong>10.5. Protocol Encoders</a></li></ul></body></html>
\ No newline at end of file
+ The class <span class="type">java.beans.XMLDecoder</span> acts as a bridge between the Java object serialization format and XML. It is close to impossible to securely deserialize Java objects in this format from untrusted inputs, so its use is not recommended, as with the Java object serialization format itself. See <a class="xref" href="ch12s04.html#sect-Defensive_Coding-Tasks-Serialization-Library">Section 12.4, “Library support for deserialization”</a>.
+ </div></div><ul class="docnav"><li class="previous"><a accesskey="p" href="sect-Defensive_Coding-Tasks-Serialization-XML-OpenJDK_Parse-SAX.html"><strong>Prev</strong>12.5.7.2. XML Schema validation in OpenJDK</a></li><li class="up"><a accesskey="u" href="#"><strong>Up</strong></a></li><li class="home"><a accesskey="h" href="index.html"><strong>Home</strong></a></li><li class="next"><a accesskey="n" href="ch12s06.html"><strong>Next</strong>12.6. Protocol Encoders</a></li></ul></body></html>
\ No newline at end of file
diff --git a/public_html/en-US/Fedora_Security_Team/1/html/Defensive_Coding/sect-Defensive_Coding-Tasks-Serialization-XML-OpenJDK_Parse-SAX.html b/public_html/en-US/Fedora_Security_Team/1/html/Defensive_Coding/sect-Defensive_Coding-Tasks-Serialization-XML-OpenJDK_Parse-SAX.html
index 85d725f..7c857a8 100644
--- a/public_html/en-US/Fedora_Security_Team/1/html/Defensive_Coding/sect-Defensive_Coding-Tasks-Serialization-XML-OpenJDK_Parse-SAX.html
+++ b/public_html/en-US/Fedora_Security_Team/1/html/Defensive_Coding/sect-Defensive_Coding-Tasks-Serialization-XML-OpenJDK_Parse-SAX.html
@@ -1,14 +1,14 @@
<?xml version="1.0" encoding="UTF-8" standalone="no"?>
-<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd"><html xmlns="http://www.w3.org/1999/xhtml"><head><meta http-equiv="Content-Type" content="text/html; charset=UTF-8" /><title>10.4.7.2. XML Schema validation in OpenJDK</title><link rel="stylesheet" type="text/css" href="Common_Content/css/default.css" /><link rel="stylesheet" media="print" href="Common_Content/css/print.css" type="text/css" /><meta name="generator" content="publican 2.8" /><meta name="package" content="Fedora_Security_Team-Defensive_Coding-1-en-US--" /><script type="text/javascript" src="../../../../../toc.js"></script><script type="text/javascript">
+<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd"><html xmlns="http://www.w3.org/1999/xhtml"><head><meta http-equiv="Content-Type" content="text/html; charset=UTF-8" /><title>12.5.7.2. XML Schema validation in OpenJDK</title><link rel="stylesheet" type="text/css" href="Common_Content/css/default.css" /><link rel="stylesheet" media="print" href="Common_Content/css/print.css" type="text/css" /><meta name="generator" content="publican 2.8" /><meta name="package" content="Fedora_Security_Team-Defensive_Coding-1-en-US-1-1" /><script type="text/javascript" src="../../../../../toc.js"></script><script type="text/javascript">
addID('Fedora_Security_Team');
addID('Fedora_Security_Team.1');
addID('Fedora_Security_Team.1.books');
addID('Fedora_Security_Team.1.Defensive_Coding');
- </script><link rel="home" href="index.html" title="Defensive Coding" /><link rel="up" href="sect-Defensive_Coding-Tasks-Serialization-XML-OpenJDK_Parse.html" title="10.4.7. Using OpenJDK for XML parsing and validation" /><link rel="prev" href="sect-Defensive_Coding-Tasks-Serialization-XML-OpenJDK_Parse.html" title="10.4.7. Using OpenJDK for XML parsing and validation" /><link rel="next" href="sect-Defensive_Coding-Tasks-Serialization-XML-OpenJDK_Parse-Other.html" title="10.4.7.3. Other XML parsers in OpenJDK" /></head><body class="toc_embeded "><div id="tocdiv" class="toc"><iframe id="tocframe" class="toc" src="../../../../toc.html">This is an iframe, to view it upgrade your browser or enable iframe display.</iframe></div><p id="title"><a class="left" href="http://www.fedoraproject.org"><img src="Common_Content/images/image_left.png" alt="Product Site" /></a><a class="right" href="http://docs.fedoraproject.org"><img src="Common_Content/images/image_right.png
" alt="Documentation Site" /></a></p><ul class="docnav"><li class="previous"><a accesskey="p" href="sect-Defensive_Coding-Tasks-Serialization-XML-OpenJDK_Parse.html"><strong>Prev</strong></a></li><li class="next"><a accesskey="n" href="sect-Defensive_Coding-Tasks-Serialization-XML-OpenJDK_Parse-Other.html"><strong>Next</strong></a></li></ul><div class="section" id="sect-Defensive_Coding-Tasks-Serialization-XML-OpenJDK_Parse-SAX"><div class="titlepage"><div><div keep-together.within-column="always"><h4 class="title">10.4.7.2. XML Schema validation in OpenJDK</h4></div></div></div><div class="para">
- <a class="xref" href="sect-Defensive_Coding-Tasks-Serialization-XML-OpenJDK_Parse-SAX.html#ex-Defensive_Coding-Tasks-Serialization-XML-OpenJDK_Parse-XMLSchema_SAX">Example 10.10, “SAX-based validation against an XML schema in OpenJDK”</a> shows how to validate a document against an XML Schema, using a SAX-based approach. The XML data is read from an <code class="literal">java.io.InputStream</code> in the <code class="literal">inputStream</code> variable.
- </div><div class="example" id="ex-Defensive_Coding-Tasks-Serialization-XML-OpenJDK_Parse-XMLSchema_SAX"><h6>Example 10.10. SAX-based validation against an XML schema in OpenJDK</h6><div class="example-contents"><pre xml:lang="en-US" class="programlisting" lang="en-US">
+ </script><link rel="home" href="index.html" title="Defensive Coding" /><link rel="up" href="sect-Defensive_Coding-Tasks-Serialization-XML-OpenJDK_Parse.html" title="12.5.7. Using OpenJDK for XML parsing and validation" /><link rel="prev" href="sect-Defensive_Coding-Tasks-Serialization-XML-OpenJDK_Parse.html" title="12.5.7. Using OpenJDK for XML parsing and validation" /><link rel="next" href="sect-Defensive_Coding-Tasks-Serialization-XML-OpenJDK_Parse-Other.html" title="12.5.7.3. Other XML parsers in OpenJDK" /></head><body class="toc_embeded "><div id="tocdiv" class="toc"><iframe id="tocframe" class="toc" src="../../../../toc.html">This is an iframe, to view it upgrade your browser or enable iframe display.</iframe></div><p id="title"><a class="left" href="http://www.fedoraproject.org"><img src="Common_Content/images/image_left.png" alt="Product Site" /></a><a class="right" href="http://docs.fedoraproject.org"><img src="Common_Content/images/image_right.png
" alt="Documentation Site" /></a></p><ul class="docnav"><li class="previous"><a accesskey="p" href="sect-Defensive_Coding-Tasks-Serialization-XML-OpenJDK_Parse.html"><strong>Prev</strong></a></li><li class="next"><a accesskey="n" href="sect-Defensive_Coding-Tasks-Serialization-XML-OpenJDK_Parse-Other.html"><strong>Next</strong></a></li></ul><div class="section" id="sect-Defensive_Coding-Tasks-Serialization-XML-OpenJDK_Parse-SAX"><div class="titlepage"><div><div keep-together.within-column="always"><h4 class="title">12.5.7.2. XML Schema validation in OpenJDK</h4></div></div></div><div class="para">
+ <a class="xref" href="sect-Defensive_Coding-Tasks-Serialization-XML-OpenJDK_Parse-SAX.html#ex-Defensive_Coding-Tasks-Serialization-XML-OpenJDK_Parse-XMLSchema_SAX">Example 12.10, “SAX-based validation against an XML schema in OpenJDK”</a> shows how to validate a document against an XML Schema, using a SAX-based approach. The XML data is read from an <code class="literal">java.io.InputStream</code> in the <code class="literal">inputStream</code> variable.
+ </div><div class="example" id="ex-Defensive_Coding-Tasks-Serialization-XML-OpenJDK_Parse-XMLSchema_SAX"><h6>Example 12.10. SAX-based validation against an XML schema in OpenJDK</h6><div class="example-contents"><pre xml:lang="en-US" class="programlisting" lang="en-US">
SchemaFactory factory = SchemaFactory.<span class="perl_Function">newInstance</span>(
XMLConstants.<span class="perl_Function">W3C_XML_SCHEMA_NS_URI</span>);
@@ -30,10 +30,10 @@ Validator validator = schema.<span class="perl_Function">newValidator</span>();
validator.<span class="perl_Function">validate</span>(<span class="perl_Keyword">new</span> SAXSource(<span class="perl_Keyword">new</span> InputSource(inputStream)));
</pre></div></div><br class="example-break" /><div class="para">
- The <code class="literal">NoResourceResolver</code> class is defined in <a class="xref" href="sect-Defensive_Coding-Tasks-Serialization-XML-OpenJDK_Parse.html#ex-Defensive_Coding-Tasks-Serialization-XML-OpenJDK-NoResourceResolver">Example 10.7, “Helper class to prevent schema resolution in OpenJDK”</a>.
+ The <code class="literal">NoResourceResolver</code> class is defined in <a class="xref" href="sect-Defensive_Coding-Tasks-Serialization-XML-OpenJDK_Parse.html#ex-Defensive_Coding-Tasks-Serialization-XML-OpenJDK-NoResourceResolver">Example 12.7, “Helper class to prevent schema resolution in OpenJDK”</a>.
</div><div class="para">
- If you need to validate a document against an XML schema, use the code in <a class="xref" href="sect-Defensive_Coding-Tasks-Serialization-XML-OpenJDK_Parse.html#ex-Defensive_Coding-Tasks-Serialization-XML-OpenJDK_Parse-DOM">Example 10.9, “DOM-based XML parsing in OpenJDK”</a> to create the document, but do not enable validation at this point. Then use <a class="xref" href="sect-Defensive_Coding-Tasks-Serialization-XML-OpenJDK_Parse-SAX.html#ex-Defensive_Coding-Tasks-Serialization-XML-OpenJDK_Parse-XMLSchema_DOM">Example 10.11, “Validation of a DOM document against an XML schema in OpenJDK”</a> to perform the schema-based validation on the <code class="literal">org.w3c.dom.Document</code> instance <code class="literal">document</code>.
- </div><div class="example" id="ex-Defensive_Coding-Tasks-Serialization-XML-OpenJDK_Parse-XMLSchema_DOM"><h6>Example 10.11. Validation of a DOM document against an XML schema in OpenJDK</h6><div class="example-contents"><pre xml:lang="en-US" class="programlisting" lang="en-US">
+ If you need to validate a document against an XML schema, use the code in <a class="xref" href="sect-Defensive_Coding-Tasks-Serialization-XML-OpenJDK_Parse.html#ex-Defensive_Coding-Tasks-Serialization-XML-OpenJDK_Parse-DOM">Example 12.9, “DOM-based XML parsing in OpenJDK”</a> to create the document, but do not enable validation at this point. Then use <a class="xref" href="sect-Defensive_Coding-Tasks-Serialization-XML-OpenJDK_Parse-SAX.html#ex-Defensive_Coding-Tasks-Serialization-XML-OpenJDK_Parse-XMLSchema_DOM">Example 12.11, “Validation of a DOM document against an XML schema in OpenJDK”</a> to perform the schema-based validation on the <code class="literal">org.w3c.dom.Document</code> instance <code class="literal">document</code>.
+ </div><div class="example" id="ex-Defensive_Coding-Tasks-Serialization-XML-OpenJDK_Parse-XMLSchema_DOM"><h6>Example 12.11. Validation of a DOM document against an XML schema in OpenJDK</h6><div class="example-contents"><pre xml:lang="en-US" class="programlisting" lang="en-US">
SchemaFactory factory = SchemaFactory.<span class="perl_Function">newInstance</span>(
XMLConstants.<span class="perl_Function">W3C_XML_SCHEMA_NS_URI</span>);
@@ -51,4 +51,4 @@ Validator validator = schema.<span class="perl_Function">newValidator</span>();
<span class="perl_Comment">// This prevents external resource resolution.</span><span class="perl_Comment"></span>
<span class="perl_Comment"></span>validator.<span class="perl_Function">setResourceResolver</span>(<span class="perl_Keyword">new</span> <span class="perl_Function">NoResourceResolver</span>());
validator.<span class="perl_Function">validate</span>(<span class="perl_Keyword">new</span> DOMSource(document));
-</pre></div></div><br class="example-break" /></div><ul class="docnav"><li class="previous"><a accesskey="p" href="sect-Defensive_Coding-Tasks-Serialization-XML-OpenJDK_Parse.html"><strong>Prev</strong>10.4.7. Using OpenJDK for XML parsing and validat...</a></li><li class="up"><a accesskey="u" href="#"><strong>Up</strong></a></li><li class="home"><a accesskey="h" href="index.html"><strong>Home</strong></a></li><li class="next"><a accesskey="n" href="sect-Defensive_Coding-Tasks-Serialization-XML-OpenJDK_Parse-Other.html"><strong>Next</strong>10.4.7.3. Other XML parsers in OpenJDK</a></li></ul></body></html>
\ No newline at end of file
+</pre></div></div><br class="example-break" /></div><ul class="docnav"><li class="previous"><a accesskey="p" href="sect-Defensive_Coding-Tasks-Serialization-XML-OpenJDK_Parse.html"><strong>Prev</strong>12.5.7. Using OpenJDK for XML parsing and validat...</a></li><li class="up"><a accesskey="u" href="#"><strong>Up</strong></a></li><li class="home"><a accesskey="h" href="index.html"><strong>Home</strong></a></li><li class="next"><a accesskey="n" href="sect-Defensive_Coding-Tasks-Serialization-XML-OpenJDK_Parse-Other.html"><strong>Next</strong>12.5.7.3. Other XML parsers in OpenJDK</a></li></ul></body></html>
\ No newline at end of file
diff --git a/public_html/en-US/Fedora_Security_Team/1/html/Defensive_Coding/sect-Defensive_Coding-Tasks-Serialization-XML-OpenJDK_Parse.html b/public_html/en-US/Fedora_Security_Team/1/html/Defensive_Coding/sect-Defensive_Coding-Tasks-Serialization-XML-OpenJDK_Parse.html
index e6ac9b1..46fa964 100644
--- a/public_html/en-US/Fedora_Security_Team/1/html/Defensive_Coding/sect-Defensive_Coding-Tasks-Serialization-XML-OpenJDK_Parse.html
+++ b/public_html/en-US/Fedora_Security_Team/1/html/Defensive_Coding/sect-Defensive_Coding-Tasks-Serialization-XML-OpenJDK_Parse.html
@@ -1,18 +1,18 @@
<?xml version="1.0" encoding="UTF-8" standalone="no"?>
-<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd"><html xmlns="http://www.w3.org/1999/xhtml"><head><meta http-equiv="Content-Type" content="text/html; charset=UTF-8" /><title>10.4.7. Using OpenJDK for XML parsing and validation</title><link rel="stylesheet" type="text/css" href="Common_Content/css/default.css" /><link rel="stylesheet" media="print" href="Common_Content/css/print.css" type="text/css" /><meta name="generator" content="publican 2.8" /><meta name="package" content="Fedora_Security_Team-Defensive_Coding-1-en-US--" /><script type="text/javascript" src="../../../../../toc.js"></script><script type="text/javascript">
+<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd"><html xmlns="http://www.w3.org/1999/xhtml"><head><meta http-equiv="Content-Type" content="text/html; charset=UTF-8" /><title>12.5.7. Using OpenJDK for XML parsing and validation</title><link rel="stylesheet" type="text/css" href="Common_Content/css/default.css" /><link rel="stylesheet" media="print" href="Common_Content/css/print.css" type="text/css" /><meta name="generator" content="publican 2.8" /><meta name="package" content="Fedora_Security_Team-Defensive_Coding-1-en-US-1-1" /><script type="text/javascript" src="../../../../../toc.js"></script><script type="text/javascript">
addID('Fedora_Security_Team');
addID('Fedora_Security_Team.1');
addID('Fedora_Security_Team.1.books');
addID('Fedora_Security_Team.1.Defensive_Coding');
- </script><link rel="home" href="index.html" title="Defensive Coding" /><link rel="up" href="sect-Defensive_Coding-Tasks-Serialization-XML.html" title="10.4. XML serialization" /><link rel="prev" href="sect-Defensive_Coding-Tasks-Serialization-Qt.html" title="10.4.6. Using Qt for XML parsing" /><link rel="next" href="sect-Defensive_Coding-Tasks-Serialization-XML-OpenJDK_Parse-SAX.html" title="10.4.7.2. XML Schema validation in OpenJDK" /></head><body class="toc_embeded "><div id="tocdiv" class="toc"><iframe id="tocframe" class="toc" src="../../../../toc.html">This is an iframe, to view it upgrade your browser or enable iframe display.</iframe></div><p id="title"><a class="left" href="http://www.fedoraproject.org"><img src="Common_Content/images/image_left.png" alt="Product Site" /></a><a class="right" href="http://docs.fedoraproject.org"><img src="Common_Content/images/image_right.png" alt="Documentation Site" /></a></p><ul class="docnav"><li class="previous"
><a accesskey="p" href="sect-Defensive_Coding-Tasks-Serialization-Qt.html"><strong>Prev</strong></a></li><li class="next"><a accesskey="n" href="sect-Defensive_Coding-Tasks-Serialization-XML-OpenJDK_Parse-SAX.html"><strong>Next</strong></a></li></ul><div class="section" id="sect-Defensive_Coding-Tasks-Serialization-XML-OpenJDK_Parse"><div class="titlepage"><div><div keep-together.within-column="always"><h3 class="title">10.4.7. Using OpenJDK for XML parsing and validation</h3></div></div></div><div class="para">
+ </script><link rel="home" href="index.html" title="Defensive Coding" /><link rel="up" href="sect-Defensive_Coding-Tasks-Serialization-XML.html" title="12.5. XML serialization" /><link rel="prev" href="sect-Defensive_Coding-Tasks-Serialization-Qt.html" title="12.5.6. Using Qt for XML parsing" /><link rel="next" href="sect-Defensive_Coding-Tasks-Serialization-XML-OpenJDK_Parse-SAX.html" title="12.5.7.2. XML Schema validation in OpenJDK" /></head><body class="toc_embeded "><div id="tocdiv" class="toc"><iframe id="tocframe" class="toc" src="../../../../toc.html">This is an iframe, to view it upgrade your browser or enable iframe display.</iframe></div><p id="title"><a class="left" href="http://www.fedoraproject.org"><img src="Common_Content/images/image_left.png" alt="Product Site" /></a><a class="right" href="http://docs.fedoraproject.org"><img src="Common_Content/images/image_right.png" alt="Documentation Site" /></a></p><ul class="docnav"><li class="previous"
><a accesskey="p" href="sect-Defensive_Coding-Tasks-Serialization-Qt.html"><strong>Prev</strong></a></li><li class="next"><a accesskey="n" href="sect-Defensive_Coding-Tasks-Serialization-XML-OpenJDK_Parse-SAX.html"><strong>Next</strong></a></li></ul><div class="section" id="sect-Defensive_Coding-Tasks-Serialization-XML-OpenJDK_Parse"><div class="titlepage"><div><div keep-together.within-column="always"><h3 class="title">12.5.7. Using OpenJDK for XML parsing and validation</h3></div></div></div><div class="para">
OpenJDK contains facilities for DOM-based, SAX-based, and StAX-based document parsing. Documents can be validated against DTDs or XML schemas.
</div><div class="para">
- The approach taken to deal with entity expansion differs from the general recommendation in <a class="xref" href="sect-Defensive_Coding-Tasks-Serialization-XML-Entities.html">Section 10.4.2, “Entity expansion”</a>. We enable the the feature flag <code class="literal">javax.xml.XMLConstants.FEATURE_SECURE_PROCESSING</code>, which enforces heuristic restrictions on the number of entity expansions. Note that this flag alone does not prevent resolution of external references (system IDs or public IDs), so it is slightly misnamed.
+ The approach taken to deal with entity expansion differs from the general recommendation in <a class="xref" href="sect-Defensive_Coding-Tasks-Serialization-XML-Entities.html">Section 12.5.2, “Entity expansion”</a>. We enable the the feature flag <code class="literal">javax.xml.XMLConstants.FEATURE_SECURE_PROCESSING</code>, which enforces heuristic restrictions on the number of entity expansions. Note that this flag alone does not prevent resolution of external references (system IDs or public IDs), so it is slightly misnamed.
</div><div class="para">
In the following sections, we use helper classes to prevent external ID resolution.
- </div><div class="example" id="ex-Defensive_Coding-Tasks-Serialization-XML-OpenJDK-NoEntityResolver"><h6>Example 10.6. Helper class to prevent DTD external entity resolution in OpenJDK</h6><div class="example-contents"><pre xml:lang="en-US" class="programlisting" lang="en-US">
+ </div><div class="example" id="ex-Defensive_Coding-Tasks-Serialization-XML-OpenJDK-NoEntityResolver"><h6>Example 12.6. Helper class to prevent DTD external entity resolution in OpenJDK</h6><div class="example-contents"><pre xml:lang="en-US" class="programlisting" lang="en-US">
<span class="perl_Keyword">class</span> NoEntityResolver <span class="perl_Keyword">implements</span> EntityResolver {
@Override
<span class="perl_Keyword">public</span> InputSource <span class="perl_Function">resolveEntity</span>(String publicId, String systemId)
@@ -22,7 +22,7 @@
<span class="perl_Function"></span> <span class="perl_String">"attempt to resolve </span><span class="perl_Char">\"</span><span class="perl_String">%s</span><span class="perl_Char">\"</span><span class="perl_String"> </span><span class="perl_Char">\"</span><span class="perl_String">%s</span><span class="perl_Char">\"</span><span class="perl_String">"</span>, publicId, systemId));
}
}
-</pre></div></div><br class="example-break" /><div class="example" id="ex-Defensive_Coding-Tasks-Serialization-XML-OpenJDK-NoResourceResolver"><h6>Example 10.7. Helper class to prevent schema resolution in OpenJDK</h6><div class="example-contents"><pre xml:lang="en-US" class="programlisting" lang="en-US">
+</pre></div></div><br class="example-break" /><div class="example" id="ex-Defensive_Coding-Tasks-Serialization-XML-OpenJDK-NoResourceResolver"><h6>Example 12.7. Helper class to prevent schema resolution in OpenJDK</h6><div class="example-contents"><pre xml:lang="en-US" class="programlisting" lang="en-US">
<span class="perl_Keyword">class</span> NoResourceResolver <span class="perl_Keyword">implements</span> LSResourceResolver {
@Override
<span class="perl_Keyword">public</span> LSInput <span class="perl_Function">resolveResource</span>(String type, String namespaceURI,
@@ -35,8 +35,8 @@
}
}
</pre></div></div><br class="example-break" /><div class="para">
- <a class="xref" href="sect-Defensive_Coding-Tasks-Serialization-XML-OpenJDK_Parse.html#ex-Defensive_Coding-Tasks-Serialization-XML-OpenJDK-Imports">Example 10.8, “Java imports for OpenJDK XML parsing”</a> shows the imports used by the examples.
- </div><div class="example" id="ex-Defensive_Coding-Tasks-Serialization-XML-OpenJDK-Imports"><h6>Example 10.8. Java imports for OpenJDK XML parsing</h6><div class="example-contents"><pre xml:lang="en-US" class="programlisting" lang="en-US">
+ <a class="xref" href="sect-Defensive_Coding-Tasks-Serialization-XML-OpenJDK_Parse.html#ex-Defensive_Coding-Tasks-Serialization-XML-OpenJDK-Imports">Example 12.8, “Java imports for OpenJDK XML parsing”</a> shows the imports used by the examples.
+ </div><div class="example" id="ex-Defensive_Coding-Tasks-Serialization-XML-OpenJDK-Imports"><h6>Example 12.8. Java imports for OpenJDK XML parsing</h6><div class="example-contents"><pre xml:lang="en-US" class="programlisting" lang="en-US">
<span class="perl_Keyword">import</span> javax.xml.XMLConstants;
<span class="perl_Keyword">import</span> javax.xml.parsers.DocumentBuilder;
<span class="perl_Keyword">import</span> javax.xml.parsers.DocumentBuilderFactory;
@@ -58,9 +58,9 @@
<span class="perl_Keyword">import</span> org.xml.sax.SAXException;
<span class="perl_Keyword">import</span> org.xml.sax.SAXParseException;
<span class="perl_Keyword">import org.xml.sax.XMLReader;</span>
-</pre></div></div><br class="example-break" /><div class="section" id="sect-Defensive_Coding-Tasks-Serialization-XML-OpenJDK_Parse-DOM"><div class="titlepage"><div><div keep-together.within-column="always"><h4 class="title">10.4.7.1. DOM-based XML parsing and DTD validation in OpenJDK</h4></div></div></div><div class="para">
- This approach produces a <code class="literal">org.w3c.dom.Document</code> object from an input stream. <a class="xref" href="sect-Defensive_Coding-Tasks-Serialization-XML-OpenJDK_Parse.html#ex-Defensive_Coding-Tasks-Serialization-XML-OpenJDK_Parse-DOM">Example 10.9, “DOM-based XML parsing in OpenJDK”</a> use the data from the <code class="literal">java.io.InputStream</code> instance in the <code class="literal">inputStream</code> variable.
- </div><div class="example" id="ex-Defensive_Coding-Tasks-Serialization-XML-OpenJDK_Parse-DOM"><h6>Example 10.9. DOM-based XML parsing in OpenJDK</h6><div class="example-contents"><pre xml:lang="en-US" class="programlisting" lang="en-US">
+</pre></div></div><br class="example-break" /><div class="section" id="sect-Defensive_Coding-Tasks-Serialization-XML-OpenJDK_Parse-DOM"><div class="titlepage"><div><div keep-together.within-column="always"><h4 class="title">12.5.7.1. DOM-based XML parsing and DTD validation in OpenJDK</h4></div></div></div><div class="para">
+ This approach produces a <code class="literal">org.w3c.dom.Document</code> object from an input stream. <a class="xref" href="sect-Defensive_Coding-Tasks-Serialization-XML-OpenJDK_Parse.html#ex-Defensive_Coding-Tasks-Serialization-XML-OpenJDK_Parse-DOM">Example 12.9, “DOM-based XML parsing in OpenJDK”</a> use the data from the <code class="literal">java.io.InputStream</code> instance in the <code class="literal">inputStream</code> variable.
+ </div><div class="example" id="ex-Defensive_Coding-Tasks-Serialization-XML-OpenJDK_Parse-DOM"><h6>Example 12.9. DOM-based XML parsing in OpenJDK</h6><div class="example-contents"><pre xml:lang="en-US" class="programlisting" lang="en-US">
DocumentBuilderFactory factory = DocumentBuilderFactory.<span class="perl_Function">newInstance</span>();
<span class="perl_Comment">// Impose restrictions on the complexity of the DTD.</span><span class="perl_Comment"></span>
<span class="perl_Comment"></span>factory.<span class="perl_Function">setFeature</span>(XMLConstants.<span class="perl_Function">FEATURE_SECURE_PROCESSING</span>, <span class="perl_Keyword">true</span>);
@@ -75,7 +75,7 @@ builder.<span class="perl_Function">setEntityResolver</span>(<span class="perl_K
builder.<span class="perl_Function">setErrorHandler</span>(<span class="perl_Keyword">new</span> <span class="perl_Function">Errors</span>());
Document document = builder.<span class="perl_Function">parse</span>(inputStream);
</pre></div></div><br class="example-break" /><div class="para">
- External entity references are prohibited using the <code class="literal">NoEntityResolver</code> class in <a class="xref" href="sect-Defensive_Coding-Tasks-Serialization-XML-OpenJDK_Parse.html#ex-Defensive_Coding-Tasks-Serialization-XML-OpenJDK-NoEntityResolver">Example 10.6, “Helper class to prevent DTD external entity resolution in OpenJDK”</a>. Because external DTD references are prohibited, DTD validation (if enabled) will only happen against the internal DTD subset embedded in the XML document.
+ External entity references are prohibited using the <code class="literal">NoEntityResolver</code> class in <a class="xref" href="sect-Defensive_Coding-Tasks-Serialization-XML-OpenJDK_Parse.html#ex-Defensive_Coding-Tasks-Serialization-XML-OpenJDK-NoEntityResolver">Example 12.6, “Helper class to prevent DTD external entity resolution in OpenJDK”</a>. Because external DTD references are prohibited, DTD validation (if enabled) will only happen against the internal DTD subset embedded in the XML document.
</div><div class="para">
To validate the document against an external DTD, use a <code class="literal">javax.xml.transform.Transformer</code> class to add the DTD reference to the document, and an entity resolver which whitelists this external reference.
- </div></div></div><ul class="docnav"><li class="previous"><a accesskey="p" href="sect-Defensive_Coding-Tasks-Serialization-Qt.html"><strong>Prev</strong>10.4.6. Using Qt for XML parsing</a></li><li class="up"><a accesskey="u" href="#"><strong>Up</strong></a></li><li class="home"><a accesskey="h" href="index.html"><strong>Home</strong></a></li><li class="next"><a accesskey="n" href="sect-Defensive_Coding-Tasks-Serialization-XML-OpenJDK_Parse-SAX.html"><strong>Next</strong>10.4.7.2. XML Schema validation in OpenJDK</a></li></ul></body></html>
\ No newline at end of file
+ </div></div></div><ul class="docnav"><li class="previous"><a accesskey="p" href="sect-Defensive_Coding-Tasks-Serialization-Qt.html"><strong>Prev</strong>12.5.6. Using Qt for XML parsing</a></li><li class="up"><a accesskey="u" href="#"><strong>Up</strong></a></li><li class="home"><a accesskey="h" href="index.html"><strong>Home</strong></a></li><li class="next"><a accesskey="n" href="sect-Defensive_Coding-Tasks-Serialization-XML-OpenJDK_Parse-SAX.html"><strong>Next</strong>12.5.7.2. XML Schema validation in OpenJDK</a></li></ul></body></html>
\ No newline at end of file
diff --git a/public_html/en-US/Fedora_Security_Team/1/html/Defensive_Coding/sect-Defensive_Coding-Tasks-Serialization-XML-Validation.html b/public_html/en-US/Fedora_Security_Team/1/html/Defensive_Coding/sect-Defensive_Coding-Tasks-Serialization-XML-Validation.html
index 16fe857..11f2f3e 100644
--- a/public_html/en-US/Fedora_Security_Team/1/html/Defensive_Coding/sect-Defensive_Coding-Tasks-Serialization-XML-Validation.html
+++ b/public_html/en-US/Fedora_Security_Team/1/html/Defensive_Coding/sect-Defensive_Coding-Tasks-Serialization-XML-Validation.html
@@ -1,13 +1,13 @@
<?xml version="1.0" encoding="UTF-8" standalone="no"?>
-<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd"><html xmlns="http://www.w3.org/1999/xhtml"><head><meta http-equiv="Content-Type" content="text/html; charset=UTF-8" /><title>10.4.4. Algorithmic complexity of XML validation</title><link rel="stylesheet" type="text/css" href="Common_Content/css/default.css" /><link rel="stylesheet" media="print" href="Common_Content/css/print.css" type="text/css" /><meta name="generator" content="publican 2.8" /><meta name="package" content="Fedora_Security_Team-Defensive_Coding-1-en-US--" /><script type="text/javascript" src="../../../../../toc.js"></script><script type="text/javascript">
+<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd"><html xmlns="http://www.w3.org/1999/xhtml"><head><meta http-equiv="Content-Type" content="text/html; charset=UTF-8" /><title>12.5.4. Algorithmic complexity of XML validation</title><link rel="stylesheet" type="text/css" href="Common_Content/css/default.css" /><link rel="stylesheet" media="print" href="Common_Content/css/print.css" type="text/css" /><meta name="generator" content="publican 2.8" /><meta name="package" content="Fedora_Security_Team-Defensive_Coding-1-en-US-1-1" /><script type="text/javascript" src="../../../../../toc.js"></script><script type="text/javascript">
addID('Fedora_Security_Team');
addID('Fedora_Security_Team.1');
addID('Fedora_Security_Team.1.books');
addID('Fedora_Security_Team.1.Defensive_Coding');
- </script><link rel="home" href="index.html" title="Defensive Coding" /><link rel="up" href="sect-Defensive_Coding-Tasks-Serialization-XML.html" title="10.4. XML serialization" /><link rel="prev" href="sect-Defensive_Coding-Tasks-Serialization-XML-XInclude.html" title="10.4.3. XInclude processing" /><link rel="next" href="sect-Defensive_Coding-Tasks-Serialization-XML-Expat.html" title="10.4.5. Using Expat for XML parsing" /></head><body class="toc_embeded "><div id="tocdiv" class="toc"><iframe id="tocframe" class="toc" src="../../../../toc.html">This is an iframe, to view it upgrade your browser or enable iframe display.</iframe></div><p id="title"><a class="left" href="http://www.fedoraproject.org"><img src="Common_Content/images/image_left.png" alt="Product Site" /></a><a class="right" href="http://docs.fedoraproject.org"><img src="Common_Content/images/image_right.png" alt="Documentation Site" /></a></p><ul class="docnav"><li class="previous"><a accesskey=
"p" href="sect-Defensive_Coding-Tasks-Serialization-XML-XInclude.html"><strong>Prev</strong></a></li><li class="next"><a accesskey="n" href="sect-Defensive_Coding-Tasks-Serialization-XML-Expat.html"><strong>Next</strong></a></li></ul><div class="section" id="sect-Defensive_Coding-Tasks-Serialization-XML-Validation"><div class="titlepage"><div><div keep-together.within-column="always"><h3 class="title">10.4.4. Algorithmic complexity of XML validation</h3></div></div></div><div class="para">
+ </script><link rel="home" href="index.html" title="Defensive Coding" /><link rel="up" href="sect-Defensive_Coding-Tasks-Serialization-XML.html" title="12.5. XML serialization" /><link rel="prev" href="sect-Defensive_Coding-Tasks-Serialization-XML-XInclude.html" title="12.5.3. XInclude processing" /><link rel="next" href="sect-Defensive_Coding-Tasks-Serialization-XML-Expat.html" title="12.5.5. Using Expat for XML parsing" /></head><body class="toc_embeded "><div id="tocdiv" class="toc"><iframe id="tocframe" class="toc" src="../../../../toc.html">This is an iframe, to view it upgrade your browser or enable iframe display.</iframe></div><p id="title"><a class="left" href="http://www.fedoraproject.org"><img src="Common_Content/images/image_left.png" alt="Product Site" /></a><a class="right" href="http://docs.fedoraproject.org"><img src="Common_Content/images/image_right.png" alt="Documentation Site" /></a></p><ul class="docnav"><li class="previous"><a accesskey=
"p" href="sect-Defensive_Coding-Tasks-Serialization-XML-XInclude.html"><strong>Prev</strong></a></li><li class="next"><a accesskey="n" href="sect-Defensive_Coding-Tasks-Serialization-XML-Expat.html"><strong>Next</strong></a></li></ul><div class="section" id="sect-Defensive_Coding-Tasks-Serialization-XML-Validation"><div class="titlepage"><div><div keep-together.within-column="always"><h3 class="title">12.5.4. Algorithmic complexity of XML validation</h3></div></div></div><div class="para">
DTD-based XML validation uses regular expressions for content models. The XML specification requires that content models are deterministic, which means that efficient validation is possible. However, some implementations do not enforce determinism, and require exponential (or just polynomial) amount of space or time for validating some DTD/document combinations.
</div><div class="para">
XML schemas and RELAX NG (via the <code class="literal">xsd:</code> prefix) directly support textual regular expressions which are not required to be deterministic.
- </div></div><ul class="docnav"><li class="previous"><a accesskey="p" href="sect-Defensive_Coding-Tasks-Serialization-XML-XInclude.html"><strong>Prev</strong>10.4.3. XInclude processing</a></li><li class="up"><a accesskey="u" href="#"><strong>Up</strong></a></li><li class="home"><a accesskey="h" href="index.html"><strong>Home</strong></a></li><li class="next"><a accesskey="n" href="sect-Defensive_Coding-Tasks-Serialization-XML-Expat.html"><strong>Next</strong>10.4.5. Using Expat for XML parsing</a></li></ul></body></html>
\ No newline at end of file
+ </div></div><ul class="docnav"><li class="previous"><a accesskey="p" href="sect-Defensive_Coding-Tasks-Serialization-XML-XInclude.html"><strong>Prev</strong>12.5.3. XInclude processing</a></li><li class="up"><a accesskey="u" href="#"><strong>Up</strong></a></li><li class="home"><a accesskey="h" href="index.html"><strong>Home</strong></a></li><li class="next"><a accesskey="n" href="sect-Defensive_Coding-Tasks-Serialization-XML-Expat.html"><strong>Next</strong>12.5.5. Using Expat for XML parsing</a></li></ul></body></html>
\ No newline at end of file
diff --git a/public_html/en-US/Fedora_Security_Team/1/html/Defensive_Coding/sect-Defensive_Coding-Tasks-Serialization-XML-XInclude.html b/public_html/en-US/Fedora_Security_Team/1/html/Defensive_Coding/sect-Defensive_Coding-Tasks-Serialization-XML-XInclude.html
index 2819326..679c16b 100644
--- a/public_html/en-US/Fedora_Security_Team/1/html/Defensive_Coding/sect-Defensive_Coding-Tasks-Serialization-XML-XInclude.html
+++ b/public_html/en-US/Fedora_Security_Team/1/html/Defensive_Coding/sect-Defensive_Coding-Tasks-Serialization-XML-XInclude.html
@@ -1,13 +1,13 @@
<?xml version="1.0" encoding="UTF-8" standalone="no"?>
-<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd"><html xmlns="http://www.w3.org/1999/xhtml"><head><meta http-equiv="Content-Type" content="text/html; charset=UTF-8" /><title>10.4.3. XInclude processing</title><link rel="stylesheet" type="text/css" href="Common_Content/css/default.css" /><link rel="stylesheet" media="print" href="Common_Content/css/print.css" type="text/css" /><meta name="generator" content="publican 2.8" /><meta name="package" content="Fedora_Security_Team-Defensive_Coding-1-en-US--" /><script type="text/javascript" src="../../../../../toc.js"></script><script type="text/javascript">
+<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd"><html xmlns="http://www.w3.org/1999/xhtml"><head><meta http-equiv="Content-Type" content="text/html; charset=UTF-8" /><title>12.5.3. XInclude processing</title><link rel="stylesheet" type="text/css" href="Common_Content/css/default.css" /><link rel="stylesheet" media="print" href="Common_Content/css/print.css" type="text/css" /><meta name="generator" content="publican 2.8" /><meta name="package" content="Fedora_Security_Team-Defensive_Coding-1-en-US-1-1" /><script type="text/javascript" src="../../../../../toc.js"></script><script type="text/javascript">
addID('Fedora_Security_Team');
addID('Fedora_Security_Team.1');
addID('Fedora_Security_Team.1.books');
addID('Fedora_Security_Team.1.Defensive_Coding');
- </script><link rel="home" href="index.html" title="Defensive Coding" /><link rel="up" href="sect-Defensive_Coding-Tasks-Serialization-XML.html" title="10.4. XML serialization" /><link rel="prev" href="sect-Defensive_Coding-Tasks-Serialization-XML-Entities.html" title="10.4.2. Entity expansion" /><link rel="next" href="sect-Defensive_Coding-Tasks-Serialization-XML-Validation.html" title="10.4.4. Algorithmic complexity of XML validation" /></head><body class="toc_embeded "><div id="tocdiv" class="toc"><iframe id="tocframe" class="toc" src="../../../../toc.html">This is an iframe, to view it upgrade your browser or enable iframe display.</iframe></div><p id="title"><a class="left" href="http://www.fedoraproject.org"><img src="Common_Content/images/image_left.png" alt="Product Site" /></a><a class="right" href="http://docs.fedoraproject.org"><img src="Common_Content/images/image_right.png" alt="Documentation Site" /></a></p><ul class="docnav"><li class="previous
"><a accesskey="p" href="sect-Defensive_Coding-Tasks-Serialization-XML-Entities.html"><strong>Prev</strong></a></li><li class="next"><a accesskey="n" href="sect-Defensive_Coding-Tasks-Serialization-XML-Validation.html"><strong>Next</strong></a></li></ul><div class="section" id="sect-Defensive_Coding-Tasks-Serialization-XML-XInclude"><div class="titlepage"><div><div keep-together.within-column="always"><h3 class="title">10.4.3. XInclude processing</h3></div></div></div><div class="para">
+ </script><link rel="home" href="index.html" title="Defensive Coding" /><link rel="up" href="sect-Defensive_Coding-Tasks-Serialization-XML.html" title="12.5. XML serialization" /><link rel="prev" href="sect-Defensive_Coding-Tasks-Serialization-XML-Entities.html" title="12.5.2. Entity expansion" /><link rel="next" href="sect-Defensive_Coding-Tasks-Serialization-XML-Validation.html" title="12.5.4. Algorithmic complexity of XML validation" /></head><body class="toc_embeded "><div id="tocdiv" class="toc"><iframe id="tocframe" class="toc" src="../../../../toc.html">This is an iframe, to view it upgrade your browser or enable iframe display.</iframe></div><p id="title"><a class="left" href="http://www.fedoraproject.org"><img src="Common_Content/images/image_left.png" alt="Product Site" /></a><a class="right" href="http://docs.fedoraproject.org"><img src="Common_Content/images/image_right.png" alt="Documentation Site" /></a></p><ul class="docnav"><li class="previous
"><a accesskey="p" href="sect-Defensive_Coding-Tasks-Serialization-XML-Entities.html"><strong>Prev</strong></a></li><li class="next"><a accesskey="n" href="sect-Defensive_Coding-Tasks-Serialization-XML-Validation.html"><strong>Next</strong></a></li></ul><div class="section" id="sect-Defensive_Coding-Tasks-Serialization-XML-XInclude"><div class="titlepage"><div><div keep-together.within-column="always"><h3 class="title">12.5.3. XInclude processing</h3></div></div></div><div class="para">
XInclude processing can reference file and network resources and include them into the document, much like external entity references. When parsing untrusted XML documents, XInclude processing should be truned off.
</div><div class="para">
XInclude processing is also fairly complex and may pull in support for the XPointer and XPath specifications, considerably increasing the amount of code required for XML processing.
- </div></div><ul class="docnav"><li class="previous"><a accesskey="p" href="sect-Defensive_Coding-Tasks-Serialization-XML-Entities.html"><strong>Prev</strong>10.4.2. Entity expansion</a></li><li class="up"><a accesskey="u" href="#"><strong>Up</strong></a></li><li class="home"><a accesskey="h" href="index.html"><strong>Home</strong></a></li><li class="next"><a accesskey="n" href="sect-Defensive_Coding-Tasks-Serialization-XML-Validation.html"><strong>Next</strong>10.4.4. Algorithmic complexity of XML validation</a></li></ul></body></html>
\ No newline at end of file
+ </div></div><ul class="docnav"><li class="previous"><a accesskey="p" href="sect-Defensive_Coding-Tasks-Serialization-XML-Entities.html"><strong>Prev</strong>12.5.2. Entity expansion</a></li><li class="up"><a accesskey="u" href="#"><strong>Up</strong></a></li><li class="home"><a accesskey="h" href="index.html"><strong>Home</strong></a></li><li class="next"><a accesskey="n" href="sect-Defensive_Coding-Tasks-Serialization-XML-Validation.html"><strong>Next</strong>12.5.4. Algorithmic complexity of XML validation</a></li></ul></body></html>
\ No newline at end of file
diff --git a/public_html/en-US/Fedora_Security_Team/1/html/Defensive_Coding/sect-Defensive_Coding-Tasks-Serialization-XML.html b/public_html/en-US/Fedora_Security_Team/1/html/Defensive_Coding/sect-Defensive_Coding-Tasks-Serialization-XML.html
index 54dc1f5..8a33af7 100644
--- a/public_html/en-US/Fedora_Security_Team/1/html/Defensive_Coding/sect-Defensive_Coding-Tasks-Serialization-XML.html
+++ b/public_html/en-US/Fedora_Security_Team/1/html/Defensive_Coding/sect-Defensive_Coding-Tasks-Serialization-XML.html
@@ -1,14 +1,14 @@
<?xml version="1.0" encoding="UTF-8" standalone="no"?>
-<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd"><html xmlns="http://www.w3.org/1999/xhtml"><head><meta http-equiv="Content-Type" content="text/html; charset=UTF-8" /><title>10.4. XML serialization</title><link rel="stylesheet" type="text/css" href="Common_Content/css/default.css" /><link rel="stylesheet" media="print" href="Common_Content/css/print.css" type="text/css" /><meta name="generator" content="publican 2.8" /><meta name="package" content="Fedora_Security_Team-Defensive_Coding-1-en-US--" /><script type="text/javascript" src="../../../../../toc.js"></script><script type="text/javascript">
+<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd"><html xmlns="http://www.w3.org/1999/xhtml"><head><meta http-equiv="Content-Type" content="text/html; charset=UTF-8" /><title>12.5. XML serialization</title><link rel="stylesheet" type="text/css" href="Common_Content/css/default.css" /><link rel="stylesheet" media="print" href="Common_Content/css/print.css" type="text/css" /><meta name="generator" content="publican 2.8" /><meta name="package" content="Fedora_Security_Team-Defensive_Coding-1-en-US-1-1" /><script type="text/javascript" src="../../../../../toc.js"></script><script type="text/javascript">
addID('Fedora_Security_Team');
addID('Fedora_Security_Team.1');
addID('Fedora_Security_Team.1.books');
addID('Fedora_Security_Team.1.Defensive_Coding');
- </script><link rel="home" href="index.html" title="Defensive Coding" /><link rel="up" href="chap-Defensive_Coding-Tasks-Serialization.html" title="Chapter 10. Serialization and Deserialization" /><link rel="prev" href="ch10s03.html" title="10.3. Library support for deserialization" /><link rel="next" href="sect-Defensive_Coding-Tasks-Serialization-XML-Entities.html" title="10.4.2. Entity expansion" /></head><body class="toc_embeded "><div id="tocdiv" class="toc"><iframe id="tocframe" class="toc" src="../../../../toc.html">This is an iframe, to view it upgrade your browser or enable iframe display.</iframe></div><p id="title"><a class="left" href="http://www.fedoraproject.org"><img src="Common_Content/images/image_left.png" alt="Product Site" /></a><a class="right" href="http://docs.fedoraproject.org"><img src="Common_Content/images/image_right.png" alt="Documentation Site" /></a></p><ul class="docnav"><li class="previous"><a accesskey="p" href="ch10s03.html
"><strong>Prev</strong></a></li><li class="next"><a accesskey="n" href="sect-Defensive_Coding-Tasks-Serialization-XML-Entities.html"><strong>Next</strong></a></li></ul><div class="section" id="sect-Defensive_Coding-Tasks-Serialization-XML"><div class="titlepage"><div><div keep-together.within-column="always"><h2 class="title">10.4. XML serialization</h2></div></div></div><div class="para">
+ </script><link rel="home" href="index.html" title="Defensive Coding" /><link rel="up" href="chap-Defensive_Coding-Tasks-Serialization.html" title="Chapter 12. Serialization and Deserialization" /><link rel="prev" href="ch12s04.html" title="12.4. Library support for deserialization" /><link rel="next" href="sect-Defensive_Coding-Tasks-Serialization-XML-Entities.html" title="12.5.2. Entity expansion" /></head><body class="toc_embeded "><div id="tocdiv" class="toc"><iframe id="tocframe" class="toc" src="../../../../toc.html">This is an iframe, to view it upgrade your browser or enable iframe display.</iframe></div><p id="title"><a class="left" href="http://www.fedoraproject.org"><img src="Common_Content/images/image_left.png" alt="Product Site" /></a><a class="right" href="http://docs.fedoraproject.org"><img src="Common_Content/images/image_right.png" alt="Documentation Site" /></a></p><ul class="docnav"><li class="previous"><a accesskey="p" href="ch12s04.html
"><strong>Prev</strong></a></li><li class="next"><a accesskey="n" href="sect-Defensive_Coding-Tasks-Serialization-XML-Entities.html"><strong>Next</strong></a></li></ul><div class="section" id="sect-Defensive_Coding-Tasks-Serialization-XML"><div class="titlepage"><div><div keep-together.within-column="always"><h2 class="title">12.5. XML serialization</h2></div></div></div><div class="para">
- </div><div class="section" id="sect-Defensive_Coding-Tasks-Serialization-XML-External"><div class="titlepage"><div><div keep-together.within-column="always"><h3 class="title">10.4.1. External references</h3></div></div></div><div class="para">
+ </div><div class="section" id="sect-Defensive_Coding-Tasks-Serialization-XML-External"><div class="titlepage"><div><div keep-together.within-column="always"><h3 class="title">12.5.1. External references</h3></div></div></div><div class="para">
XML documents can contain external references. They can occur in various places.
</div><div class="itemizedlist"><ul><li class="listitem"><div class="para">
In the DTD declaration in the header of an XML document:
@@ -34,4 +34,4 @@
Originally, these external references were intended as unique identifiers, but by many XML implementations, they are used for locating the data for the referenced element. This causes unwanted network traffic, and may disclose file system contents or otherwise unreachable network resources, so this functionality should be disabled.
</div><div class="para">
Depending on the XML library, external referenced might be processed not just when parsing XML, but also when generating it.
- </div></div></div><ul class="docnav"><li class="previous"><a accesskey="p" href="ch10s03.html"><strong>Prev</strong>10.3. Library support for deserialization</a></li><li class="up"><a accesskey="u" href="#"><strong>Up</strong></a></li><li class="home"><a accesskey="h" href="index.html"><strong>Home</strong></a></li><li class="next"><a accesskey="n" href="sect-Defensive_Coding-Tasks-Serialization-XML-Entities.html"><strong>Next</strong>10.4.2. Entity expansion</a></li></ul></body></html>
\ No newline at end of file
+ </div></div></div><ul class="docnav"><li class="previous"><a accesskey="p" href="ch12s04.html"><strong>Prev</strong>12.4. Library support for deserialization</a></li><li class="up"><a accesskey="u" href="#"><strong>Up</strong></a></li><li class="home"><a accesskey="h" href="index.html"><strong>Home</strong></a></li><li class="next"><a accesskey="n" href="sect-Defensive_Coding-Tasks-Serialization-XML-Entities.html"><strong>Next</strong>12.5.2. Entity expansion</a></li></ul></body></html>
\ No newline at end of file
diff --git a/public_html/en-US/Fedora_Security_Team/1/pdf/Defensive_Coding/Fedora_Security_Team-1-Defensive_Coding-en-US.pdf b/public_html/en-US/Fedora_Security_Team/1/pdf/Defensive_Coding/Fedora_Security_Team-1-Defensive_Coding-en-US.pdf
index 5333290..4badc6e 100644
Binary files a/public_html/en-US/Fedora_Security_Team/1/pdf/Defensive_Coding/Fedora_Security_Team-1-Defensive_Coding-en-US.pdf and b/public_html/en-US/Fedora_Security_Team/1/pdf/Defensive_Coding/Fedora_Security_Team-1-Defensive_Coding-en-US.pdf differ
diff --git a/public_html/en-US/Site_Statistics.html b/public_html/en-US/Site_Statistics.html
index 02caf19..bbbf9bd 100644
--- a/public_html/en-US/Site_Statistics.html
+++ b/public_html/en-US/Site_Statistics.html
@@ -28,7 +28,7 @@
<td>7</td>
<td>45</td>
<td>22</td>
- <td>166</td>
+ <td>167</td>
</tr>
<tr>
@@ -430,7 +430,7 @@
</table>
<div class="totals">
<b>Total Languages: </b>45<br />
- <b>Total Packages: </b>906
+ <b>Total Packages: </b>907
</div>
</body>
</html>
diff --git a/public_html/en-US/opds-Community_Services_Infrastructure.xml b/public_html/en-US/opds-Community_Services_Infrastructure.xml
index 19fa3cf..1cb0d30 100644
--- a/public_html/en-US/opds-Community_Services_Infrastructure.xml
+++ b/public_html/en-US/opds-Community_Services_Infrastructure.xml
@@ -6,7 +6,7 @@
<id>http://docs.fedoraproject.org/en-US/opds-Community_Services_Infrastructure.xml</id>
<title>Community Services Infrastructure</title>
<subtitle>Community Services Infrastructure</subtitle>
- <updated>2014-07-14T17:17:09</updated>
+ <updated>2014-07-21T13:54:26</updated>
<!--author>
<name></name>
<uri></uri>
diff --git a/public_html/en-US/opds-Fedora.xml b/public_html/en-US/opds-Fedora.xml
index 772aa5a..140757e 100644
--- a/public_html/en-US/opds-Fedora.xml
+++ b/public_html/en-US/opds-Fedora.xml
@@ -6,7 +6,7 @@
<id>http://docs.fedoraproject.org/en-US/opds-Fedora.xml</id>
<title>Fedora</title>
<subtitle>Fedora</subtitle>
- <updated>2014-07-14T17:17:09</updated>
+ <updated>2014-07-21T13:54:26</updated>
<!--author>
<name></name>
<uri></uri>
diff --git a/public_html/en-US/opds-Fedora_Contributor_Documentation.xml b/public_html/en-US/opds-Fedora_Contributor_Documentation.xml
index 67f41ea..b9ca332 100644
--- a/public_html/en-US/opds-Fedora_Contributor_Documentation.xml
+++ b/public_html/en-US/opds-Fedora_Contributor_Documentation.xml
@@ -6,7 +6,7 @@
<id>http://docs.fedoraproject.org/en-US/opds-Fedora_Contributor_Documentation.xml</id>
<title>Fedora Contributor Documentation</title>
<subtitle>Fedora Contributor Documentation</subtitle>
- <updated>2014-07-14T17:17:10</updated>
+ <updated>2014-07-21T13:54:26</updated>
<!--author>
<name></name>
<uri></uri>
diff --git a/public_html/en-US/opds-Fedora_Core.xml b/public_html/en-US/opds-Fedora_Core.xml
index 84f6406..be93f04 100644
--- a/public_html/en-US/opds-Fedora_Core.xml
+++ b/public_html/en-US/opds-Fedora_Core.xml
@@ -6,7 +6,7 @@
<id>http://docs.fedoraproject.org/en-US/opds-Fedora_Core.xml</id>
<title>Fedora Core</title>
<subtitle>Fedora Core</subtitle>
- <updated>2014-07-14T17:17:10</updated>
+ <updated>2014-07-21T13:54:26</updated>
<!--author>
<name></name>
<uri></uri>
diff --git a/public_html/en-US/opds-Fedora_Documentation.xml b/public_html/en-US/opds-Fedora_Documentation.xml
index 3ed9585..4338c3a 100644
--- a/public_html/en-US/opds-Fedora_Documentation.xml
+++ b/public_html/en-US/opds-Fedora_Documentation.xml
@@ -6,7 +6,7 @@
<id>http://docs.fedoraproject.org/en-US/opds-Fedora_Documentation.xml</id>
<title>Fedora Documentation</title>
<subtitle>Fedora Documentation</subtitle>
- <updated>2014-07-14T17:17:10</updated>
+ <updated>2014-07-21T13:54:26</updated>
<!--author>
<name></name>
<uri></uri>
diff --git a/public_html/en-US/opds-Fedora_Draft_Documentation.xml b/public_html/en-US/opds-Fedora_Draft_Documentation.xml
index 15c9f3c..3ffa96d 100644
--- a/public_html/en-US/opds-Fedora_Draft_Documentation.xml
+++ b/public_html/en-US/opds-Fedora_Draft_Documentation.xml
@@ -6,7 +6,7 @@
<id>http://docs.fedoraproject.org/en-US/opds-Fedora_Draft_Documentation.xml</id>
<title>Fedora Draft Documentation</title>
<subtitle>Fedora Draft Documentation</subtitle>
- <updated>2014-07-14T17:17:10</updated>
+ <updated>2014-07-21T13:54:26</updated>
<!--author>
<name></name>
<uri></uri>
diff --git a/public_html/en-US/opds-Fedora_Security_Team.xml b/public_html/en-US/opds-Fedora_Security_Team.xml
index 6a98fd5..77165e6 100644
--- a/public_html/en-US/opds-Fedora_Security_Team.xml
+++ b/public_html/en-US/opds-Fedora_Security_Team.xml
@@ -6,13 +6,31 @@
<id>http://docs.fedoraproject.org/en-US/opds-Fedora_Security_Team.xml</id>
<title>Fedora Security Team</title>
<subtitle>Fedora Security Team</subtitle>
- <updated>2014-07-14T17:17:10</updated>
+ <updated>2014-07-21T13:54:26</updated>
<!--author>
<name></name>
<uri></uri>
</author-->
<entry>
+ <title>Defensive Coding</title>
+ <id>http://docs.fedoraproject.org/en-US/Fedora_Security_Team/1/epub/Defensive_Coding/Fedora_Security_Team-1-Defensive_Coding-en-US.epub</id>
+ <!--author>
+ <name></name>
+ <uri></uri>
+ </author-->
+ <updated>2014-07-21</updated>
+ <dc:language>en-US</dc:language>
+ <category label="1" scheme="http://lexcycle.com/stanza/header" term="free"/>
+ <!--dc:issued></dc:issued-->
+ <summary>A Guide to Improving Software Security</summary>
+ <content type="text">This document provides guidelines for improving software security through secure coding. It covers common programming languages and libraries, and focuses on concrete recommendations.</content>
+ <link type="application/epub+zip" rel="http://opds-spec.org/acquisition" href="http://docs.fedoraproject.org/en-US/Fedora_Security_Team/1/epub/Defensive_Coding/Fedora_Security_Team-1-Defensive_Coding-en-US.epub">
+ <dc:format>application/epub+zip</dc:format>
+ </link>
+ <!--link type="application/atom+xml;type=entry" href="" rel="alternate" title="Full entry"/-->
+ </entry>
+ <entry>
<title>Secure Ruby Development Guide</title>
<id>http://docs.fedoraproject.org/en-US/Fedora_Security_Team/1/epub/Secure_Ruby_Development_Guide/Fedora_Security_Team-1-Secure_Ruby_Development_Guide-en-US.epub</id>
<!--author>
@@ -21,7 +39,7 @@
</author-->
<updated>2014-07-14</updated>
<dc:language>en-US</dc:language>
- <category label="1" scheme="http://lexcycle.com/stanza/header" term="free"/>
+ <category label="" scheme="http://lexcycle.com/stanza/header" term="free"/>
<!--dc:issued></dc:issued-->
<summary>Guide to secure software development in Ruby</summary>
<content type="text">This guide covers security aspects of software development in Ruby.</content>
diff --git a/public_html/en-US/opds.xml b/public_html/en-US/opds.xml
index 1461fbd..96972c5 100644
--- a/public_html/en-US/opds.xml
+++ b/public_html/en-US/opds.xml
@@ -6,7 +6,7 @@
<link rel="http://opds-spec.org/crawlable" type="application/atom+xml" href="http://bookserver.archive.org/catalog/crawlable" title="Crawlable feed"/>
<id>http://docs.fedoraproject.org/en-US/opds.xml</id>
<title>Product List</title>
- <updated>2014-07-14T17:17:10</updated>
+ <updated>2014-07-21T13:54:26</updated>
<!--author>
<name></name>
<uri></uri>
@@ -15,7 +15,7 @@
<entry>
<title>Community Services Infrastructure</title>
<id>http://docs.fedoraproject.org/en-US/Community_Services_Infrastructure/opds-Community_Services_Infrastructure.xml</id>
- <updated>2014-07-14T17:17:09</updated>
+ <updated>2014-07-21T13:54:26</updated>
<dc:language>en-US</dc:language>
<content type="text"></content>
<link type="application/atom+xml" href="opds-Community_Services_Infrastructure.xml"/>
@@ -23,7 +23,7 @@
<entry>
<title>Fedora</title>
<id>http://docs.fedoraproject.org/en-US/Fedora/opds-Fedora.xml</id>
- <updated>2014-07-14T17:17:10</updated>
+ <updated>2014-07-21T13:54:26</updated>
<dc:language>en-US</dc:language>
<content type="text"></content>
<link type="application/atom+xml" href="opds-Fedora.xml"/>
@@ -31,7 +31,7 @@
<entry>
<title>Fedora Contributor Documentation</title>
<id>http://docs.fedoraproject.org/en-US/Fedora_Contributor_Documentation/opds-Fedora_Contributor_Documentation.xml</id>
- <updated>2014-07-14T17:17:10</updated>
+ <updated>2014-07-21T13:54:26</updated>
<dc:language>en-US</dc:language>
<content type="text"></content>
<link type="application/atom+xml" href="opds-Fedora_Contributor_Documentation.xml"/>
@@ -39,7 +39,7 @@
<entry>
<title>Fedora Core</title>
<id>http://docs.fedoraproject.org/en-US/Fedora_Core/opds-Fedora_Core.xml</id>
- <updated>2014-07-14T17:17:10</updated>
+ <updated>2014-07-21T13:54:26</updated>
<dc:language>en-US</dc:language>
<content type="text"></content>
<link type="application/atom+xml" href="opds-Fedora_Core.xml"/>
@@ -47,7 +47,7 @@
<entry>
<title>Fedora Documentation</title>
<id>http://docs.fedoraproject.org/en-US/Fedora_Documentation/opds-Fedora_Documentation.xml</id>
- <updated>2014-07-14T17:17:10</updated>
+ <updated>2014-07-21T13:54:26</updated>
<dc:language>en-US</dc:language>
<content type="text"></content>
<link type="application/atom+xml" href="opds-Fedora_Documentation.xml"/>
@@ -55,7 +55,7 @@
<entry>
<title>Fedora Draft Documentation</title>
<id>http://docs.fedoraproject.org/en-US/Fedora_Draft_Documentation/opds-Fedora_Draft_Documentation.xml</id>
- <updated>2014-07-14T17:17:10</updated>
+ <updated>2014-07-21T13:54:26</updated>
<dc:language>en-US</dc:language>
<content type="text"></content>
<link type="application/atom+xml" href="opds-Fedora_Draft_Documentation.xml"/>
@@ -63,7 +63,7 @@
<entry>
<title>Fedora Security Team</title>
<id>http://docs.fedoraproject.org/en-US/Fedora_Security_Team/opds-Fedora_Security_Team.xml</id>
- <updated>2014-07-14T17:17:10</updated>
+ <updated>2014-07-21T13:54:26</updated>
<dc:language>en-US</dc:language>
<content type="text"></content>
<link type="application/atom+xml" href="opds-Fedora_Security_Team.xml"/>
diff --git a/public_html/en-US/toc.html b/public_html/en-US/toc.html
index 7d0837d..dfce351 100644
--- a/public_html/en-US/toc.html
+++ b/public_html/en-US/toc.html
@@ -1675,9 +1675,16 @@
<div class="product collapsed" onclick="toggle(event, 'Fedora_Security_Team');work=1;">
<span class="product">Fedora Security Team</span>
<div id='Fedora_Security_Team' class="versions hidden">
- <div id='Fedora_Security_Team.1' class="version collapsed" onclick="toggle(event, 'Fedora_Security_Team.1.books');">
- <span class="version">1</span>
- <div id='Fedora_Security_Team.1.books' class="books hidden">
+ <div id='Fedora_Security_Team.1' class="version collapsed" onclick="toggle(event, 'Fedora_Security_Team.1.books');"> <div id='Fedora_Security_Team.1.books' class="books">
+ <div id='Fedora_Security_Team.1.Defensive_Coding' class="book collapsed">
+ <a class="type" href="Fedora_Security_Team/1/html/Defensive_Coding/index.html" onclick="window.top.location='./Fedora_Security_Team/1/html/Defensive_Coding/index.html'"><span class="book">Defensive Coding</span></a>
+ <div id='Fedora_Security_Team.1.Defensive_Coding.types' class="types" onclick="work=0;">
+ <a class="type" href="./Fedora_Security_Team/1/epub/Defensive_Coding/Fedora_Security_Team-1-Defensive_Coding-en-US.epub" >epub</a>
+ <a class="type" href="./Fedora_Security_Team/1/html/Defensive_Coding/index.html" onclick="window.top.location='./Fedora_Security_Team/1/html/Defensive_Coding/index.html';return false;">html</a>
+ <a class="type" href="./Fedora_Security_Team/1/html-single/Defensive_Coding/index.html" onclick="window.top.location='./Fedora_Security_Team/1/html-single/Defensive_Coding/index.html';return false;">html-single</a>
+ <a class="type" href="./Fedora_Security_Team/1/pdf/Defensive_Coding/Fedora_Security_Team-1-Defensive_Coding-en-US.pdf" onclick="window.top.location='./Fedora_Security_Team/1/pdf/Defensive_Coding/Fedora_Security_Team-1-Defensive_Coding-en-US.pdf';return false;">pdf</a>
+ </div>
+ </div>
<div id='Fedora_Security_Team.1.Secure_Ruby_Development_Guide' class="book collapsed">
<a class="type" href="Fedora_Security_Team/1/html/Secure_Ruby_Development_Guide/index.html" onclick="window.top.location='./Fedora_Security_Team/1/html/Secure_Ruby_Development_Guide/index.html'"><span class="book">Secure Ruby Development Guide</span></a>
<div id='Fedora_Security_Team.1.Secure_Ruby_Development_Guide.types' class="types" onclick="work=0;">
diff --git a/public_html/es-ES/Site_Statistics.html b/public_html/es-ES/Site_Statistics.html
index 6a8d03e..3ad3661 100644
--- a/public_html/es-ES/Site_Statistics.html
+++ b/public_html/es-ES/Site_Statistics.html
@@ -28,7 +28,7 @@
<td>7</td>
<td>45</td>
<td>22</td>
- <td>166</td>
+ <td>167</td>
</tr>
<tr>
@@ -430,7 +430,7 @@
</table>
<div class="totals">
<b>Idiomas totales: </b>45<br />
- <b>Paquetes totales: </b>906
+ <b>Paquetes totales: </b>907
</div>
</body>
</html>
diff --git a/public_html/es-ES/opds-Community_Services_Infrastructure.xml b/public_html/es-ES/opds-Community_Services_Infrastructure.xml
index a9d8148..d56857e 100644
--- a/public_html/es-ES/opds-Community_Services_Infrastructure.xml
+++ b/public_html/es-ES/opds-Community_Services_Infrastructure.xml
@@ -6,7 +6,7 @@
<id>http://docs.fedoraproject.org/es-ES/opds-Community_Services_Infrastructure.xml</id>
<title>Community Services Infrastructure</title>
<subtitle>Community Services Infrastructure</subtitle>
- <updated>2014-07-14T17:17:10</updated>
+ <updated>2014-07-21T13:54:26</updated>
<!--author>
<name></name>
<uri></uri>
diff --git a/public_html/es-ES/opds-Fedora.xml b/public_html/es-ES/opds-Fedora.xml
index cdee3a5..867e0d0 100644
--- a/public_html/es-ES/opds-Fedora.xml
+++ b/public_html/es-ES/opds-Fedora.xml
@@ -6,7 +6,7 @@
<id>http://docs.fedoraproject.org/es-ES/opds-Fedora.xml</id>
<title>Fedora</title>
<subtitle>Fedora</subtitle>
- <updated>2014-07-14T17:17:10</updated>
+ <updated>2014-07-21T13:54:26</updated>
<!--author>
<name></name>
<uri></uri>
diff --git a/public_html/es-ES/opds-Fedora_Contributor_Documentation.xml b/public_html/es-ES/opds-Fedora_Contributor_Documentation.xml
index 3388e94..e1ee9fd 100644
--- a/public_html/es-ES/opds-Fedora_Contributor_Documentation.xml
+++ b/public_html/es-ES/opds-Fedora_Contributor_Documentation.xml
@@ -6,7 +6,7 @@
<id>http://docs.fedoraproject.org/es-ES/opds-Fedora_Contributor_Documentation.xml</id>
<title>Fedora Documentación de Contribuyente</title>
<subtitle>Fedora Documentación de Contribuyente</subtitle>
- <updated>2014-07-14T17:17:10</updated>
+ <updated>2014-07-21T13:54:26</updated>
<!--author>
<name></name>
<uri></uri>
diff --git a/public_html/es-ES/opds-Fedora_Core.xml b/public_html/es-ES/opds-Fedora_Core.xml
index ce13ba3..bb9745f 100644
--- a/public_html/es-ES/opds-Fedora_Core.xml
+++ b/public_html/es-ES/opds-Fedora_Core.xml
@@ -6,7 +6,7 @@
<id>http://docs.fedoraproject.org/es-ES/opds-Fedora_Core.xml</id>
<title>Fedora Core</title>
<subtitle>Fedora Core</subtitle>
- <updated>2014-07-14T17:17:10</updated>
+ <updated>2014-07-21T13:54:26</updated>
<!--author>
<name></name>
<uri></uri>
diff --git a/public_html/es-ES/opds-Fedora_Documentation.xml b/public_html/es-ES/opds-Fedora_Documentation.xml
index a4cd029..eb7041b 100644
--- a/public_html/es-ES/opds-Fedora_Documentation.xml
+++ b/public_html/es-ES/opds-Fedora_Documentation.xml
@@ -6,7 +6,7 @@
<id>http://docs.fedoraproject.org/es-ES/opds-Fedora_Documentation.xml</id>
<title>Fedora Documentation</title>
<subtitle>Fedora Documentation</subtitle>
- <updated>2014-07-14T17:17:10</updated>
+ <updated>2014-07-21T13:54:26</updated>
<!--author>
<name></name>
<uri></uri>
diff --git a/public_html/es-ES/opds-Fedora_Draft_Documentation.xml b/public_html/es-ES/opds-Fedora_Draft_Documentation.xml
index 3a48afe..3af3478 100644
--- a/public_html/es-ES/opds-Fedora_Draft_Documentation.xml
+++ b/public_html/es-ES/opds-Fedora_Draft_Documentation.xml
@@ -6,7 +6,7 @@
<id>http://docs.fedoraproject.org/es-ES/opds-Fedora_Draft_Documentation.xml</id>
<title>Fedora Draft Documentation</title>
<subtitle>Fedora Draft Documentation</subtitle>
- <updated>2014-07-14T17:17:10</updated>
+ <updated>2014-07-21T13:54:26</updated>
<!--author>
<name></name>
<uri></uri>
diff --git a/public_html/es-ES/opds-Fedora_Security_Team.xml b/public_html/es-ES/opds-Fedora_Security_Team.xml
index 12f7809..f822c39 100644
--- a/public_html/es-ES/opds-Fedora_Security_Team.xml
+++ b/public_html/es-ES/opds-Fedora_Security_Team.xml
@@ -6,13 +6,31 @@
<id>http://docs.fedoraproject.org/es-ES/opds-Fedora_Security_Team.xml</id>
<title>Fedora Security Team</title>
<subtitle>Fedora Security Team</subtitle>
- <updated>2014-07-14T17:17:10</updated>
+ <updated>2014-07-21T13:54:26</updated>
<!--author>
<name></name>
<uri></uri>
</author-->
<entry>
+ <title>Defensive Coding</title>
+ <id>http://docs.fedoraproject.org/en-US/Fedora_Security_Team/1/epub/Defensive_Coding/Fedora_Security_Team-1-Defensive_Coding-en-US.epub</id>
+ <!--author>
+ <name></name>
+ <uri></uri>
+ </author-->
+ <updated>2014-07-21</updated>
+ <dc:language>es-ES</dc:language>
+ <category label="1" scheme="http://lexcycle.com/stanza/header" term="free"/>
+ <!--dc:issued></dc:issued-->
+ <summary>A Guide to Improving Software Security</summary>
+ <content type="text">This document provides guidelines for improving software security through secure coding. It covers common programming languages and libraries, and focuses on concrete recommendations.</content>
+ <link type="application/epub+zip" rel="http://opds-spec.org/acquisition" href="http://docs.fedoraproject.org/en-US/Fedora_Security_Team/1/epub/Defensive_Coding/Fedora_Security_Team-1-Defensive_Coding-en-US.epub">
+ <dc:format>application/epub+zip</dc:format>
+ </link>
+ <!--link type="application/atom+xml;type=entry" href="" rel="alternate" title="Full entry"/-->
+ </entry>
+ <entry>
<title>Secure Ruby Development Guide</title>
<id>http://docs.fedoraproject.org/en-US/Fedora_Security_Team/1/epub/Secure_Ruby_Development_Guide/Fedora_Security_Team-1-Secure_Ruby_Development_Guide-en-US.epub</id>
<!--author>
@@ -21,7 +39,7 @@
</author-->
<updated>2014-07-14</updated>
<dc:language>es-ES</dc:language>
- <category label="1" scheme="http://lexcycle.com/stanza/header" term="free"/>
+ <category label="" scheme="http://lexcycle.com/stanza/header" term="free"/>
<!--dc:issued></dc:issued-->
<summary>Guide to secure software development in Ruby</summary>
<content type="text">This guide covers security aspects of software development in Ruby.</content>
diff --git a/public_html/es-ES/opds.xml b/public_html/es-ES/opds.xml
index f41de23..a8bff73 100644
--- a/public_html/es-ES/opds.xml
+++ b/public_html/es-ES/opds.xml
@@ -6,7 +6,7 @@
<link rel="http://opds-spec.org/crawlable" type="application/atom+xml" href="http://bookserver.archive.org/catalog/crawlable" title="Crawlable feed"/>
<id>http://docs.fedoraproject.org/es-ES/opds.xml</id>
<title>Product List</title>
- <updated>2014-07-14T17:17:10</updated>
+ <updated>2014-07-21T13:54:26</updated>
<!--author>
<name></name>
<uri></uri>
@@ -15,7 +15,7 @@
<entry>
<title>Community Services Infrastructure</title>
<id>http://docs.fedoraproject.org/es-ES/Community_Services_Infrastructure/opds-Community_Services_Infrastructure.xml</id>
- <updated>2014-07-14T17:17:10</updated>
+ <updated>2014-07-21T13:54:26</updated>
<dc:language>es-ES</dc:language>
<content type="text"></content>
<link type="application/atom+xml" href="opds-Community_Services_Infrastructure.xml"/>
@@ -23,7 +23,7 @@
<entry>
<title>Fedora</title>
<id>http://docs.fedoraproject.org/es-ES/Fedora/opds-Fedora.xml</id>
- <updated>2014-07-14T17:17:10</updated>
+ <updated>2014-07-21T13:54:26</updated>
<dc:language>es-ES</dc:language>
<content type="text"></content>
<link type="application/atom+xml" href="opds-Fedora.xml"/>
@@ -31,7 +31,7 @@
<entry>
<title>Fedora Documentación de Contribuyente</title>
<id>http://docs.fedoraproject.org/es-ES/Fedora_Contributor_Documentation/opds-Fedora_Contributor_Documentation.xml</id>
- <updated>2014-07-14T17:17:10</updated>
+ <updated>2014-07-21T13:54:26</updated>
<dc:language>es-ES</dc:language>
<content type="text"></content>
<link type="application/atom+xml" href="opds-Fedora_Contributor_Documentation.xml"/>
@@ -39,7 +39,7 @@
<entry>
<title>Fedora Core</title>
<id>http://docs.fedoraproject.org/es-ES/Fedora_Core/opds-Fedora_Core.xml</id>
- <updated>2014-07-14T17:17:10</updated>
+ <updated>2014-07-21T13:54:26</updated>
<dc:language>es-ES</dc:language>
<content type="text"></content>
<link type="application/atom+xml" href="opds-Fedora_Core.xml"/>
@@ -47,7 +47,7 @@
<entry>
<title>Fedora Documentation</title>
<id>http://docs.fedoraproject.org/es-ES/Fedora_Documentation/opds-Fedora_Documentation.xml</id>
- <updated>2014-07-14T17:17:10</updated>
+ <updated>2014-07-21T13:54:26</updated>
<dc:language>es-ES</dc:language>
<content type="text"></content>
<link type="application/atom+xml" href="opds-Fedora_Documentation.xml"/>
@@ -55,7 +55,7 @@
<entry>
<title>Fedora Draft Documentation</title>
<id>http://docs.fedoraproject.org/es-ES/Fedora_Draft_Documentation/opds-Fedora_Draft_Documentation.xml</id>
- <updated>2014-07-14T17:17:10</updated>
+ <updated>2014-07-21T13:54:26</updated>
<dc:language>es-ES</dc:language>
<content type="text"></content>
<link type="application/atom+xml" href="opds-Fedora_Draft_Documentation.xml"/>
@@ -63,7 +63,7 @@
<entry>
<title>Fedora Security Team</title>
<id>http://docs.fedoraproject.org/es-ES/Fedora_Security_Team/opds-Fedora_Security_Team.xml</id>
- <updated>2014-07-14T17:17:10</updated>
+ <updated>2014-07-21T13:54:26</updated>
<dc:language>es-ES</dc:language>
<content type="text"></content>
<link type="application/atom+xml" href="opds-Fedora_Security_Team.xml"/>
diff --git a/public_html/es-ES/toc.html b/public_html/es-ES/toc.html
index 933813b..7ded597 100644
--- a/public_html/es-ES/toc.html
+++ b/public_html/es-ES/toc.html
@@ -1964,12 +1964,19 @@
<div class="product collapsed" onclick="toggle(event, 'Fedora_Security_Team');work=1;">
<span class="product">Fedora Security Team</span>
<div id='Fedora_Security_Team' class="versions hidden">
- <div id='Fedora_Security_Team.1' class="version collapsed" onclick="toggle(event, 'Fedora_Security_Team.1.books');">
- <span class="version">1</span>
- <div id='Fedora_Security_Team.1.books' class="books hidden">
+ <div id='Fedora_Security_Team.1' class="version collapsed" onclick="toggle(event, 'Fedora_Security_Team.1.books');"> <div id='Fedora_Security_Team.1.books' class="books">
<div id='Fedora_Security_Team.1' class="version collapsed untranslated" onclick="toggle(event, 'Fedora_Security_Team.1.untrans_books');">
<span class="version">Aún sin traducir</span>
<div id='Fedora_Security_Team.1.untrans_books' class="books hidden">
+ <div id='Fedora_Security_Team.1.Defensive_Coding' class="book collapsed" onclick="toggle(event, 'Fedora_Security_Team.1.Defensive_Coding.types');">
+ <a class="type" href="../en-US/Fedora_Security_Team/1/html/Defensive_Coding/index.html" onclick="window.top.location='../en-US/Fedora_Security_Team/1/html/Defensive_Coding/index.html'"><span class="book">Defensive Coding</span></a>
+ <div id='Fedora_Security_Team.1.Defensive_Coding.types' class="types hidden" onclick="work=0;">
+ <a class="type" href="../en-US/./Fedora_Security_Team/1/epub/Defensive_Coding/Fedora_Security_Team-1-Defensive_Coding-en-US.epub" >epub</a>
+ <a class="type" href="../en-US/./Fedora_Security_Team/1/html/Defensive_Coding/index.html" onclick="window.top.location='../en-US/./Fedora_Security_Team/1/html/Defensive_Coding/index.html';return false;">html</a>
+ <a class="type" href="../en-US/./Fedora_Security_Team/1/html-single/Defensive_Coding/index.html" onclick="window.top.location='../en-US/./Fedora_Security_Team/1/html-single/Defensive_Coding/index.html';return false;">html-single</a>
+ <a class="type" href="../en-US/./Fedora_Security_Team/1/pdf/Defensive_Coding/Fedora_Security_Team-1-Defensive_Coding-en-US.pdf" onclick="window.top.location='../en-US/./Fedora_Security_Team/1/pdf/Defensive_Coding/Fedora_Security_Team-1-Defensive_Coding-en-US.pdf';return false;">pdf</a>
+ </div>
+ </div>
<div id='Fedora_Security_Team.1.Secure_Ruby_Development_Guide' class="book collapsed" onclick="toggle(event, 'Fedora_Security_Team.1.Secure_Ruby_Development_Guide.types');">
<a class="type" href="../en-US/Fedora_Security_Team/1/html/Secure_Ruby_Development_Guide/index.html" onclick="window.top.location='../en-US/Fedora_Security_Team/1/html/Secure_Ruby_Development_Guide/index.html'"><span class="book">Secure Ruby Development Guide</span></a>
<div id='Fedora_Security_Team.1.Secure_Ruby_Development_Guide.types' class="types hidden" onclick="work=0;">
diff --git a/public_html/fa-IR/Site_Statistics.html b/public_html/fa-IR/Site_Statistics.html
index 02caf19..bbbf9bd 100644
--- a/public_html/fa-IR/Site_Statistics.html
+++ b/public_html/fa-IR/Site_Statistics.html
@@ -28,7 +28,7 @@
<td>7</td>
<td>45</td>
<td>22</td>
- <td>166</td>
+ <td>167</td>
</tr>
<tr>
@@ -430,7 +430,7 @@
</table>
<div class="totals">
<b>Total Languages: </b>45<br />
- <b>Total Packages: </b>906
+ <b>Total Packages: </b>907
</div>
</body>
</html>
diff --git a/public_html/fa-IR/opds-Community_Services_Infrastructure.xml b/public_html/fa-IR/opds-Community_Services_Infrastructure.xml
index c321e93..68fad96 100644
--- a/public_html/fa-IR/opds-Community_Services_Infrastructure.xml
+++ b/public_html/fa-IR/opds-Community_Services_Infrastructure.xml
@@ -6,7 +6,7 @@
<id>http://docs.fedoraproject.org/fa-IR/opds-Community_Services_Infrastructure.xml</id>
<title>Community Services Infrastructure</title>
<subtitle>Community Services Infrastructure</subtitle>
- <updated>2014-07-14T17:17:10</updated>
+ <updated>2014-07-21T13:54:26</updated>
<!--author>
<name></name>
<uri></uri>
diff --git a/public_html/fa-IR/opds-Fedora.xml b/public_html/fa-IR/opds-Fedora.xml
index f93d010..880683d 100644
--- a/public_html/fa-IR/opds-Fedora.xml
+++ b/public_html/fa-IR/opds-Fedora.xml
@@ -6,7 +6,7 @@
<id>http://docs.fedoraproject.org/fa-IR/opds-Fedora.xml</id>
<title>Fedora</title>
<subtitle>Fedora</subtitle>
- <updated>2014-07-14T17:17:10</updated>
+ <updated>2014-07-21T13:54:26</updated>
<!--author>
<name></name>
<uri></uri>
diff --git a/public_html/fa-IR/opds-Fedora_Contributor_Documentation.xml b/public_html/fa-IR/opds-Fedora_Contributor_Documentation.xml
index 7b7637b..5904acd 100644
--- a/public_html/fa-IR/opds-Fedora_Contributor_Documentation.xml
+++ b/public_html/fa-IR/opds-Fedora_Contributor_Documentation.xml
@@ -6,7 +6,7 @@
<id>http://docs.fedoraproject.org/fa-IR/opds-Fedora_Contributor_Documentation.xml</id>
<title>مستندات مشارکت کننده فدورا</title>
<subtitle>مستندات مشارکت کننده فدورا</subtitle>
- <updated>2014-07-14T17:17:10</updated>
+ <updated>2014-07-21T13:54:26</updated>
<!--author>
<name></name>
<uri></uri>
diff --git a/public_html/fa-IR/opds-Fedora_Core.xml b/public_html/fa-IR/opds-Fedora_Core.xml
index 73dff7b..b5339cf 100644
--- a/public_html/fa-IR/opds-Fedora_Core.xml
+++ b/public_html/fa-IR/opds-Fedora_Core.xml
@@ -6,7 +6,7 @@
<id>http://docs.fedoraproject.org/fa-IR/opds-Fedora_Core.xml</id>
<title>Fedora Core</title>
<subtitle>Fedora Core</subtitle>
- <updated>2014-07-14T17:17:10</updated>
+ <updated>2014-07-21T13:54:26</updated>
<!--author>
<name></name>
<uri></uri>
diff --git a/public_html/fa-IR/opds-Fedora_Documentation.xml b/public_html/fa-IR/opds-Fedora_Documentation.xml
index 35e8f18..70d2a4b 100644
--- a/public_html/fa-IR/opds-Fedora_Documentation.xml
+++ b/public_html/fa-IR/opds-Fedora_Documentation.xml
@@ -6,7 +6,7 @@
<id>http://docs.fedoraproject.org/fa-IR/opds-Fedora_Documentation.xml</id>
<title>Fedora Documentation</title>
<subtitle>Fedora Documentation</subtitle>
- <updated>2014-07-14T17:17:10</updated>
+ <updated>2014-07-21T13:54:26</updated>
<!--author>
<name></name>
<uri></uri>
diff --git a/public_html/fa-IR/opds-Fedora_Draft_Documentation.xml b/public_html/fa-IR/opds-Fedora_Draft_Documentation.xml
index 2c995ac..6debc2f 100644
--- a/public_html/fa-IR/opds-Fedora_Draft_Documentation.xml
+++ b/public_html/fa-IR/opds-Fedora_Draft_Documentation.xml
@@ -6,7 +6,7 @@
<id>http://docs.fedoraproject.org/fa-IR/opds-Fedora_Draft_Documentation.xml</id>
<title>Fedora Draft Documentation</title>
<subtitle>Fedora Draft Documentation</subtitle>
- <updated>2014-07-14T17:17:10</updated>
+ <updated>2014-07-21T13:54:26</updated>
<!--author>
<name></name>
<uri></uri>
diff --git a/public_html/fa-IR/opds-Fedora_Security_Team.xml b/public_html/fa-IR/opds-Fedora_Security_Team.xml
index 43f1ee3..fcc3e62 100644
--- a/public_html/fa-IR/opds-Fedora_Security_Team.xml
+++ b/public_html/fa-IR/opds-Fedora_Security_Team.xml
@@ -6,13 +6,31 @@
<id>http://docs.fedoraproject.org/fa-IR/opds-Fedora_Security_Team.xml</id>
<title>Fedora Security Team</title>
<subtitle>Fedora Security Team</subtitle>
- <updated>2014-07-14T17:17:10</updated>
+ <updated>2014-07-21T13:54:26</updated>
<!--author>
<name></name>
<uri></uri>
</author-->
<entry>
+ <title>Defensive Coding</title>
+ <id>http://docs.fedoraproject.org/en-US/Fedora_Security_Team/1/epub/Defensive_Coding/Fedora_Security_Team-1-Defensive_Coding-en-US.epub</id>
+ <!--author>
+ <name></name>
+ <uri></uri>
+ </author-->
+ <updated>2014-07-21</updated>
+ <dc:language>fa-IR</dc:language>
+ <category label="1" scheme="http://lexcycle.com/stanza/header" term="free"/>
+ <!--dc:issued></dc:issued-->
+ <summary>A Guide to Improving Software Security</summary>
+ <content type="text">This document provides guidelines for improving software security through secure coding. It covers common programming languages and libraries, and focuses on concrete recommendations.</content>
+ <link type="application/epub+zip" rel="http://opds-spec.org/acquisition" href="http://docs.fedoraproject.org/en-US/Fedora_Security_Team/1/epub/Defensive_Coding/Fedora_Security_Team-1-Defensive_Coding-en-US.epub">
+ <dc:format>application/epub+zip</dc:format>
+ </link>
+ <!--link type="application/atom+xml;type=entry" href="" rel="alternate" title="Full entry"/-->
+ </entry>
+ <entry>
<title>Secure Ruby Development Guide</title>
<id>http://docs.fedoraproject.org/en-US/Fedora_Security_Team/1/epub/Secure_Ruby_Development_Guide/Fedora_Security_Team-1-Secure_Ruby_Development_Guide-en-US.epub</id>
<!--author>
@@ -21,7 +39,7 @@
</author-->
<updated>2014-07-14</updated>
<dc:language>fa-IR</dc:language>
- <category label="1" scheme="http://lexcycle.com/stanza/header" term="free"/>
+ <category label="" scheme="http://lexcycle.com/stanza/header" term="free"/>
<!--dc:issued></dc:issued-->
<summary>Guide to secure software development in Ruby</summary>
<content type="text">This guide covers security aspects of software development in Ruby.</content>
diff --git a/public_html/fa-IR/opds.xml b/public_html/fa-IR/opds.xml
index df258a9..9f73c03 100644
--- a/public_html/fa-IR/opds.xml
+++ b/public_html/fa-IR/opds.xml
@@ -6,7 +6,7 @@
<link rel="http://opds-spec.org/crawlable" type="application/atom+xml" href="http://bookserver.archive.org/catalog/crawlable" title="Crawlable feed"/>
<id>http://docs.fedoraproject.org/fa-IR/opds.xml</id>
<title>Product List</title>
- <updated>2014-07-14T17:17:10</updated>
+ <updated>2014-07-21T13:54:26</updated>
<!--author>
<name></name>
<uri></uri>
@@ -15,7 +15,7 @@
<entry>
<title>Community Services Infrastructure</title>
<id>http://docs.fedoraproject.org/fa-IR/Community_Services_Infrastructure/opds-Community_Services_Infrastructure.xml</id>
- <updated>2014-07-14T17:17:10</updated>
+ <updated>2014-07-21T13:54:26</updated>
<dc:language>fa-IR</dc:language>
<content type="text"></content>
<link type="application/atom+xml" href="opds-Community_Services_Infrastructure.xml"/>
@@ -23,7 +23,7 @@
<entry>
<title>Fedora</title>
<id>http://docs.fedoraproject.org/fa-IR/Fedora/opds-Fedora.xml</id>
- <updated>2014-07-14T17:17:10</updated>
+ <updated>2014-07-21T13:54:26</updated>
<dc:language>fa-IR</dc:language>
<content type="text"></content>
<link type="application/atom+xml" href="opds-Fedora.xml"/>
@@ -31,7 +31,7 @@
<entry>
<title>مستندات مشارکت کننده فدورا</title>
<id>http://docs.fedoraproject.org/fa-IR/Fedora_Contributor_Documentation/opds-Fedora_Contributor_Documentation.xml</id>
- <updated>2014-07-14T17:17:10</updated>
+ <updated>2014-07-21T13:54:26</updated>
<dc:language>fa-IR</dc:language>
<content type="text"></content>
<link type="application/atom+xml" href="opds-Fedora_Contributor_Documentation.xml"/>
@@ -39,7 +39,7 @@
<entry>
<title>Fedora Core</title>
<id>http://docs.fedoraproject.org/fa-IR/Fedora_Core/opds-Fedora_Core.xml</id>
- <updated>2014-07-14T17:17:10</updated>
+ <updated>2014-07-21T13:54:26</updated>
<dc:language>fa-IR</dc:language>
<content type="text"></content>
<link type="application/atom+xml" href="opds-Fedora_Core.xml"/>
@@ -47,7 +47,7 @@
<entry>
<title>Fedora Documentation</title>
<id>http://docs.fedoraproject.org/fa-IR/Fedora_Documentation/opds-Fedora_Documentation.xml</id>
- <updated>2014-07-14T17:17:10</updated>
+ <updated>2014-07-21T13:54:26</updated>
<dc:language>fa-IR</dc:language>
<content type="text"></content>
<link type="application/atom+xml" href="opds-Fedora_Documentation.xml"/>
@@ -55,7 +55,7 @@
<entry>
<title>Fedora Draft Documentation</title>
<id>http://docs.fedoraproject.org/fa-IR/Fedora_Draft_Documentation/opds-Fedora_Draft_Documentation.xml</id>
- <updated>2014-07-14T17:17:10</updated>
+ <updated>2014-07-21T13:54:26</updated>
<dc:language>fa-IR</dc:language>
<content type="text"></content>
<link type="application/atom+xml" href="opds-Fedora_Draft_Documentation.xml"/>
@@ -63,7 +63,7 @@
<entry>
<title>Fedora Security Team</title>
<id>http://docs.fedoraproject.org/fa-IR/Fedora_Security_Team/opds-Fedora_Security_Team.xml</id>
- <updated>2014-07-14T17:17:10</updated>
+ <updated>2014-07-21T13:54:26</updated>
<dc:language>fa-IR</dc:language>
<content type="text"></content>
<link type="application/atom+xml" href="opds-Fedora_Security_Team.xml"/>
diff --git a/public_html/fa-IR/toc.html b/public_html/fa-IR/toc.html
index 78d30de..3e66bd4 100644
--- a/public_html/fa-IR/toc.html
+++ b/public_html/fa-IR/toc.html
@@ -1798,12 +1798,19 @@
<div class="product collapsed" onclick="toggle(event, 'Fedora_Security_Team');work=1;">
<span class="product">Fedora Security Team</span>
<div id='Fedora_Security_Team' class="versions hidden">
- <div id='Fedora_Security_Team.1' class="version collapsed" onclick="toggle(event, 'Fedora_Security_Team.1.books');">
- <span class="version">1</span>
- <div id='Fedora_Security_Team.1.books' class="books hidden">
+ <div id='Fedora_Security_Team.1' class="version collapsed" onclick="toggle(event, 'Fedora_Security_Team.1.books');"> <div id='Fedora_Security_Team.1.books' class="books">
<div id='Fedora_Security_Team.1' class="version collapsed untranslated" onclick="toggle(event, 'Fedora_Security_Team.1.untrans_books');">
<span class="version">Untranslated</span>
<div id='Fedora_Security_Team.1.untrans_books' class="books hidden">
+ <div id='Fedora_Security_Team.1.Defensive_Coding' class="book collapsed" onclick="toggle(event, 'Fedora_Security_Team.1.Defensive_Coding.types');">
+ <a class="type" href="../en-US/Fedora_Security_Team/1/html/Defensive_Coding/index.html" onclick="window.top.location='../en-US/Fedora_Security_Team/1/html/Defensive_Coding/index.html'"><span class="book">Defensive Coding</span></a>
+ <div id='Fedora_Security_Team.1.Defensive_Coding.types' class="types hidden" onclick="work=0;">
+ <a class="type" href="../en-US/./Fedora_Security_Team/1/epub/Defensive_Coding/Fedora_Security_Team-1-Defensive_Coding-en-US.epub" >epub</a>
+ <a class="type" href="../en-US/./Fedora_Security_Team/1/html/Defensive_Coding/index.html" onclick="window.top.location='../en-US/./Fedora_Security_Team/1/html/Defensive_Coding/index.html';return false;">html</a>
+ <a class="type" href="../en-US/./Fedora_Security_Team/1/html-single/Defensive_Coding/index.html" onclick="window.top.location='../en-US/./Fedora_Security_Team/1/html-single/Defensive_Coding/index.html';return false;">html-single</a>
+ <a class="type" href="../en-US/./Fedora_Security_Team/1/pdf/Defensive_Coding/Fedora_Security_Team-1-Defensive_Coding-en-US.pdf" onclick="window.top.location='../en-US/./Fedora_Security_Team/1/pdf/Defensive_Coding/Fedora_Security_Team-1-Defensive_Coding-en-US.pdf';return false;">pdf</a>
+ </div>
+ </div>
<div id='Fedora_Security_Team.1.Secure_Ruby_Development_Guide' class="book collapsed" onclick="toggle(event, 'Fedora_Security_Team.1.Secure_Ruby_Development_Guide.types');">
<a class="type" href="../en-US/Fedora_Security_Team/1/html/Secure_Ruby_Development_Guide/index.html" onclick="window.top.location='../en-US/Fedora_Security_Team/1/html/Secure_Ruby_Development_Guide/index.html'"><span class="book">Secure Ruby Development Guide</span></a>
<div id='Fedora_Security_Team.1.Secure_Ruby_Development_Guide.types' class="types hidden" onclick="work=0;">
diff --git a/public_html/fi-FI/Site_Statistics.html b/public_html/fi-FI/Site_Statistics.html
index 02caf19..bbbf9bd 100644
--- a/public_html/fi-FI/Site_Statistics.html
+++ b/public_html/fi-FI/Site_Statistics.html
@@ -28,7 +28,7 @@
<td>7</td>
<td>45</td>
<td>22</td>
- <td>166</td>
+ <td>167</td>
</tr>
<tr>
@@ -430,7 +430,7 @@
</table>
<div class="totals">
<b>Total Languages: </b>45<br />
- <b>Total Packages: </b>906
+ <b>Total Packages: </b>907
</div>
</body>
</html>
diff --git a/public_html/fi-FI/opds-Community_Services_Infrastructure.xml b/public_html/fi-FI/opds-Community_Services_Infrastructure.xml
index 286216b..9c89cbf 100644
--- a/public_html/fi-FI/opds-Community_Services_Infrastructure.xml
+++ b/public_html/fi-FI/opds-Community_Services_Infrastructure.xml
@@ -6,7 +6,7 @@
<id>http://docs.fedoraproject.org/fi-FI/opds-Community_Services_Infrastructure.xml</id>
<title>Community Services Infrastructure</title>
<subtitle>Community Services Infrastructure</subtitle>
- <updated>2014-07-14T17:17:10</updated>
+ <updated>2014-07-21T13:54:26</updated>
<!--author>
<name></name>
<uri></uri>
diff --git a/public_html/fi-FI/opds-Fedora.xml b/public_html/fi-FI/opds-Fedora.xml
index 7af5bcd..2c30982 100644
--- a/public_html/fi-FI/opds-Fedora.xml
+++ b/public_html/fi-FI/opds-Fedora.xml
@@ -6,7 +6,7 @@
<id>http://docs.fedoraproject.org/fi-FI/opds-Fedora.xml</id>
<title>Fedora</title>
<subtitle>Fedora</subtitle>
- <updated>2014-07-14T17:17:10</updated>
+ <updated>2014-07-21T13:54:26</updated>
<!--author>
<name></name>
<uri></uri>
diff --git a/public_html/fi-FI/opds-Fedora_Contributor_Documentation.xml b/public_html/fi-FI/opds-Fedora_Contributor_Documentation.xml
index 45faa2c..8587dba 100644
--- a/public_html/fi-FI/opds-Fedora_Contributor_Documentation.xml
+++ b/public_html/fi-FI/opds-Fedora_Contributor_Documentation.xml
@@ -6,7 +6,7 @@
<id>http://docs.fedoraproject.org/fi-FI/opds-Fedora_Contributor_Documentation.xml</id>
<title>Fedora Contributor Documentation</title>
<subtitle>Fedora Contributor Documentation</subtitle>
- <updated>2014-07-14T17:17:10</updated>
+ <updated>2014-07-21T13:54:26</updated>
<!--author>
<name></name>
<uri></uri>
diff --git a/public_html/fi-FI/opds-Fedora_Core.xml b/public_html/fi-FI/opds-Fedora_Core.xml
index bd7385f..f523f16 100644
--- a/public_html/fi-FI/opds-Fedora_Core.xml
+++ b/public_html/fi-FI/opds-Fedora_Core.xml
@@ -6,7 +6,7 @@
<id>http://docs.fedoraproject.org/fi-FI/opds-Fedora_Core.xml</id>
<title>Fedora Core</title>
<subtitle>Fedora Core</subtitle>
- <updated>2014-07-14T17:17:10</updated>
+ <updated>2014-07-21T13:54:26</updated>
<!--author>
<name></name>
<uri></uri>
diff --git a/public_html/fi-FI/opds-Fedora_Documentation.xml b/public_html/fi-FI/opds-Fedora_Documentation.xml
index b2f59b3..e4ac5a9 100644
--- a/public_html/fi-FI/opds-Fedora_Documentation.xml
+++ b/public_html/fi-FI/opds-Fedora_Documentation.xml
@@ -6,7 +6,7 @@
<id>http://docs.fedoraproject.org/fi-FI/opds-Fedora_Documentation.xml</id>
<title>Fedora Documentation</title>
<subtitle>Fedora Documentation</subtitle>
- <updated>2014-07-14T17:17:10</updated>
+ <updated>2014-07-21T13:54:26</updated>
<!--author>
<name></name>
<uri></uri>
diff --git a/public_html/fi-FI/opds-Fedora_Draft_Documentation.xml b/public_html/fi-FI/opds-Fedora_Draft_Documentation.xml
index abf1ecf..f9d42be 100644
--- a/public_html/fi-FI/opds-Fedora_Draft_Documentation.xml
+++ b/public_html/fi-FI/opds-Fedora_Draft_Documentation.xml
@@ -6,7 +6,7 @@
<id>http://docs.fedoraproject.org/fi-FI/opds-Fedora_Draft_Documentation.xml</id>
<title>Fedora Draft Documentation</title>
<subtitle>Fedora Draft Documentation</subtitle>
- <updated>2014-07-14T17:17:10</updated>
+ <updated>2014-07-21T13:54:26</updated>
<!--author>
<name></name>
<uri></uri>
diff --git a/public_html/fi-FI/opds-Fedora_Security_Team.xml b/public_html/fi-FI/opds-Fedora_Security_Team.xml
index d6cf2f5..8040eb4 100644
--- a/public_html/fi-FI/opds-Fedora_Security_Team.xml
+++ b/public_html/fi-FI/opds-Fedora_Security_Team.xml
@@ -6,13 +6,31 @@
<id>http://docs.fedoraproject.org/fi-FI/opds-Fedora_Security_Team.xml</id>
<title>Fedora Security Team</title>
<subtitle>Fedora Security Team</subtitle>
- <updated>2014-07-14T17:17:10</updated>
+ <updated>2014-07-21T13:54:26</updated>
<!--author>
<name></name>
<uri></uri>
</author-->
<entry>
+ <title>Defensive Coding</title>
+ <id>http://docs.fedoraproject.org/en-US/Fedora_Security_Team/1/epub/Defensive_Coding/Fedora_Security_Team-1-Defensive_Coding-en-US.epub</id>
+ <!--author>
+ <name></name>
+ <uri></uri>
+ </author-->
+ <updated>2014-07-21</updated>
+ <dc:language>fi-FI</dc:language>
+ <category label="1" scheme="http://lexcycle.com/stanza/header" term="free"/>
+ <!--dc:issued></dc:issued-->
+ <summary>A Guide to Improving Software Security</summary>
+ <content type="text">This document provides guidelines for improving software security through secure coding. It covers common programming languages and libraries, and focuses on concrete recommendations.</content>
+ <link type="application/epub+zip" rel="http://opds-spec.org/acquisition" href="http://docs.fedoraproject.org/en-US/Fedora_Security_Team/1/epub/Defensive_Coding/Fedora_Security_Team-1-Defensive_Coding-en-US.epub">
+ <dc:format>application/epub+zip</dc:format>
+ </link>
+ <!--link type="application/atom+xml;type=entry" href="" rel="alternate" title="Full entry"/-->
+ </entry>
+ <entry>
<title>Secure Ruby Development Guide</title>
<id>http://docs.fedoraproject.org/en-US/Fedora_Security_Team/1/epub/Secure_Ruby_Development_Guide/Fedora_Security_Team-1-Secure_Ruby_Development_Guide-en-US.epub</id>
<!--author>
@@ -21,7 +39,7 @@
</author-->
<updated>2014-07-14</updated>
<dc:language>fi-FI</dc:language>
- <category label="1" scheme="http://lexcycle.com/stanza/header" term="free"/>
+ <category label="" scheme="http://lexcycle.com/stanza/header" term="free"/>
<!--dc:issued></dc:issued-->
<summary>Guide to secure software development in Ruby</summary>
<content type="text">This guide covers security aspects of software development in Ruby.</content>
diff --git a/public_html/fi-FI/opds.xml b/public_html/fi-FI/opds.xml
index 67ad40e..7257374 100644
--- a/public_html/fi-FI/opds.xml
+++ b/public_html/fi-FI/opds.xml
@@ -6,7 +6,7 @@
<link rel="http://opds-spec.org/crawlable" type="application/atom+xml" href="http://bookserver.archive.org/catalog/crawlable" title="Crawlable feed"/>
<id>http://docs.fedoraproject.org/fi-FI/opds.xml</id>
<title>Product List</title>
- <updated>2014-07-14T17:17:10</updated>
+ <updated>2014-07-21T13:54:26</updated>
<!--author>
<name></name>
<uri></uri>
@@ -15,7 +15,7 @@
<entry>
<title>Community Services Infrastructure</title>
<id>http://docs.fedoraproject.org/fi-FI/Community_Services_Infrastructure/opds-Community_Services_Infrastructure.xml</id>
- <updated>2014-07-14T17:17:10</updated>
+ <updated>2014-07-21T13:54:26</updated>
<dc:language>fi-FI</dc:language>
<content type="text"></content>
<link type="application/atom+xml" href="opds-Community_Services_Infrastructure.xml"/>
@@ -23,7 +23,7 @@
<entry>
<title>Fedora</title>
<id>http://docs.fedoraproject.org/fi-FI/Fedora/opds-Fedora.xml</id>
- <updated>2014-07-14T17:17:10</updated>
+ <updated>2014-07-21T13:54:26</updated>
<dc:language>fi-FI</dc:language>
<content type="text"></content>
<link type="application/atom+xml" href="opds-Fedora.xml"/>
@@ -31,7 +31,7 @@
<entry>
<title>Fedora Contributor Documentation</title>
<id>http://docs.fedoraproject.org/fi-FI/Fedora_Contributor_Documentation/opds-Fedora_Contributor_Documentation.xml</id>
- <updated>2014-07-14T17:17:10</updated>
+ <updated>2014-07-21T13:54:26</updated>
<dc:language>fi-FI</dc:language>
<content type="text"></content>
<link type="application/atom+xml" href="opds-Fedora_Contributor_Documentation.xml"/>
@@ -39,7 +39,7 @@
<entry>
<title>Fedora Core</title>
<id>http://docs.fedoraproject.org/fi-FI/Fedora_Core/opds-Fedora_Core.xml</id>
- <updated>2014-07-14T17:17:10</updated>
+ <updated>2014-07-21T13:54:26</updated>
<dc:language>fi-FI</dc:language>
<content type="text"></content>
<link type="application/atom+xml" href="opds-Fedora_Core.xml"/>
@@ -47,7 +47,7 @@
<entry>
<title>Fedora Documentation</title>
<id>http://docs.fedoraproject.org/fi-FI/Fedora_Documentation/opds-Fedora_Documentation.xml</id>
- <updated>2014-07-14T17:17:10</updated>
+ <updated>2014-07-21T13:54:26</updated>
<dc:language>fi-FI</dc:language>
<content type="text"></content>
<link type="application/atom+xml" href="opds-Fedora_Documentation.xml"/>
@@ -55,7 +55,7 @@
<entry>
<title>Fedora Draft Documentation</title>
<id>http://docs.fedoraproject.org/fi-FI/Fedora_Draft_Documentation/opds-Fedora_Draft_Documentation.xml</id>
- <updated>2014-07-14T17:17:10</updated>
+ <updated>2014-07-21T13:54:26</updated>
<dc:language>fi-FI</dc:language>
<content type="text"></content>
<link type="application/atom+xml" href="opds-Fedora_Draft_Documentation.xml"/>
@@ -63,7 +63,7 @@
<entry>
<title>Fedora Security Team</title>
<id>http://docs.fedoraproject.org/fi-FI/Fedora_Security_Team/opds-Fedora_Security_Team.xml</id>
- <updated>2014-07-14T17:17:10</updated>
+ <updated>2014-07-21T13:54:26</updated>
<dc:language>fi-FI</dc:language>
<content type="text"></content>
<link type="application/atom+xml" href="opds-Fedora_Security_Team.xml"/>
diff --git a/public_html/fi-FI/toc.html b/public_html/fi-FI/toc.html
index 86ae08e..df68c38 100644
--- a/public_html/fi-FI/toc.html
+++ b/public_html/fi-FI/toc.html
@@ -1800,12 +1800,19 @@
<div class="product collapsed" onclick="toggle(event, 'Fedora_Security_Team');work=1;">
<span class="product">Fedora Security Team</span>
<div id='Fedora_Security_Team' class="versions hidden">
- <div id='Fedora_Security_Team.1' class="version collapsed" onclick="toggle(event, 'Fedora_Security_Team.1.books');">
- <span class="version">1</span>
- <div id='Fedora_Security_Team.1.books' class="books hidden">
+ <div id='Fedora_Security_Team.1' class="version collapsed" onclick="toggle(event, 'Fedora_Security_Team.1.books');"> <div id='Fedora_Security_Team.1.books' class="books">
<div id='Fedora_Security_Team.1' class="version collapsed untranslated" onclick="toggle(event, 'Fedora_Security_Team.1.untrans_books');">
<span class="version">Untranslated</span>
<div id='Fedora_Security_Team.1.untrans_books' class="books hidden">
+ <div id='Fedora_Security_Team.1.Defensive_Coding' class="book collapsed" onclick="toggle(event, 'Fedora_Security_Team.1.Defensive_Coding.types');">
+ <a class="type" href="../en-US/Fedora_Security_Team/1/html/Defensive_Coding/index.html" onclick="window.top.location='../en-US/Fedora_Security_Team/1/html/Defensive_Coding/index.html'"><span class="book">Defensive Coding</span></a>
+ <div id='Fedora_Security_Team.1.Defensive_Coding.types' class="types hidden" onclick="work=0;">
+ <a class="type" href="../en-US/./Fedora_Security_Team/1/epub/Defensive_Coding/Fedora_Security_Team-1-Defensive_Coding-en-US.epub" >epub</a>
+ <a class="type" href="../en-US/./Fedora_Security_Team/1/html/Defensive_Coding/index.html" onclick="window.top.location='../en-US/./Fedora_Security_Team/1/html/Defensive_Coding/index.html';return false;">html</a>
+ <a class="type" href="../en-US/./Fedora_Security_Team/1/html-single/Defensive_Coding/index.html" onclick="window.top.location='../en-US/./Fedora_Security_Team/1/html-single/Defensive_Coding/index.html';return false;">html-single</a>
+ <a class="type" href="../en-US/./Fedora_Security_Team/1/pdf/Defensive_Coding/Fedora_Security_Team-1-Defensive_Coding-en-US.pdf" onclick="window.top.location='../en-US/./Fedora_Security_Team/1/pdf/Defensive_Coding/Fedora_Security_Team-1-Defensive_Coding-en-US.pdf';return false;">pdf</a>
+ </div>
+ </div>
<div id='Fedora_Security_Team.1.Secure_Ruby_Development_Guide' class="book collapsed" onclick="toggle(event, 'Fedora_Security_Team.1.Secure_Ruby_Development_Guide.types');">
<a class="type" href="../en-US/Fedora_Security_Team/1/html/Secure_Ruby_Development_Guide/index.html" onclick="window.top.location='../en-US/Fedora_Security_Team/1/html/Secure_Ruby_Development_Guide/index.html'"><span class="book">Secure Ruby Development Guide</span></a>
<div id='Fedora_Security_Team.1.Secure_Ruby_Development_Guide.types' class="types hidden" onclick="work=0;">
diff --git a/public_html/fr-FR/Site_Statistics.html b/public_html/fr-FR/Site_Statistics.html
index 02caf19..bbbf9bd 100644
--- a/public_html/fr-FR/Site_Statistics.html
+++ b/public_html/fr-FR/Site_Statistics.html
@@ -28,7 +28,7 @@
<td>7</td>
<td>45</td>
<td>22</td>
- <td>166</td>
+ <td>167</td>
</tr>
<tr>
@@ -430,7 +430,7 @@
</table>
<div class="totals">
<b>Total Languages: </b>45<br />
- <b>Total Packages: </b>906
+ <b>Total Packages: </b>907
</div>
</body>
</html>
diff --git a/public_html/fr-FR/opds-Community_Services_Infrastructure.xml b/public_html/fr-FR/opds-Community_Services_Infrastructure.xml
index af9efcf..3a41c68 100644
--- a/public_html/fr-FR/opds-Community_Services_Infrastructure.xml
+++ b/public_html/fr-FR/opds-Community_Services_Infrastructure.xml
@@ -6,7 +6,7 @@
<id>http://docs.fedoraproject.org/fr-FR/opds-Community_Services_Infrastructure.xml</id>
<title>Community Services Infrastructure</title>
<subtitle>Community Services Infrastructure</subtitle>
- <updated>2014-07-14T17:17:10</updated>
+ <updated>2014-07-21T13:54:27</updated>
<!--author>
<name></name>
<uri></uri>
diff --git a/public_html/fr-FR/opds-Fedora.xml b/public_html/fr-FR/opds-Fedora.xml
index 8d3ca3e..dae3ea9 100644
--- a/public_html/fr-FR/opds-Fedora.xml
+++ b/public_html/fr-FR/opds-Fedora.xml
@@ -6,7 +6,7 @@
<id>http://docs.fedoraproject.org/fr-FR/opds-Fedora.xml</id>
<title>Fedora</title>
<subtitle>Fedora</subtitle>
- <updated>2014-07-14T17:17:10</updated>
+ <updated>2014-07-21T13:54:27</updated>
<!--author>
<name></name>
<uri></uri>
diff --git a/public_html/fr-FR/opds-Fedora_Contributor_Documentation.xml b/public_html/fr-FR/opds-Fedora_Contributor_Documentation.xml
index 91c3b69..d9587a4 100644
--- a/public_html/fr-FR/opds-Fedora_Contributor_Documentation.xml
+++ b/public_html/fr-FR/opds-Fedora_Contributor_Documentation.xml
@@ -6,7 +6,7 @@
<id>http://docs.fedoraproject.org/fr-FR/opds-Fedora_Contributor_Documentation.xml</id>
<title>Fedora Contributor Documentation</title>
<subtitle>Fedora Contributor Documentation</subtitle>
- <updated>2014-07-14T17:17:10</updated>
+ <updated>2014-07-21T13:54:27</updated>
<!--author>
<name></name>
<uri></uri>
diff --git a/public_html/fr-FR/opds-Fedora_Core.xml b/public_html/fr-FR/opds-Fedora_Core.xml
index cd0aa7a..a3a3a04 100644
--- a/public_html/fr-FR/opds-Fedora_Core.xml
+++ b/public_html/fr-FR/opds-Fedora_Core.xml
@@ -6,7 +6,7 @@
<id>http://docs.fedoraproject.org/fr-FR/opds-Fedora_Core.xml</id>
<title>Fedora Core</title>
<subtitle>Fedora Core</subtitle>
- <updated>2014-07-14T17:17:10</updated>
+ <updated>2014-07-21T13:54:27</updated>
<!--author>
<name></name>
<uri></uri>
diff --git a/public_html/fr-FR/opds-Fedora_Documentation.xml b/public_html/fr-FR/opds-Fedora_Documentation.xml
index 713ac79..b206c0e 100644
--- a/public_html/fr-FR/opds-Fedora_Documentation.xml
+++ b/public_html/fr-FR/opds-Fedora_Documentation.xml
@@ -6,7 +6,7 @@
<id>http://docs.fedoraproject.org/fr-FR/opds-Fedora_Documentation.xml</id>
<title>Fedora Documentation</title>
<subtitle>Fedora Documentation</subtitle>
- <updated>2014-07-14T17:17:10</updated>
+ <updated>2014-07-21T13:54:27</updated>
<!--author>
<name></name>
<uri></uri>
diff --git a/public_html/fr-FR/opds-Fedora_Draft_Documentation.xml b/public_html/fr-FR/opds-Fedora_Draft_Documentation.xml
index 128c665..0dd519b 100644
--- a/public_html/fr-FR/opds-Fedora_Draft_Documentation.xml
+++ b/public_html/fr-FR/opds-Fedora_Draft_Documentation.xml
@@ -6,7 +6,7 @@
<id>http://docs.fedoraproject.org/fr-FR/opds-Fedora_Draft_Documentation.xml</id>
<title>Fedora Draft Documentation</title>
<subtitle>Fedora Draft Documentation</subtitle>
- <updated>2014-07-14T17:17:10</updated>
+ <updated>2014-07-21T13:54:27</updated>
<!--author>
<name></name>
<uri></uri>
diff --git a/public_html/fr-FR/opds-Fedora_Security_Team.xml b/public_html/fr-FR/opds-Fedora_Security_Team.xml
index 42a78a3..cfa0892 100644
--- a/public_html/fr-FR/opds-Fedora_Security_Team.xml
+++ b/public_html/fr-FR/opds-Fedora_Security_Team.xml
@@ -6,13 +6,31 @@
<id>http://docs.fedoraproject.org/fr-FR/opds-Fedora_Security_Team.xml</id>
<title>Fedora Security Team</title>
<subtitle>Fedora Security Team</subtitle>
- <updated>2014-07-14T17:17:10</updated>
+ <updated>2014-07-21T13:54:27</updated>
<!--author>
<name></name>
<uri></uri>
</author-->
<entry>
+ <title>Defensive Coding</title>
+ <id>http://docs.fedoraproject.org/en-US/Fedora_Security_Team/1/epub/Defensive_Coding/Fedora_Security_Team-1-Defensive_Coding-en-US.epub</id>
+ <!--author>
+ <name></name>
+ <uri></uri>
+ </author-->
+ <updated>2014-07-21</updated>
+ <dc:language>fr-FR</dc:language>
+ <category label="1" scheme="http://lexcycle.com/stanza/header" term="free"/>
+ <!--dc:issued></dc:issued-->
+ <summary>A Guide to Improving Software Security</summary>
+ <content type="text">This document provides guidelines for improving software security through secure coding. It covers common programming languages and libraries, and focuses on concrete recommendations.</content>
+ <link type="application/epub+zip" rel="http://opds-spec.org/acquisition" href="http://docs.fedoraproject.org/en-US/Fedora_Security_Team/1/epub/Defensive_Coding/Fedora_Security_Team-1-Defensive_Coding-en-US.epub">
+ <dc:format>application/epub+zip</dc:format>
+ </link>
+ <!--link type="application/atom+xml;type=entry" href="" rel="alternate" title="Full entry"/-->
+ </entry>
+ <entry>
<title>Secure Ruby Development Guide</title>
<id>http://docs.fedoraproject.org/en-US/Fedora_Security_Team/1/epub/Secure_Ruby_Development_Guide/Fedora_Security_Team-1-Secure_Ruby_Development_Guide-en-US.epub</id>
<!--author>
@@ -21,7 +39,7 @@
</author-->
<updated>2014-07-14</updated>
<dc:language>fr-FR</dc:language>
- <category label="1" scheme="http://lexcycle.com/stanza/header" term="free"/>
+ <category label="" scheme="http://lexcycle.com/stanza/header" term="free"/>
<!--dc:issued></dc:issued-->
<summary>Guide to secure software development in Ruby</summary>
<content type="text">This guide covers security aspects of software development in Ruby.</content>
diff --git a/public_html/fr-FR/opds.xml b/public_html/fr-FR/opds.xml
index ccf8bfa..46f5cfa 100644
--- a/public_html/fr-FR/opds.xml
+++ b/public_html/fr-FR/opds.xml
@@ -6,7 +6,7 @@
<link rel="http://opds-spec.org/crawlable" type="application/atom+xml" href="http://bookserver.archive.org/catalog/crawlable" title="Crawlable feed"/>
<id>http://docs.fedoraproject.org/fr-FR/opds.xml</id>
<title>Product List</title>
- <updated>2014-07-14T17:17:10</updated>
+ <updated>2014-07-21T13:54:27</updated>
<!--author>
<name></name>
<uri></uri>
@@ -15,7 +15,7 @@
<entry>
<title>Community Services Infrastructure</title>
<id>http://docs.fedoraproject.org/fr-FR/Community_Services_Infrastructure/opds-Community_Services_Infrastructure.xml</id>
- <updated>2014-07-14T17:17:10</updated>
+ <updated>2014-07-21T13:54:27</updated>
<dc:language>fr-FR</dc:language>
<content type="text"></content>
<link type="application/atom+xml" href="opds-Community_Services_Infrastructure.xml"/>
@@ -23,7 +23,7 @@
<entry>
<title>Fedora</title>
<id>http://docs.fedoraproject.org/fr-FR/Fedora/opds-Fedora.xml</id>
- <updated>2014-07-14T17:17:10</updated>
+ <updated>2014-07-21T13:54:27</updated>
<dc:language>fr-FR</dc:language>
<content type="text"></content>
<link type="application/atom+xml" href="opds-Fedora.xml"/>
@@ -31,7 +31,7 @@
<entry>
<title>Fedora Contributor Documentation</title>
<id>http://docs.fedoraproject.org/fr-FR/Fedora_Contributor_Documentation/opds-Fedora_Contributor_Documentation.xml</id>
- <updated>2014-07-14T17:17:10</updated>
+ <updated>2014-07-21T13:54:27</updated>
<dc:language>fr-FR</dc:language>
<content type="text"></content>
<link type="application/atom+xml" href="opds-Fedora_Contributor_Documentation.xml"/>
@@ -39,7 +39,7 @@
<entry>
<title>Fedora Core</title>
<id>http://docs.fedoraproject.org/fr-FR/Fedora_Core/opds-Fedora_Core.xml</id>
- <updated>2014-07-14T17:17:10</updated>
+ <updated>2014-07-21T13:54:27</updated>
<dc:language>fr-FR</dc:language>
<content type="text"></content>
<link type="application/atom+xml" href="opds-Fedora_Core.xml"/>
@@ -47,7 +47,7 @@
<entry>
<title>Fedora Documentation</title>
<id>http://docs.fedoraproject.org/fr-FR/Fedora_Documentation/opds-Fedora_Documentation.xml</id>
- <updated>2014-07-14T17:17:10</updated>
+ <updated>2014-07-21T13:54:27</updated>
<dc:language>fr-FR</dc:language>
<content type="text"></content>
<link type="application/atom+xml" href="opds-Fedora_Documentation.xml"/>
@@ -55,7 +55,7 @@
<entry>
<title>Fedora Draft Documentation</title>
<id>http://docs.fedoraproject.org/fr-FR/Fedora_Draft_Documentation/opds-Fedora_Draft_Documentation.xml</id>
- <updated>2014-07-14T17:17:10</updated>
+ <updated>2014-07-21T13:54:27</updated>
<dc:language>fr-FR</dc:language>
<content type="text"></content>
<link type="application/atom+xml" href="opds-Fedora_Draft_Documentation.xml"/>
@@ -63,7 +63,7 @@
<entry>
<title>Fedora Security Team</title>
<id>http://docs.fedoraproject.org/fr-FR/Fedora_Security_Team/opds-Fedora_Security_Team.xml</id>
- <updated>2014-07-14T17:17:10</updated>
+ <updated>2014-07-21T13:54:27</updated>
<dc:language>fr-FR</dc:language>
<content type="text"></content>
<link type="application/atom+xml" href="opds-Fedora_Security_Team.xml"/>
diff --git a/public_html/fr-FR/toc.html b/public_html/fr-FR/toc.html
index 932a299..0e73de7 100644
--- a/public_html/fr-FR/toc.html
+++ b/public_html/fr-FR/toc.html
@@ -1791,12 +1791,19 @@
<div class="product collapsed" onclick="toggle(event, 'Fedora_Security_Team');work=1;">
<span class="product">Fedora Security Team</span>
<div id='Fedora_Security_Team' class="versions hidden">
- <div id='Fedora_Security_Team.1' class="version collapsed" onclick="toggle(event, 'Fedora_Security_Team.1.books');">
- <span class="version">1</span>
- <div id='Fedora_Security_Team.1.books' class="books hidden">
+ <div id='Fedora_Security_Team.1' class="version collapsed" onclick="toggle(event, 'Fedora_Security_Team.1.books');"> <div id='Fedora_Security_Team.1.books' class="books">
<div id='Fedora_Security_Team.1' class="version collapsed untranslated" onclick="toggle(event, 'Fedora_Security_Team.1.untrans_books');">
<span class="version">Untranslated</span>
<div id='Fedora_Security_Team.1.untrans_books' class="books hidden">
+ <div id='Fedora_Security_Team.1.Defensive_Coding' class="book collapsed" onclick="toggle(event, 'Fedora_Security_Team.1.Defensive_Coding.types');">
+ <a class="type" href="../en-US/Fedora_Security_Team/1/html/Defensive_Coding/index.html" onclick="window.top.location='../en-US/Fedora_Security_Team/1/html/Defensive_Coding/index.html'"><span class="book">Defensive Coding</span></a>
+ <div id='Fedora_Security_Team.1.Defensive_Coding.types' class="types hidden" onclick="work=0;">
+ <a class="type" href="../en-US/./Fedora_Security_Team/1/epub/Defensive_Coding/Fedora_Security_Team-1-Defensive_Coding-en-US.epub" >epub</a>
+ <a class="type" href="../en-US/./Fedora_Security_Team/1/html/Defensive_Coding/index.html" onclick="window.top.location='../en-US/./Fedora_Security_Team/1/html/Defensive_Coding/index.html';return false;">html</a>
+ <a class="type" href="../en-US/./Fedora_Security_Team/1/html-single/Defensive_Coding/index.html" onclick="window.top.location='../en-US/./Fedora_Security_Team/1/html-single/Defensive_Coding/index.html';return false;">html-single</a>
+ <a class="type" href="../en-US/./Fedora_Security_Team/1/pdf/Defensive_Coding/Fedora_Security_Team-1-Defensive_Coding-en-US.pdf" onclick="window.top.location='../en-US/./Fedora_Security_Team/1/pdf/Defensive_Coding/Fedora_Security_Team-1-Defensive_Coding-en-US.pdf';return false;">pdf</a>
+ </div>
+ </div>
<div id='Fedora_Security_Team.1.Secure_Ruby_Development_Guide' class="book collapsed" onclick="toggle(event, 'Fedora_Security_Team.1.Secure_Ruby_Development_Guide.types');">
<a class="type" href="../en-US/Fedora_Security_Team/1/html/Secure_Ruby_Development_Guide/index.html" onclick="window.top.location='../en-US/Fedora_Security_Team/1/html/Secure_Ruby_Development_Guide/index.html'"><span class="book">Secure Ruby Development Guide</span></a>
<div id='Fedora_Security_Team.1.Secure_Ruby_Development_Guide.types' class="types hidden" onclick="work=0;">
diff --git a/public_html/gu-IN/Site_Statistics.html b/public_html/gu-IN/Site_Statistics.html
index 02caf19..bbbf9bd 100644
--- a/public_html/gu-IN/Site_Statistics.html
+++ b/public_html/gu-IN/Site_Statistics.html
@@ -28,7 +28,7 @@
<td>7</td>
<td>45</td>
<td>22</td>
- <td>166</td>
+ <td>167</td>
</tr>
<tr>
@@ -430,7 +430,7 @@
</table>
<div class="totals">
<b>Total Languages: </b>45<br />
- <b>Total Packages: </b>906
+ <b>Total Packages: </b>907
</div>
</body>
</html>
diff --git a/public_html/gu-IN/opds-Community_Services_Infrastructure.xml b/public_html/gu-IN/opds-Community_Services_Infrastructure.xml
index 552b438..7e5375f 100644
--- a/public_html/gu-IN/opds-Community_Services_Infrastructure.xml
+++ b/public_html/gu-IN/opds-Community_Services_Infrastructure.xml
@@ -6,7 +6,7 @@
<id>http://docs.fedoraproject.org/gu-IN/opds-Community_Services_Infrastructure.xml</id>
<title>Community Services Infrastructure</title>
<subtitle>Community Services Infrastructure</subtitle>
- <updated>2014-07-14T17:17:10</updated>
+ <updated>2014-07-21T13:54:27</updated>
<!--author>
<name></name>
<uri></uri>
diff --git a/public_html/gu-IN/opds-Fedora.xml b/public_html/gu-IN/opds-Fedora.xml
index 2b2fb51..444af5b 100644
--- a/public_html/gu-IN/opds-Fedora.xml
+++ b/public_html/gu-IN/opds-Fedora.xml
@@ -6,7 +6,7 @@
<id>http://docs.fedoraproject.org/gu-IN/opds-Fedora.xml</id>
<title>Fedora</title>
<subtitle>Fedora</subtitle>
- <updated>2014-07-14T17:17:10</updated>
+ <updated>2014-07-21T13:54:27</updated>
<!--author>
<name></name>
<uri></uri>
diff --git a/public_html/gu-IN/opds-Fedora_Contributor_Documentation.xml b/public_html/gu-IN/opds-Fedora_Contributor_Documentation.xml
index ee835e7..7040177 100644
--- a/public_html/gu-IN/opds-Fedora_Contributor_Documentation.xml
+++ b/public_html/gu-IN/opds-Fedora_Contributor_Documentation.xml
@@ -6,7 +6,7 @@
<id>http://docs.fedoraproject.org/gu-IN/opds-Fedora_Contributor_Documentation.xml</id>
<title>Fedora Contributor Documentation</title>
<subtitle>Fedora Contributor Documentation</subtitle>
- <updated>2014-07-14T17:17:10</updated>
+ <updated>2014-07-21T13:54:27</updated>
<!--author>
<name></name>
<uri></uri>
diff --git a/public_html/gu-IN/opds-Fedora_Core.xml b/public_html/gu-IN/opds-Fedora_Core.xml
index 54bf10f..a05014a 100644
--- a/public_html/gu-IN/opds-Fedora_Core.xml
+++ b/public_html/gu-IN/opds-Fedora_Core.xml
@@ -6,7 +6,7 @@
<id>http://docs.fedoraproject.org/gu-IN/opds-Fedora_Core.xml</id>
<title>Fedora Core</title>
<subtitle>Fedora Core</subtitle>
- <updated>2014-07-14T17:17:10</updated>
+ <updated>2014-07-21T13:54:27</updated>
<!--author>
<name></name>
<uri></uri>
diff --git a/public_html/gu-IN/opds-Fedora_Documentation.xml b/public_html/gu-IN/opds-Fedora_Documentation.xml
index c4cc7a5..46ddef1 100644
--- a/public_html/gu-IN/opds-Fedora_Documentation.xml
+++ b/public_html/gu-IN/opds-Fedora_Documentation.xml
@@ -6,7 +6,7 @@
<id>http://docs.fedoraproject.org/gu-IN/opds-Fedora_Documentation.xml</id>
<title>Fedora Documentation</title>
<subtitle>Fedora Documentation</subtitle>
- <updated>2014-07-14T17:17:10</updated>
+ <updated>2014-07-21T13:54:27</updated>
<!--author>
<name></name>
<uri></uri>
diff --git a/public_html/gu-IN/opds-Fedora_Draft_Documentation.xml b/public_html/gu-IN/opds-Fedora_Draft_Documentation.xml
index e7d7711..4534c94 100644
--- a/public_html/gu-IN/opds-Fedora_Draft_Documentation.xml
+++ b/public_html/gu-IN/opds-Fedora_Draft_Documentation.xml
@@ -6,7 +6,7 @@
<id>http://docs.fedoraproject.org/gu-IN/opds-Fedora_Draft_Documentation.xml</id>
<title>Fedora Draft Documentation</title>
<subtitle>Fedora Draft Documentation</subtitle>
- <updated>2014-07-14T17:17:10</updated>
+ <updated>2014-07-21T13:54:27</updated>
<!--author>
<name></name>
<uri></uri>
diff --git a/public_html/gu-IN/opds-Fedora_Security_Team.xml b/public_html/gu-IN/opds-Fedora_Security_Team.xml
index b026287..0dd03ea 100644
--- a/public_html/gu-IN/opds-Fedora_Security_Team.xml
+++ b/public_html/gu-IN/opds-Fedora_Security_Team.xml
@@ -6,13 +6,31 @@
<id>http://docs.fedoraproject.org/gu-IN/opds-Fedora_Security_Team.xml</id>
<title>Fedora Security Team</title>
<subtitle>Fedora Security Team</subtitle>
- <updated>2014-07-14T17:17:10</updated>
+ <updated>2014-07-21T13:54:27</updated>
<!--author>
<name></name>
<uri></uri>
</author-->
<entry>
+ <title>Defensive Coding</title>
+ <id>http://docs.fedoraproject.org/en-US/Fedora_Security_Team/1/epub/Defensive_Coding/Fedora_Security_Team-1-Defensive_Coding-en-US.epub</id>
+ <!--author>
+ <name></name>
+ <uri></uri>
+ </author-->
+ <updated>2014-07-21</updated>
+ <dc:language>gu-IN</dc:language>
+ <category label="1" scheme="http://lexcycle.com/stanza/header" term="free"/>
+ <!--dc:issued></dc:issued-->
+ <summary>A Guide to Improving Software Security</summary>
+ <content type="text">This document provides guidelines for improving software security through secure coding. It covers common programming languages and libraries, and focuses on concrete recommendations.</content>
+ <link type="application/epub+zip" rel="http://opds-spec.org/acquisition" href="http://docs.fedoraproject.org/en-US/Fedora_Security_Team/1/epub/Defensive_Coding/Fedora_Security_Team-1-Defensive_Coding-en-US.epub">
+ <dc:format>application/epub+zip</dc:format>
+ </link>
+ <!--link type="application/atom+xml;type=entry" href="" rel="alternate" title="Full entry"/-->
+ </entry>
+ <entry>
<title>Secure Ruby Development Guide</title>
<id>http://docs.fedoraproject.org/en-US/Fedora_Security_Team/1/epub/Secure_Ruby_Development_Guide/Fedora_Security_Team-1-Secure_Ruby_Development_Guide-en-US.epub</id>
<!--author>
@@ -21,7 +39,7 @@
</author-->
<updated>2014-07-14</updated>
<dc:language>gu-IN</dc:language>
- <category label="1" scheme="http://lexcycle.com/stanza/header" term="free"/>
+ <category label="" scheme="http://lexcycle.com/stanza/header" term="free"/>
<!--dc:issued></dc:issued-->
<summary>Guide to secure software development in Ruby</summary>
<content type="text">This guide covers security aspects of software development in Ruby.</content>
diff --git a/public_html/gu-IN/opds.xml b/public_html/gu-IN/opds.xml
index 18e1d3b..283fd99 100644
--- a/public_html/gu-IN/opds.xml
+++ b/public_html/gu-IN/opds.xml
@@ -6,7 +6,7 @@
<link rel="http://opds-spec.org/crawlable" type="application/atom+xml" href="http://bookserver.archive.org/catalog/crawlable" title="Crawlable feed"/>
<id>http://docs.fedoraproject.org/gu-IN/opds.xml</id>
<title>Product List</title>
- <updated>2014-07-14T17:17:10</updated>
+ <updated>2014-07-21T13:54:27</updated>
<!--author>
<name></name>
<uri></uri>
@@ -15,7 +15,7 @@
<entry>
<title>Community Services Infrastructure</title>
<id>http://docs.fedoraproject.org/gu-IN/Community_Services_Infrastructure/opds-Community_Services_Infrastructure.xml</id>
- <updated>2014-07-14T17:17:10</updated>
+ <updated>2014-07-21T13:54:27</updated>
<dc:language>gu-IN</dc:language>
<content type="text"></content>
<link type="application/atom+xml" href="opds-Community_Services_Infrastructure.xml"/>
@@ -23,7 +23,7 @@
<entry>
<title>Fedora</title>
<id>http://docs.fedoraproject.org/gu-IN/Fedora/opds-Fedora.xml</id>
- <updated>2014-07-14T17:17:10</updated>
+ <updated>2014-07-21T13:54:27</updated>
<dc:language>gu-IN</dc:language>
<content type="text"></content>
<link type="application/atom+xml" href="opds-Fedora.xml"/>
@@ -31,7 +31,7 @@
<entry>
<title>Fedora Contributor Documentation</title>
<id>http://docs.fedoraproject.org/gu-IN/Fedora_Contributor_Documentation/opds-Fedora_Contributor_Documentation.xml</id>
- <updated>2014-07-14T17:17:10</updated>
+ <updated>2014-07-21T13:54:27</updated>
<dc:language>gu-IN</dc:language>
<content type="text"></content>
<link type="application/atom+xml" href="opds-Fedora_Contributor_Documentation.xml"/>
@@ -39,7 +39,7 @@
<entry>
<title>Fedora Core</title>
<id>http://docs.fedoraproject.org/gu-IN/Fedora_Core/opds-Fedora_Core.xml</id>
- <updated>2014-07-14T17:17:10</updated>
+ <updated>2014-07-21T13:54:27</updated>
<dc:language>gu-IN</dc:language>
<content type="text"></content>
<link type="application/atom+xml" href="opds-Fedora_Core.xml"/>
@@ -47,7 +47,7 @@
<entry>
<title>Fedora Documentation</title>
<id>http://docs.fedoraproject.org/gu-IN/Fedora_Documentation/opds-Fedora_Documentation.xml</id>
- <updated>2014-07-14T17:17:10</updated>
+ <updated>2014-07-21T13:54:27</updated>
<dc:language>gu-IN</dc:language>
<content type="text"></content>
<link type="application/atom+xml" href="opds-Fedora_Documentation.xml"/>
@@ -55,7 +55,7 @@
<entry>
<title>Fedora Draft Documentation</title>
<id>http://docs.fedoraproject.org/gu-IN/Fedora_Draft_Documentation/opds-Fedora_Draft_Documentation.xml</id>
- <updated>2014-07-14T17:17:10</updated>
+ <updated>2014-07-21T13:54:27</updated>
<dc:language>gu-IN</dc:language>
<content type="text"></content>
<link type="application/atom+xml" href="opds-Fedora_Draft_Documentation.xml"/>
@@ -63,7 +63,7 @@
<entry>
<title>Fedora Security Team</title>
<id>http://docs.fedoraproject.org/gu-IN/Fedora_Security_Team/opds-Fedora_Security_Team.xml</id>
- <updated>2014-07-14T17:17:10</updated>
+ <updated>2014-07-21T13:54:27</updated>
<dc:language>gu-IN</dc:language>
<content type="text"></content>
<link type="application/atom+xml" href="opds-Fedora_Security_Team.xml"/>
diff --git a/public_html/gu-IN/toc.html b/public_html/gu-IN/toc.html
index f7f890b..fb82ccc 100644
--- a/public_html/gu-IN/toc.html
+++ b/public_html/gu-IN/toc.html
@@ -1800,12 +1800,19 @@
<div class="product collapsed" onclick="toggle(event, 'Fedora_Security_Team');work=1;">
<span class="product">Fedora Security Team</span>
<div id='Fedora_Security_Team' class="versions hidden">
- <div id='Fedora_Security_Team.1' class="version collapsed" onclick="toggle(event, 'Fedora_Security_Team.1.books');">
- <span class="version">1</span>
- <div id='Fedora_Security_Team.1.books' class="books hidden">
+ <div id='Fedora_Security_Team.1' class="version collapsed" onclick="toggle(event, 'Fedora_Security_Team.1.books');"> <div id='Fedora_Security_Team.1.books' class="books">
<div id='Fedora_Security_Team.1' class="version collapsed untranslated" onclick="toggle(event, 'Fedora_Security_Team.1.untrans_books');">
<span class="version">Untranslated</span>
<div id='Fedora_Security_Team.1.untrans_books' class="books hidden">
+ <div id='Fedora_Security_Team.1.Defensive_Coding' class="book collapsed" onclick="toggle(event, 'Fedora_Security_Team.1.Defensive_Coding.types');">
+ <a class="type" href="../en-US/Fedora_Security_Team/1/html/Defensive_Coding/index.html" onclick="window.top.location='../en-US/Fedora_Security_Team/1/html/Defensive_Coding/index.html'"><span class="book">Defensive Coding</span></a>
+ <div id='Fedora_Security_Team.1.Defensive_Coding.types' class="types hidden" onclick="work=0;">
+ <a class="type" href="../en-US/./Fedora_Security_Team/1/epub/Defensive_Coding/Fedora_Security_Team-1-Defensive_Coding-en-US.epub" >epub</a>
+ <a class="type" href="../en-US/./Fedora_Security_Team/1/html/Defensive_Coding/index.html" onclick="window.top.location='../en-US/./Fedora_Security_Team/1/html/Defensive_Coding/index.html';return false;">html</a>
+ <a class="type" href="../en-US/./Fedora_Security_Team/1/html-single/Defensive_Coding/index.html" onclick="window.top.location='../en-US/./Fedora_Security_Team/1/html-single/Defensive_Coding/index.html';return false;">html-single</a>
+ <a class="type" href="../en-US/./Fedora_Security_Team/1/pdf/Defensive_Coding/Fedora_Security_Team-1-Defensive_Coding-en-US.pdf" onclick="window.top.location='../en-US/./Fedora_Security_Team/1/pdf/Defensive_Coding/Fedora_Security_Team-1-Defensive_Coding-en-US.pdf';return false;">pdf</a>
+ </div>
+ </div>
<div id='Fedora_Security_Team.1.Secure_Ruby_Development_Guide' class="book collapsed" onclick="toggle(event, 'Fedora_Security_Team.1.Secure_Ruby_Development_Guide.types');">
<a class="type" href="../en-US/Fedora_Security_Team/1/html/Secure_Ruby_Development_Guide/index.html" onclick="window.top.location='../en-US/Fedora_Security_Team/1/html/Secure_Ruby_Development_Guide/index.html'"><span class="book">Secure Ruby Development Guide</span></a>
<div id='Fedora_Security_Team.1.Secure_Ruby_Development_Guide.types' class="types hidden" onclick="work=0;">
diff --git a/public_html/he-IL/Site_Statistics.html b/public_html/he-IL/Site_Statistics.html
index 02caf19..bbbf9bd 100644
--- a/public_html/he-IL/Site_Statistics.html
+++ b/public_html/he-IL/Site_Statistics.html
@@ -28,7 +28,7 @@
<td>7</td>
<td>45</td>
<td>22</td>
- <td>166</td>
+ <td>167</td>
</tr>
<tr>
@@ -430,7 +430,7 @@
</table>
<div class="totals">
<b>Total Languages: </b>45<br />
- <b>Total Packages: </b>906
+ <b>Total Packages: </b>907
</div>
</body>
</html>
diff --git a/public_html/he-IL/opds-Community_Services_Infrastructure.xml b/public_html/he-IL/opds-Community_Services_Infrastructure.xml
index b336f64..e1b7730 100644
--- a/public_html/he-IL/opds-Community_Services_Infrastructure.xml
+++ b/public_html/he-IL/opds-Community_Services_Infrastructure.xml
@@ -6,7 +6,7 @@
<id>http://docs.fedoraproject.org/he-IL/opds-Community_Services_Infrastructure.xml</id>
<title>Community Services Infrastructure</title>
<subtitle>Community Services Infrastructure</subtitle>
- <updated>2014-07-14T17:17:10</updated>
+ <updated>2014-07-21T13:54:27</updated>
<!--author>
<name></name>
<uri></uri>
diff --git a/public_html/he-IL/opds-Fedora.xml b/public_html/he-IL/opds-Fedora.xml
index db7f514..c39c4e5 100644
--- a/public_html/he-IL/opds-Fedora.xml
+++ b/public_html/he-IL/opds-Fedora.xml
@@ -6,7 +6,7 @@
<id>http://docs.fedoraproject.org/he-IL/opds-Fedora.xml</id>
<title>Fedora</title>
<subtitle>Fedora</subtitle>
- <updated>2014-07-14T17:17:11</updated>
+ <updated>2014-07-21T13:54:27</updated>
<!--author>
<name></name>
<uri></uri>
diff --git a/public_html/he-IL/opds-Fedora_Contributor_Documentation.xml b/public_html/he-IL/opds-Fedora_Contributor_Documentation.xml
index 4fd2045..c3ded56 100644
--- a/public_html/he-IL/opds-Fedora_Contributor_Documentation.xml
+++ b/public_html/he-IL/opds-Fedora_Contributor_Documentation.xml
@@ -6,7 +6,7 @@
<id>http://docs.fedoraproject.org/he-IL/opds-Fedora_Contributor_Documentation.xml</id>
<title>Fedora Contributor Documentation</title>
<subtitle>Fedora Contributor Documentation</subtitle>
- <updated>2014-07-14T17:17:11</updated>
+ <updated>2014-07-21T13:54:27</updated>
<!--author>
<name></name>
<uri></uri>
diff --git a/public_html/he-IL/opds-Fedora_Core.xml b/public_html/he-IL/opds-Fedora_Core.xml
index c75ec67..031c3b4 100644
--- a/public_html/he-IL/opds-Fedora_Core.xml
+++ b/public_html/he-IL/opds-Fedora_Core.xml
@@ -6,7 +6,7 @@
<id>http://docs.fedoraproject.org/he-IL/opds-Fedora_Core.xml</id>
<title>Fedora Core</title>
<subtitle>Fedora Core</subtitle>
- <updated>2014-07-14T17:17:11</updated>
+ <updated>2014-07-21T13:54:27</updated>
<!--author>
<name></name>
<uri></uri>
diff --git a/public_html/he-IL/opds-Fedora_Documentation.xml b/public_html/he-IL/opds-Fedora_Documentation.xml
index 2805f81..9d965b4 100644
--- a/public_html/he-IL/opds-Fedora_Documentation.xml
+++ b/public_html/he-IL/opds-Fedora_Documentation.xml
@@ -6,7 +6,7 @@
<id>http://docs.fedoraproject.org/he-IL/opds-Fedora_Documentation.xml</id>
<title>Fedora Documentation</title>
<subtitle>Fedora Documentation</subtitle>
- <updated>2014-07-14T17:17:11</updated>
+ <updated>2014-07-21T13:54:27</updated>
<!--author>
<name></name>
<uri></uri>
diff --git a/public_html/he-IL/opds-Fedora_Draft_Documentation.xml b/public_html/he-IL/opds-Fedora_Draft_Documentation.xml
index d2d5b33..adc2b68 100644
--- a/public_html/he-IL/opds-Fedora_Draft_Documentation.xml
+++ b/public_html/he-IL/opds-Fedora_Draft_Documentation.xml
@@ -6,7 +6,7 @@
<id>http://docs.fedoraproject.org/he-IL/opds-Fedora_Draft_Documentation.xml</id>
<title>Fedora Draft Documentation</title>
<subtitle>Fedora Draft Documentation</subtitle>
- <updated>2014-07-14T17:17:11</updated>
+ <updated>2014-07-21T13:54:27</updated>
<!--author>
<name></name>
<uri></uri>
diff --git a/public_html/he-IL/opds-Fedora_Security_Team.xml b/public_html/he-IL/opds-Fedora_Security_Team.xml
index 0dbf9d8..56372e8 100644
--- a/public_html/he-IL/opds-Fedora_Security_Team.xml
+++ b/public_html/he-IL/opds-Fedora_Security_Team.xml
@@ -6,13 +6,31 @@
<id>http://docs.fedoraproject.org/he-IL/opds-Fedora_Security_Team.xml</id>
<title>Fedora Security Team</title>
<subtitle>Fedora Security Team</subtitle>
- <updated>2014-07-14T17:17:11</updated>
+ <updated>2014-07-21T13:54:27</updated>
<!--author>
<name></name>
<uri></uri>
</author-->
<entry>
+ <title>Defensive Coding</title>
+ <id>http://docs.fedoraproject.org/en-US/Fedora_Security_Team/1/epub/Defensive_Coding/Fedora_Security_Team-1-Defensive_Coding-en-US.epub</id>
+ <!--author>
+ <name></name>
+ <uri></uri>
+ </author-->
+ <updated>2014-07-21</updated>
+ <dc:language>he-IL</dc:language>
+ <category label="1" scheme="http://lexcycle.com/stanza/header" term="free"/>
+ <!--dc:issued></dc:issued-->
+ <summary>A Guide to Improving Software Security</summary>
+ <content type="text">This document provides guidelines for improving software security through secure coding. It covers common programming languages and libraries, and focuses on concrete recommendations.</content>
+ <link type="application/epub+zip" rel="http://opds-spec.org/acquisition" href="http://docs.fedoraproject.org/en-US/Fedora_Security_Team/1/epub/Defensive_Coding/Fedora_Security_Team-1-Defensive_Coding-en-US.epub">
+ <dc:format>application/epub+zip</dc:format>
+ </link>
+ <!--link type="application/atom+xml;type=entry" href="" rel="alternate" title="Full entry"/-->
+ </entry>
+ <entry>
<title>Secure Ruby Development Guide</title>
<id>http://docs.fedoraproject.org/en-US/Fedora_Security_Team/1/epub/Secure_Ruby_Development_Guide/Fedora_Security_Team-1-Secure_Ruby_Development_Guide-en-US.epub</id>
<!--author>
@@ -21,7 +39,7 @@
</author-->
<updated>2014-07-14</updated>
<dc:language>he-IL</dc:language>
- <category label="1" scheme="http://lexcycle.com/stanza/header" term="free"/>
+ <category label="" scheme="http://lexcycle.com/stanza/header" term="free"/>
<!--dc:issued></dc:issued-->
<summary>Guide to secure software development in Ruby</summary>
<content type="text">This guide covers security aspects of software development in Ruby.</content>
diff --git a/public_html/he-IL/opds.xml b/public_html/he-IL/opds.xml
index b4fcc5d..0dff1c4 100644
--- a/public_html/he-IL/opds.xml
+++ b/public_html/he-IL/opds.xml
@@ -6,7 +6,7 @@
<link rel="http://opds-spec.org/crawlable" type="application/atom+xml" href="http://bookserver.archive.org/catalog/crawlable" title="Crawlable feed"/>
<id>http://docs.fedoraproject.org/he-IL/opds.xml</id>
<title>Product List</title>
- <updated>2014-07-14T17:17:11</updated>
+ <updated>2014-07-21T13:54:27</updated>
<!--author>
<name></name>
<uri></uri>
@@ -15,7 +15,7 @@
<entry>
<title>Community Services Infrastructure</title>
<id>http://docs.fedoraproject.org/he-IL/Community_Services_Infrastructure/opds-Community_Services_Infrastructure.xml</id>
- <updated>2014-07-14T17:17:10</updated>
+ <updated>2014-07-21T13:54:27</updated>
<dc:language>he-IL</dc:language>
<content type="text"></content>
<link type="application/atom+xml" href="opds-Community_Services_Infrastructure.xml"/>
@@ -23,7 +23,7 @@
<entry>
<title>Fedora</title>
<id>http://docs.fedoraproject.org/he-IL/Fedora/opds-Fedora.xml</id>
- <updated>2014-07-14T17:17:11</updated>
+ <updated>2014-07-21T13:54:27</updated>
<dc:language>he-IL</dc:language>
<content type="text"></content>
<link type="application/atom+xml" href="opds-Fedora.xml"/>
@@ -31,7 +31,7 @@
<entry>
<title>Fedora Contributor Documentation</title>
<id>http://docs.fedoraproject.org/he-IL/Fedora_Contributor_Documentation/opds-Fedora_Contributor_Documentation.xml</id>
- <updated>2014-07-14T17:17:11</updated>
+ <updated>2014-07-21T13:54:27</updated>
<dc:language>he-IL</dc:language>
<content type="text"></content>
<link type="application/atom+xml" href="opds-Fedora_Contributor_Documentation.xml"/>
@@ -39,7 +39,7 @@
<entry>
<title>Fedora Core</title>
<id>http://docs.fedoraproject.org/he-IL/Fedora_Core/opds-Fedora_Core.xml</id>
- <updated>2014-07-14T17:17:11</updated>
+ <updated>2014-07-21T13:54:27</updated>
<dc:language>he-IL</dc:language>
<content type="text"></content>
<link type="application/atom+xml" href="opds-Fedora_Core.xml"/>
@@ -47,7 +47,7 @@
<entry>
<title>Fedora Documentation</title>
<id>http://docs.fedoraproject.org/he-IL/Fedora_Documentation/opds-Fedora_Documentation.xml</id>
- <updated>2014-07-14T17:17:11</updated>
+ <updated>2014-07-21T13:54:27</updated>
<dc:language>he-IL</dc:language>
<content type="text"></content>
<link type="application/atom+xml" href="opds-Fedora_Documentation.xml"/>
@@ -55,7 +55,7 @@
<entry>
<title>Fedora Draft Documentation</title>
<id>http://docs.fedoraproject.org/he-IL/Fedora_Draft_Documentation/opds-Fedora_Draft_Documentation.xml</id>
- <updated>2014-07-14T17:17:11</updated>
+ <updated>2014-07-21T13:54:27</updated>
<dc:language>he-IL</dc:language>
<content type="text"></content>
<link type="application/atom+xml" href="opds-Fedora_Draft_Documentation.xml"/>
@@ -63,7 +63,7 @@
<entry>
<title>Fedora Security Team</title>
<id>http://docs.fedoraproject.org/he-IL/Fedora_Security_Team/opds-Fedora_Security_Team.xml</id>
- <updated>2014-07-14T17:17:11</updated>
+ <updated>2014-07-21T13:54:27</updated>
<dc:language>he-IL</dc:language>
<content type="text"></content>
<link type="application/atom+xml" href="opds-Fedora_Security_Team.xml"/>
diff --git a/public_html/he-IL/toc.html b/public_html/he-IL/toc.html
index dfdb7df..af1f716 100644
--- a/public_html/he-IL/toc.html
+++ b/public_html/he-IL/toc.html
@@ -1800,12 +1800,19 @@
<div class="product collapsed" onclick="toggle(event, 'Fedora_Security_Team');work=1;">
<span class="product">Fedora Security Team</span>
<div id='Fedora_Security_Team' class="versions hidden">
- <div id='Fedora_Security_Team.1' class="version collapsed" onclick="toggle(event, 'Fedora_Security_Team.1.books');">
- <span class="version">1</span>
- <div id='Fedora_Security_Team.1.books' class="books hidden">
+ <div id='Fedora_Security_Team.1' class="version collapsed" onclick="toggle(event, 'Fedora_Security_Team.1.books');"> <div id='Fedora_Security_Team.1.books' class="books">
<div id='Fedora_Security_Team.1' class="version collapsed untranslated" onclick="toggle(event, 'Fedora_Security_Team.1.untrans_books');">
<span class="version">Untranslated</span>
<div id='Fedora_Security_Team.1.untrans_books' class="books hidden">
+ <div id='Fedora_Security_Team.1.Defensive_Coding' class="book collapsed" onclick="toggle(event, 'Fedora_Security_Team.1.Defensive_Coding.types');">
+ <a class="type" href="../en-US/Fedora_Security_Team/1/html/Defensive_Coding/index.html" onclick="window.top.location='../en-US/Fedora_Security_Team/1/html/Defensive_Coding/index.html'"><span class="book">Defensive Coding</span></a>
+ <div id='Fedora_Security_Team.1.Defensive_Coding.types' class="types hidden" onclick="work=0;">
+ <a class="type" href="../en-US/./Fedora_Security_Team/1/epub/Defensive_Coding/Fedora_Security_Team-1-Defensive_Coding-en-US.epub" >epub</a>
+ <a class="type" href="../en-US/./Fedora_Security_Team/1/html/Defensive_Coding/index.html" onclick="window.top.location='../en-US/./Fedora_Security_Team/1/html/Defensive_Coding/index.html';return false;">html</a>
+ <a class="type" href="../en-US/./Fedora_Security_Team/1/html-single/Defensive_Coding/index.html" onclick="window.top.location='../en-US/./Fedora_Security_Team/1/html-single/Defensive_Coding/index.html';return false;">html-single</a>
+ <a class="type" href="../en-US/./Fedora_Security_Team/1/pdf/Defensive_Coding/Fedora_Security_Team-1-Defensive_Coding-en-US.pdf" onclick="window.top.location='../en-US/./Fedora_Security_Team/1/pdf/Defensive_Coding/Fedora_Security_Team-1-Defensive_Coding-en-US.pdf';return false;">pdf</a>
+ </div>
+ </div>
<div id='Fedora_Security_Team.1.Secure_Ruby_Development_Guide' class="book collapsed" onclick="toggle(event, 'Fedora_Security_Team.1.Secure_Ruby_Development_Guide.types');">
<a class="type" href="../en-US/Fedora_Security_Team/1/html/Secure_Ruby_Development_Guide/index.html" onclick="window.top.location='../en-US/Fedora_Security_Team/1/html/Secure_Ruby_Development_Guide/index.html'"><span class="book">Secure Ruby Development Guide</span></a>
<div id='Fedora_Security_Team.1.Secure_Ruby_Development_Guide.types' class="types hidden" onclick="work=0;">
diff --git a/public_html/hi-IN/Site_Statistics.html b/public_html/hi-IN/Site_Statistics.html
index 02caf19..bbbf9bd 100644
--- a/public_html/hi-IN/Site_Statistics.html
+++ b/public_html/hi-IN/Site_Statistics.html
@@ -28,7 +28,7 @@
<td>7</td>
<td>45</td>
<td>22</td>
- <td>166</td>
+ <td>167</td>
</tr>
<tr>
@@ -430,7 +430,7 @@
</table>
<div class="totals">
<b>Total Languages: </b>45<br />
- <b>Total Packages: </b>906
+ <b>Total Packages: </b>907
</div>
</body>
</html>
diff --git a/public_html/hi-IN/opds-Community_Services_Infrastructure.xml b/public_html/hi-IN/opds-Community_Services_Infrastructure.xml
index d0ad8f3..7789b80 100644
--- a/public_html/hi-IN/opds-Community_Services_Infrastructure.xml
+++ b/public_html/hi-IN/opds-Community_Services_Infrastructure.xml
@@ -6,7 +6,7 @@
<id>http://docs.fedoraproject.org/hi-IN/opds-Community_Services_Infrastructure.xml</id>
<title>Community Services Infrastructure</title>
<subtitle>Community Services Infrastructure</subtitle>
- <updated>2014-07-14T17:17:11</updated>
+ <updated>2014-07-21T13:54:27</updated>
<!--author>
<name></name>
<uri></uri>
diff --git a/public_html/hi-IN/opds-Fedora.xml b/public_html/hi-IN/opds-Fedora.xml
index 01644eb..27d4c50 100644
--- a/public_html/hi-IN/opds-Fedora.xml
+++ b/public_html/hi-IN/opds-Fedora.xml
@@ -6,7 +6,7 @@
<id>http://docs.fedoraproject.org/hi-IN/opds-Fedora.xml</id>
<title>Fedora</title>
<subtitle>Fedora</subtitle>
- <updated>2014-07-14T17:17:11</updated>
+ <updated>2014-07-21T13:54:27</updated>
<!--author>
<name></name>
<uri></uri>
diff --git a/public_html/hi-IN/opds-Fedora_Contributor_Documentation.xml b/public_html/hi-IN/opds-Fedora_Contributor_Documentation.xml
index 13958ed..64dcf91 100644
--- a/public_html/hi-IN/opds-Fedora_Contributor_Documentation.xml
+++ b/public_html/hi-IN/opds-Fedora_Contributor_Documentation.xml
@@ -6,7 +6,7 @@
<id>http://docs.fedoraproject.org/hi-IN/opds-Fedora_Contributor_Documentation.xml</id>
<title>Fedora Contributor Documentation</title>
<subtitle>Fedora Contributor Documentation</subtitle>
- <updated>2014-07-14T17:17:11</updated>
+ <updated>2014-07-21T13:54:27</updated>
<!--author>
<name></name>
<uri></uri>
diff --git a/public_html/hi-IN/opds-Fedora_Core.xml b/public_html/hi-IN/opds-Fedora_Core.xml
index 187c865..eccf0b7 100644
--- a/public_html/hi-IN/opds-Fedora_Core.xml
+++ b/public_html/hi-IN/opds-Fedora_Core.xml
@@ -6,7 +6,7 @@
<id>http://docs.fedoraproject.org/hi-IN/opds-Fedora_Core.xml</id>
<title>Fedora Core</title>
<subtitle>Fedora Core</subtitle>
- <updated>2014-07-14T17:17:11</updated>
+ <updated>2014-07-21T13:54:27</updated>
<!--author>
<name></name>
<uri></uri>
diff --git a/public_html/hi-IN/opds-Fedora_Documentation.xml b/public_html/hi-IN/opds-Fedora_Documentation.xml
index 3cae6a7..52ff4f4 100644
--- a/public_html/hi-IN/opds-Fedora_Documentation.xml
+++ b/public_html/hi-IN/opds-Fedora_Documentation.xml
@@ -6,7 +6,7 @@
<id>http://docs.fedoraproject.org/hi-IN/opds-Fedora_Documentation.xml</id>
<title>Fedora Documentation</title>
<subtitle>Fedora Documentation</subtitle>
- <updated>2014-07-14T17:17:11</updated>
+ <updated>2014-07-21T13:54:27</updated>
<!--author>
<name></name>
<uri></uri>
diff --git a/public_html/hi-IN/opds-Fedora_Draft_Documentation.xml b/public_html/hi-IN/opds-Fedora_Draft_Documentation.xml
index 40a3a45..d46d09b 100644
--- a/public_html/hi-IN/opds-Fedora_Draft_Documentation.xml
+++ b/public_html/hi-IN/opds-Fedora_Draft_Documentation.xml
@@ -6,7 +6,7 @@
<id>http://docs.fedoraproject.org/hi-IN/opds-Fedora_Draft_Documentation.xml</id>
<title>Fedora Draft Documentation</title>
<subtitle>Fedora Draft Documentation</subtitle>
- <updated>2014-07-14T17:17:11</updated>
+ <updated>2014-07-21T13:54:27</updated>
<!--author>
<name></name>
<uri></uri>
diff --git a/public_html/hi-IN/opds-Fedora_Security_Team.xml b/public_html/hi-IN/opds-Fedora_Security_Team.xml
index 3b9f5a6..7e0a27a 100644
--- a/public_html/hi-IN/opds-Fedora_Security_Team.xml
+++ b/public_html/hi-IN/opds-Fedora_Security_Team.xml
@@ -6,13 +6,31 @@
<id>http://docs.fedoraproject.org/hi-IN/opds-Fedora_Security_Team.xml</id>
<title>Fedora Security Team</title>
<subtitle>Fedora Security Team</subtitle>
- <updated>2014-07-14T17:17:11</updated>
+ <updated>2014-07-21T13:54:27</updated>
<!--author>
<name></name>
<uri></uri>
</author-->
<entry>
+ <title>Defensive Coding</title>
+ <id>http://docs.fedoraproject.org/en-US/Fedora_Security_Team/1/epub/Defensive_Coding/Fedora_Security_Team-1-Defensive_Coding-en-US.epub</id>
+ <!--author>
+ <name></name>
+ <uri></uri>
+ </author-->
+ <updated>2014-07-21</updated>
+ <dc:language>hi-IN</dc:language>
+ <category label="1" scheme="http://lexcycle.com/stanza/header" term="free"/>
+ <!--dc:issued></dc:issued-->
+ <summary>A Guide to Improving Software Security</summary>
+ <content type="text">This document provides guidelines for improving software security through secure coding. It covers common programming languages and libraries, and focuses on concrete recommendations.</content>
+ <link type="application/epub+zip" rel="http://opds-spec.org/acquisition" href="http://docs.fedoraproject.org/en-US/Fedora_Security_Team/1/epub/Defensive_Coding/Fedora_Security_Team-1-Defensive_Coding-en-US.epub">
+ <dc:format>application/epub+zip</dc:format>
+ </link>
+ <!--link type="application/atom+xml;type=entry" href="" rel="alternate" title="Full entry"/-->
+ </entry>
+ <entry>
<title>Secure Ruby Development Guide</title>
<id>http://docs.fedoraproject.org/en-US/Fedora_Security_Team/1/epub/Secure_Ruby_Development_Guide/Fedora_Security_Team-1-Secure_Ruby_Development_Guide-en-US.epub</id>
<!--author>
@@ -21,7 +39,7 @@
</author-->
<updated>2014-07-14</updated>
<dc:language>hi-IN</dc:language>
- <category label="1" scheme="http://lexcycle.com/stanza/header" term="free"/>
+ <category label="" scheme="http://lexcycle.com/stanza/header" term="free"/>
<!--dc:issued></dc:issued-->
<summary>Guide to secure software development in Ruby</summary>
<content type="text">This guide covers security aspects of software development in Ruby.</content>
diff --git a/public_html/hi-IN/opds.xml b/public_html/hi-IN/opds.xml
index d999b75..af81cdb 100644
--- a/public_html/hi-IN/opds.xml
+++ b/public_html/hi-IN/opds.xml
@@ -6,7 +6,7 @@
<link rel="http://opds-spec.org/crawlable" type="application/atom+xml" href="http://bookserver.archive.org/catalog/crawlable" title="Crawlable feed"/>
<id>http://docs.fedoraproject.org/hi-IN/opds.xml</id>
<title>Product List</title>
- <updated>2014-07-14T17:17:11</updated>
+ <updated>2014-07-21T13:54:27</updated>
<!--author>
<name></name>
<uri></uri>
@@ -15,7 +15,7 @@
<entry>
<title>Community Services Infrastructure</title>
<id>http://docs.fedoraproject.org/hi-IN/Community_Services_Infrastructure/opds-Community_Services_Infrastructure.xml</id>
- <updated>2014-07-14T17:17:11</updated>
+ <updated>2014-07-21T13:54:27</updated>
<dc:language>hi-IN</dc:language>
<content type="text"></content>
<link type="application/atom+xml" href="opds-Community_Services_Infrastructure.xml"/>
@@ -23,7 +23,7 @@
<entry>
<title>Fedora</title>
<id>http://docs.fedoraproject.org/hi-IN/Fedora/opds-Fedora.xml</id>
- <updated>2014-07-14T17:17:11</updated>
+ <updated>2014-07-21T13:54:27</updated>
<dc:language>hi-IN</dc:language>
<content type="text"></content>
<link type="application/atom+xml" href="opds-Fedora.xml"/>
@@ -31,7 +31,7 @@
<entry>
<title>Fedora Contributor Documentation</title>
<id>http://docs.fedoraproject.org/hi-IN/Fedora_Contributor_Documentation/opds-Fedora_Contributor_Documentation.xml</id>
- <updated>2014-07-14T17:17:11</updated>
+ <updated>2014-07-21T13:54:27</updated>
<dc:language>hi-IN</dc:language>
<content type="text"></content>
<link type="application/atom+xml" href="opds-Fedora_Contributor_Documentation.xml"/>
@@ -39,7 +39,7 @@
<entry>
<title>Fedora Core</title>
<id>http://docs.fedoraproject.org/hi-IN/Fedora_Core/opds-Fedora_Core.xml</id>
- <updated>2014-07-14T17:17:11</updated>
+ <updated>2014-07-21T13:54:27</updated>
<dc:language>hi-IN</dc:language>
<content type="text"></content>
<link type="application/atom+xml" href="opds-Fedora_Core.xml"/>
@@ -47,7 +47,7 @@
<entry>
<title>Fedora Documentation</title>
<id>http://docs.fedoraproject.org/hi-IN/Fedora_Documentation/opds-Fedora_Documentation.xml</id>
- <updated>2014-07-14T17:17:11</updated>
+ <updated>2014-07-21T13:54:27</updated>
<dc:language>hi-IN</dc:language>
<content type="text"></content>
<link type="application/atom+xml" href="opds-Fedora_Documentation.xml"/>
@@ -55,7 +55,7 @@
<entry>
<title>Fedora Draft Documentation</title>
<id>http://docs.fedoraproject.org/hi-IN/Fedora_Draft_Documentation/opds-Fedora_Draft_Documentation.xml</id>
- <updated>2014-07-14T17:17:11</updated>
+ <updated>2014-07-21T13:54:27</updated>
<dc:language>hi-IN</dc:language>
<content type="text"></content>
<link type="application/atom+xml" href="opds-Fedora_Draft_Documentation.xml"/>
@@ -63,7 +63,7 @@
<entry>
<title>Fedora Security Team</title>
<id>http://docs.fedoraproject.org/hi-IN/Fedora_Security_Team/opds-Fedora_Security_Team.xml</id>
- <updated>2014-07-14T17:17:11</updated>
+ <updated>2014-07-21T13:54:27</updated>
<dc:language>hi-IN</dc:language>
<content type="text"></content>
<link type="application/atom+xml" href="opds-Fedora_Security_Team.xml"/>
diff --git a/public_html/hi-IN/toc.html b/public_html/hi-IN/toc.html
index da185aa..d09c576 100644
--- a/public_html/hi-IN/toc.html
+++ b/public_html/hi-IN/toc.html
@@ -1800,12 +1800,19 @@
<div class="product collapsed" onclick="toggle(event, 'Fedora_Security_Team');work=1;">
<span class="product">Fedora Security Team</span>
<div id='Fedora_Security_Team' class="versions hidden">
- <div id='Fedora_Security_Team.1' class="version collapsed" onclick="toggle(event, 'Fedora_Security_Team.1.books');">
- <span class="version">1</span>
- <div id='Fedora_Security_Team.1.books' class="books hidden">
+ <div id='Fedora_Security_Team.1' class="version collapsed" onclick="toggle(event, 'Fedora_Security_Team.1.books');"> <div id='Fedora_Security_Team.1.books' class="books">
<div id='Fedora_Security_Team.1' class="version collapsed untranslated" onclick="toggle(event, 'Fedora_Security_Team.1.untrans_books');">
<span class="version">Untranslated</span>
<div id='Fedora_Security_Team.1.untrans_books' class="books hidden">
+ <div id='Fedora_Security_Team.1.Defensive_Coding' class="book collapsed" onclick="toggle(event, 'Fedora_Security_Team.1.Defensive_Coding.types');">
+ <a class="type" href="../en-US/Fedora_Security_Team/1/html/Defensive_Coding/index.html" onclick="window.top.location='../en-US/Fedora_Security_Team/1/html/Defensive_Coding/index.html'"><span class="book">Defensive Coding</span></a>
+ <div id='Fedora_Security_Team.1.Defensive_Coding.types' class="types hidden" onclick="work=0;">
+ <a class="type" href="../en-US/./Fedora_Security_Team/1/epub/Defensive_Coding/Fedora_Security_Team-1-Defensive_Coding-en-US.epub" >epub</a>
+ <a class="type" href="../en-US/./Fedora_Security_Team/1/html/Defensive_Coding/index.html" onclick="window.top.location='../en-US/./Fedora_Security_Team/1/html/Defensive_Coding/index.html';return false;">html</a>
+ <a class="type" href="../en-US/./Fedora_Security_Team/1/html-single/Defensive_Coding/index.html" onclick="window.top.location='../en-US/./Fedora_Security_Team/1/html-single/Defensive_Coding/index.html';return false;">html-single</a>
+ <a class="type" href="../en-US/./Fedora_Security_Team/1/pdf/Defensive_Coding/Fedora_Security_Team-1-Defensive_Coding-en-US.pdf" onclick="window.top.location='../en-US/./Fedora_Security_Team/1/pdf/Defensive_Coding/Fedora_Security_Team-1-Defensive_Coding-en-US.pdf';return false;">pdf</a>
+ </div>
+ </div>
<div id='Fedora_Security_Team.1.Secure_Ruby_Development_Guide' class="book collapsed" onclick="toggle(event, 'Fedora_Security_Team.1.Secure_Ruby_Development_Guide.types');">
<a class="type" href="../en-US/Fedora_Security_Team/1/html/Secure_Ruby_Development_Guide/index.html" onclick="window.top.location='../en-US/Fedora_Security_Team/1/html/Secure_Ruby_Development_Guide/index.html'"><span class="book">Secure Ruby Development Guide</span></a>
<div id='Fedora_Security_Team.1.Secure_Ruby_Development_Guide.types' class="types hidden" onclick="work=0;">
diff --git a/public_html/hu-HU/Site_Statistics.html b/public_html/hu-HU/Site_Statistics.html
index 02caf19..bbbf9bd 100644
--- a/public_html/hu-HU/Site_Statistics.html
+++ b/public_html/hu-HU/Site_Statistics.html
@@ -28,7 +28,7 @@
<td>7</td>
<td>45</td>
<td>22</td>
- <td>166</td>
+ <td>167</td>
</tr>
<tr>
@@ -430,7 +430,7 @@
</table>
<div class="totals">
<b>Total Languages: </b>45<br />
- <b>Total Packages: </b>906
+ <b>Total Packages: </b>907
</div>
</body>
</html>
diff --git a/public_html/hu-HU/opds-Community_Services_Infrastructure.xml b/public_html/hu-HU/opds-Community_Services_Infrastructure.xml
index 0326b1d..931cbd9 100644
--- a/public_html/hu-HU/opds-Community_Services_Infrastructure.xml
+++ b/public_html/hu-HU/opds-Community_Services_Infrastructure.xml
@@ -6,7 +6,7 @@
<id>http://docs.fedoraproject.org/hu-HU/opds-Community_Services_Infrastructure.xml</id>
<title>Community Services Infrastructure</title>
<subtitle>Community Services Infrastructure</subtitle>
- <updated>2014-07-14T17:17:11</updated>
+ <updated>2014-07-21T13:54:27</updated>
<!--author>
<name></name>
<uri></uri>
diff --git a/public_html/hu-HU/opds-Fedora.xml b/public_html/hu-HU/opds-Fedora.xml
index f2d5391..0abdb3d 100644
--- a/public_html/hu-HU/opds-Fedora.xml
+++ b/public_html/hu-HU/opds-Fedora.xml
@@ -6,7 +6,7 @@
<id>http://docs.fedoraproject.org/hu-HU/opds-Fedora.xml</id>
<title>Fedora</title>
<subtitle>Fedora</subtitle>
- <updated>2014-07-14T17:17:11</updated>
+ <updated>2014-07-21T13:54:27</updated>
<!--author>
<name></name>
<uri></uri>
diff --git a/public_html/hu-HU/opds-Fedora_Contributor_Documentation.xml b/public_html/hu-HU/opds-Fedora_Contributor_Documentation.xml
index 99f4ba4..9d6d6ec 100644
--- a/public_html/hu-HU/opds-Fedora_Contributor_Documentation.xml
+++ b/public_html/hu-HU/opds-Fedora_Contributor_Documentation.xml
@@ -6,7 +6,7 @@
<id>http://docs.fedoraproject.org/hu-HU/opds-Fedora_Contributor_Documentation.xml</id>
<title>Fedora Contributor Documentation</title>
<subtitle>Fedora Contributor Documentation</subtitle>
- <updated>2014-07-14T17:17:11</updated>
+ <updated>2014-07-21T13:54:27</updated>
<!--author>
<name></name>
<uri></uri>
diff --git a/public_html/hu-HU/opds-Fedora_Core.xml b/public_html/hu-HU/opds-Fedora_Core.xml
index 96ae0db..11a87c9 100644
--- a/public_html/hu-HU/opds-Fedora_Core.xml
+++ b/public_html/hu-HU/opds-Fedora_Core.xml
@@ -6,7 +6,7 @@
<id>http://docs.fedoraproject.org/hu-HU/opds-Fedora_Core.xml</id>
<title>Fedora Core</title>
<subtitle>Fedora Core</subtitle>
- <updated>2014-07-14T17:17:11</updated>
+ <updated>2014-07-21T13:54:27</updated>
<!--author>
<name></name>
<uri></uri>
diff --git a/public_html/hu-HU/opds-Fedora_Documentation.xml b/public_html/hu-HU/opds-Fedora_Documentation.xml
index 4d8d7f6..5baf64a 100644
--- a/public_html/hu-HU/opds-Fedora_Documentation.xml
+++ b/public_html/hu-HU/opds-Fedora_Documentation.xml
@@ -6,7 +6,7 @@
<id>http://docs.fedoraproject.org/hu-HU/opds-Fedora_Documentation.xml</id>
<title>Fedora Documentation</title>
<subtitle>Fedora Documentation</subtitle>
- <updated>2014-07-14T17:17:11</updated>
+ <updated>2014-07-21T13:54:27</updated>
<!--author>
<name></name>
<uri></uri>
diff --git a/public_html/hu-HU/opds-Fedora_Draft_Documentation.xml b/public_html/hu-HU/opds-Fedora_Draft_Documentation.xml
index 40bb918..a91ba11 100644
--- a/public_html/hu-HU/opds-Fedora_Draft_Documentation.xml
+++ b/public_html/hu-HU/opds-Fedora_Draft_Documentation.xml
@@ -6,7 +6,7 @@
<id>http://docs.fedoraproject.org/hu-HU/opds-Fedora_Draft_Documentation.xml</id>
<title>Fedora Draft Documentation</title>
<subtitle>Fedora Draft Documentation</subtitle>
- <updated>2014-07-14T17:17:11</updated>
+ <updated>2014-07-21T13:54:27</updated>
<!--author>
<name></name>
<uri></uri>
diff --git a/public_html/hu-HU/opds-Fedora_Security_Team.xml b/public_html/hu-HU/opds-Fedora_Security_Team.xml
index dfe08f4..8929424 100644
--- a/public_html/hu-HU/opds-Fedora_Security_Team.xml
+++ b/public_html/hu-HU/opds-Fedora_Security_Team.xml
@@ -6,13 +6,31 @@
<id>http://docs.fedoraproject.org/hu-HU/opds-Fedora_Security_Team.xml</id>
<title>Fedora Security Team</title>
<subtitle>Fedora Security Team</subtitle>
- <updated>2014-07-14T17:17:11</updated>
+ <updated>2014-07-21T13:54:27</updated>
<!--author>
<name></name>
<uri></uri>
</author-->
<entry>
+ <title>Defensive Coding</title>
+ <id>http://docs.fedoraproject.org/en-US/Fedora_Security_Team/1/epub/Defensive_Coding/Fedora_Security_Team-1-Defensive_Coding-en-US.epub</id>
+ <!--author>
+ <name></name>
+ <uri></uri>
+ </author-->
+ <updated>2014-07-21</updated>
+ <dc:language>hu-HU</dc:language>
+ <category label="1" scheme="http://lexcycle.com/stanza/header" term="free"/>
+ <!--dc:issued></dc:issued-->
+ <summary>A Guide to Improving Software Security</summary>
+ <content type="text">This document provides guidelines for improving software security through secure coding. It covers common programming languages and libraries, and focuses on concrete recommendations.</content>
+ <link type="application/epub+zip" rel="http://opds-spec.org/acquisition" href="http://docs.fedoraproject.org/en-US/Fedora_Security_Team/1/epub/Defensive_Coding/Fedora_Security_Team-1-Defensive_Coding-en-US.epub">
+ <dc:format>application/epub+zip</dc:format>
+ </link>
+ <!--link type="application/atom+xml;type=entry" href="" rel="alternate" title="Full entry"/-->
+ </entry>
+ <entry>
<title>Secure Ruby Development Guide</title>
<id>http://docs.fedoraproject.org/en-US/Fedora_Security_Team/1/epub/Secure_Ruby_Development_Guide/Fedora_Security_Team-1-Secure_Ruby_Development_Guide-en-US.epub</id>
<!--author>
@@ -21,7 +39,7 @@
</author-->
<updated>2014-07-14</updated>
<dc:language>hu-HU</dc:language>
- <category label="1" scheme="http://lexcycle.com/stanza/header" term="free"/>
+ <category label="" scheme="http://lexcycle.com/stanza/header" term="free"/>
<!--dc:issued></dc:issued-->
<summary>Guide to secure software development in Ruby</summary>
<content type="text">This guide covers security aspects of software development in Ruby.</content>
diff --git a/public_html/hu-HU/opds.xml b/public_html/hu-HU/opds.xml
index ce5f8fa..8294488 100644
--- a/public_html/hu-HU/opds.xml
+++ b/public_html/hu-HU/opds.xml
@@ -6,7 +6,7 @@
<link rel="http://opds-spec.org/crawlable" type="application/atom+xml" href="http://bookserver.archive.org/catalog/crawlable" title="Crawlable feed"/>
<id>http://docs.fedoraproject.org/hu-HU/opds.xml</id>
<title>Product List</title>
- <updated>2014-07-14T17:17:11</updated>
+ <updated>2014-07-21T13:54:27</updated>
<!--author>
<name></name>
<uri></uri>
@@ -15,7 +15,7 @@
<entry>
<title>Community Services Infrastructure</title>
<id>http://docs.fedoraproject.org/hu-HU/Community_Services_Infrastructure/opds-Community_Services_Infrastructure.xml</id>
- <updated>2014-07-14T17:17:11</updated>
+ <updated>2014-07-21T13:54:27</updated>
<dc:language>hu-HU</dc:language>
<content type="text"></content>
<link type="application/atom+xml" href="opds-Community_Services_Infrastructure.xml"/>
@@ -23,7 +23,7 @@
<entry>
<title>Fedora</title>
<id>http://docs.fedoraproject.org/hu-HU/Fedora/opds-Fedora.xml</id>
- <updated>2014-07-14T17:17:11</updated>
+ <updated>2014-07-21T13:54:27</updated>
<dc:language>hu-HU</dc:language>
<content type="text"></content>
<link type="application/atom+xml" href="opds-Fedora.xml"/>
@@ -31,7 +31,7 @@
<entry>
<title>Fedora Contributor Documentation</title>
<id>http://docs.fedoraproject.org/hu-HU/Fedora_Contributor_Documentation/opds-Fedora_Contributor_Documentation.xml</id>
- <updated>2014-07-14T17:17:11</updated>
+ <updated>2014-07-21T13:54:27</updated>
<dc:language>hu-HU</dc:language>
<content type="text"></content>
<link type="application/atom+xml" href="opds-Fedora_Contributor_Documentation.xml"/>
@@ -39,7 +39,7 @@
<entry>
<title>Fedora Core</title>
<id>http://docs.fedoraproject.org/hu-HU/Fedora_Core/opds-Fedora_Core.xml</id>
- <updated>2014-07-14T17:17:11</updated>
+ <updated>2014-07-21T13:54:27</updated>
<dc:language>hu-HU</dc:language>
<content type="text"></content>
<link type="application/atom+xml" href="opds-Fedora_Core.xml"/>
@@ -47,7 +47,7 @@
<entry>
<title>Fedora Documentation</title>
<id>http://docs.fedoraproject.org/hu-HU/Fedora_Documentation/opds-Fedora_Documentation.xml</id>
- <updated>2014-07-14T17:17:11</updated>
+ <updated>2014-07-21T13:54:27</updated>
<dc:language>hu-HU</dc:language>
<content type="text"></content>
<link type="application/atom+xml" href="opds-Fedora_Documentation.xml"/>
@@ -55,7 +55,7 @@
<entry>
<title>Fedora Draft Documentation</title>
<id>http://docs.fedoraproject.org/hu-HU/Fedora_Draft_Documentation/opds-Fedora_Draft_Documentation.xml</id>
- <updated>2014-07-14T17:17:11</updated>
+ <updated>2014-07-21T13:54:27</updated>
<dc:language>hu-HU</dc:language>
<content type="text"></content>
<link type="application/atom+xml" href="opds-Fedora_Draft_Documentation.xml"/>
@@ -63,7 +63,7 @@
<entry>
<title>Fedora Security Team</title>
<id>http://docs.fedoraproject.org/hu-HU/Fedora_Security_Team/opds-Fedora_Security_Team.xml</id>
- <updated>2014-07-14T17:17:11</updated>
+ <updated>2014-07-21T13:54:27</updated>
<dc:language>hu-HU</dc:language>
<content type="text"></content>
<link type="application/atom+xml" href="opds-Fedora_Security_Team.xml"/>
diff --git a/public_html/hu-HU/toc.html b/public_html/hu-HU/toc.html
index b2d4d81..60131ee 100644
--- a/public_html/hu-HU/toc.html
+++ b/public_html/hu-HU/toc.html
@@ -1800,12 +1800,19 @@
<div class="product collapsed" onclick="toggle(event, 'Fedora_Security_Team');work=1;">
<span class="product">Fedora Security Team</span>
<div id='Fedora_Security_Team' class="versions hidden">
- <div id='Fedora_Security_Team.1' class="version collapsed" onclick="toggle(event, 'Fedora_Security_Team.1.books');">
- <span class="version">1</span>
- <div id='Fedora_Security_Team.1.books' class="books hidden">
+ <div id='Fedora_Security_Team.1' class="version collapsed" onclick="toggle(event, 'Fedora_Security_Team.1.books');"> <div id='Fedora_Security_Team.1.books' class="books">
<div id='Fedora_Security_Team.1' class="version collapsed untranslated" onclick="toggle(event, 'Fedora_Security_Team.1.untrans_books');">
<span class="version">Untranslated</span>
<div id='Fedora_Security_Team.1.untrans_books' class="books hidden">
+ <div id='Fedora_Security_Team.1.Defensive_Coding' class="book collapsed" onclick="toggle(event, 'Fedora_Security_Team.1.Defensive_Coding.types');">
+ <a class="type" href="../en-US/Fedora_Security_Team/1/html/Defensive_Coding/index.html" onclick="window.top.location='../en-US/Fedora_Security_Team/1/html/Defensive_Coding/index.html'"><span class="book">Defensive Coding</span></a>
+ <div id='Fedora_Security_Team.1.Defensive_Coding.types' class="types hidden" onclick="work=0;">
+ <a class="type" href="../en-US/./Fedora_Security_Team/1/epub/Defensive_Coding/Fedora_Security_Team-1-Defensive_Coding-en-US.epub" >epub</a>
+ <a class="type" href="../en-US/./Fedora_Security_Team/1/html/Defensive_Coding/index.html" onclick="window.top.location='../en-US/./Fedora_Security_Team/1/html/Defensive_Coding/index.html';return false;">html</a>
+ <a class="type" href="../en-US/./Fedora_Security_Team/1/html-single/Defensive_Coding/index.html" onclick="window.top.location='../en-US/./Fedora_Security_Team/1/html-single/Defensive_Coding/index.html';return false;">html-single</a>
+ <a class="type" href="../en-US/./Fedora_Security_Team/1/pdf/Defensive_Coding/Fedora_Security_Team-1-Defensive_Coding-en-US.pdf" onclick="window.top.location='../en-US/./Fedora_Security_Team/1/pdf/Defensive_Coding/Fedora_Security_Team-1-Defensive_Coding-en-US.pdf';return false;">pdf</a>
+ </div>
+ </div>
<div id='Fedora_Security_Team.1.Secure_Ruby_Development_Guide' class="book collapsed" onclick="toggle(event, 'Fedora_Security_Team.1.Secure_Ruby_Development_Guide.types');">
<a class="type" href="../en-US/Fedora_Security_Team/1/html/Secure_Ruby_Development_Guide/index.html" onclick="window.top.location='../en-US/Fedora_Security_Team/1/html/Secure_Ruby_Development_Guide/index.html'"><span class="book">Secure Ruby Development Guide</span></a>
<div id='Fedora_Security_Team.1.Secure_Ruby_Development_Guide.types' class="types hidden" onclick="work=0;">
diff --git a/public_html/ia/Site_Statistics.html b/public_html/ia/Site_Statistics.html
index 02caf19..bbbf9bd 100644
--- a/public_html/ia/Site_Statistics.html
+++ b/public_html/ia/Site_Statistics.html
@@ -28,7 +28,7 @@
<td>7</td>
<td>45</td>
<td>22</td>
- <td>166</td>
+ <td>167</td>
</tr>
<tr>
@@ -430,7 +430,7 @@
</table>
<div class="totals">
<b>Total Languages: </b>45<br />
- <b>Total Packages: </b>906
+ <b>Total Packages: </b>907
</div>
</body>
</html>
diff --git a/public_html/ia/opds-Community_Services_Infrastructure.xml b/public_html/ia/opds-Community_Services_Infrastructure.xml
index 56b8089..4adc67d 100644
--- a/public_html/ia/opds-Community_Services_Infrastructure.xml
+++ b/public_html/ia/opds-Community_Services_Infrastructure.xml
@@ -6,7 +6,7 @@
<id>http://docs.fedoraproject.org/ia/opds-Community_Services_Infrastructure.xml</id>
<title>Community Services Infrastructure</title>
<subtitle>Community Services Infrastructure</subtitle>
- <updated>2014-07-14T17:17:11</updated>
+ <updated>2014-07-21T13:54:27</updated>
<!--author>
<name></name>
<uri></uri>
diff --git a/public_html/ia/opds-Fedora.xml b/public_html/ia/opds-Fedora.xml
index af9c277..e4f37f6 100644
--- a/public_html/ia/opds-Fedora.xml
+++ b/public_html/ia/opds-Fedora.xml
@@ -6,7 +6,7 @@
<id>http://docs.fedoraproject.org/ia/opds-Fedora.xml</id>
<title>Fedora</title>
<subtitle>Fedora</subtitle>
- <updated>2014-07-14T17:17:11</updated>
+ <updated>2014-07-21T13:54:27</updated>
<!--author>
<name></name>
<uri></uri>
diff --git a/public_html/ia/opds-Fedora_Contributor_Documentation.xml b/public_html/ia/opds-Fedora_Contributor_Documentation.xml
index 5096943..4e89fb6 100644
--- a/public_html/ia/opds-Fedora_Contributor_Documentation.xml
+++ b/public_html/ia/opds-Fedora_Contributor_Documentation.xml
@@ -6,7 +6,7 @@
<id>http://docs.fedoraproject.org/ia/opds-Fedora_Contributor_Documentation.xml</id>
<title>Fedora Contributor Documentation</title>
<subtitle>Fedora Contributor Documentation</subtitle>
- <updated>2014-07-14T17:17:11</updated>
+ <updated>2014-07-21T13:54:27</updated>
<!--author>
<name></name>
<uri></uri>
diff --git a/public_html/ia/opds-Fedora_Core.xml b/public_html/ia/opds-Fedora_Core.xml
index cb7225c..b8a932d 100644
--- a/public_html/ia/opds-Fedora_Core.xml
+++ b/public_html/ia/opds-Fedora_Core.xml
@@ -6,7 +6,7 @@
<id>http://docs.fedoraproject.org/ia/opds-Fedora_Core.xml</id>
<title>Fedora Core</title>
<subtitle>Fedora Core</subtitle>
- <updated>2014-07-14T17:17:11</updated>
+ <updated>2014-07-21T13:54:27</updated>
<!--author>
<name></name>
<uri></uri>
diff --git a/public_html/ia/opds-Fedora_Documentation.xml b/public_html/ia/opds-Fedora_Documentation.xml
index 43f14b4..433dd52 100644
--- a/public_html/ia/opds-Fedora_Documentation.xml
+++ b/public_html/ia/opds-Fedora_Documentation.xml
@@ -6,7 +6,7 @@
<id>http://docs.fedoraproject.org/ia/opds-Fedora_Documentation.xml</id>
<title>Fedora Documentation</title>
<subtitle>Fedora Documentation</subtitle>
- <updated>2014-07-14T17:17:11</updated>
+ <updated>2014-07-21T13:54:28</updated>
<!--author>
<name></name>
<uri></uri>
diff --git a/public_html/ia/opds-Fedora_Draft_Documentation.xml b/public_html/ia/opds-Fedora_Draft_Documentation.xml
index 16d4a1c..8c90869 100644
--- a/public_html/ia/opds-Fedora_Draft_Documentation.xml
+++ b/public_html/ia/opds-Fedora_Draft_Documentation.xml
@@ -6,7 +6,7 @@
<id>http://docs.fedoraproject.org/ia/opds-Fedora_Draft_Documentation.xml</id>
<title>Fedora Draft Documentation</title>
<subtitle>Fedora Draft Documentation</subtitle>
- <updated>2014-07-14T17:17:11</updated>
+ <updated>2014-07-21T13:54:28</updated>
<!--author>
<name></name>
<uri></uri>
diff --git a/public_html/ia/opds-Fedora_Security_Team.xml b/public_html/ia/opds-Fedora_Security_Team.xml
index 106b986..9fa3b99 100644
--- a/public_html/ia/opds-Fedora_Security_Team.xml
+++ b/public_html/ia/opds-Fedora_Security_Team.xml
@@ -6,13 +6,31 @@
<id>http://docs.fedoraproject.org/ia/opds-Fedora_Security_Team.xml</id>
<title>Fedora Security Team</title>
<subtitle>Fedora Security Team</subtitle>
- <updated>2014-07-14T17:17:11</updated>
+ <updated>2014-07-21T13:54:28</updated>
<!--author>
<name></name>
<uri></uri>
</author-->
<entry>
+ <title>Defensive Coding</title>
+ <id>http://docs.fedoraproject.org/en-US/Fedora_Security_Team/1/epub/Defensive_Coding/Fedora_Security_Team-1-Defensive_Coding-en-US.epub</id>
+ <!--author>
+ <name></name>
+ <uri></uri>
+ </author-->
+ <updated>2014-07-21</updated>
+ <dc:language>ia</dc:language>
+ <category label="1" scheme="http://lexcycle.com/stanza/header" term="free"/>
+ <!--dc:issued></dc:issued-->
+ <summary>A Guide to Improving Software Security</summary>
+ <content type="text">This document provides guidelines for improving software security through secure coding. It covers common programming languages and libraries, and focuses on concrete recommendations.</content>
+ <link type="application/epub+zip" rel="http://opds-spec.org/acquisition" href="http://docs.fedoraproject.org/en-US/Fedora_Security_Team/1/epub/Defensive_Coding/Fedora_Security_Team-1-Defensive_Coding-en-US.epub">
+ <dc:format>application/epub+zip</dc:format>
+ </link>
+ <!--link type="application/atom+xml;type=entry" href="" rel="alternate" title="Full entry"/-->
+ </entry>
+ <entry>
<title>Secure Ruby Development Guide</title>
<id>http://docs.fedoraproject.org/en-US/Fedora_Security_Team/1/epub/Secure_Ruby_Development_Guide/Fedora_Security_Team-1-Secure_Ruby_Development_Guide-en-US.epub</id>
<!--author>
@@ -21,7 +39,7 @@
</author-->
<updated>2014-07-14</updated>
<dc:language>ia</dc:language>
- <category label="1" scheme="http://lexcycle.com/stanza/header" term="free"/>
+ <category label="" scheme="http://lexcycle.com/stanza/header" term="free"/>
<!--dc:issued></dc:issued-->
<summary>Guide to secure software development in Ruby</summary>
<content type="text">This guide covers security aspects of software development in Ruby.</content>
diff --git a/public_html/ia/opds.xml b/public_html/ia/opds.xml
index 176fc16..13ebf41 100644
--- a/public_html/ia/opds.xml
+++ b/public_html/ia/opds.xml
@@ -6,7 +6,7 @@
<link rel="http://opds-spec.org/crawlable" type="application/atom+xml" href="http://bookserver.archive.org/catalog/crawlable" title="Crawlable feed"/>
<id>http://docs.fedoraproject.org/ia/opds.xml</id>
<title>Product List</title>
- <updated>2014-07-14T17:17:11</updated>
+ <updated>2014-07-21T13:54:28</updated>
<!--author>
<name></name>
<uri></uri>
@@ -15,7 +15,7 @@
<entry>
<title>Community Services Infrastructure</title>
<id>http://docs.fedoraproject.org/ia/Community_Services_Infrastructure/opds-Community_Services_Infrastructure.xml</id>
- <updated>2014-07-14T17:17:11</updated>
+ <updated>2014-07-21T13:54:27</updated>
<dc:language>ia</dc:language>
<content type="text"></content>
<link type="application/atom+xml" href="opds-Community_Services_Infrastructure.xml"/>
@@ -23,7 +23,7 @@
<entry>
<title>Fedora</title>
<id>http://docs.fedoraproject.org/ia/Fedora/opds-Fedora.xml</id>
- <updated>2014-07-14T17:17:11</updated>
+ <updated>2014-07-21T13:54:27</updated>
<dc:language>ia</dc:language>
<content type="text"></content>
<link type="application/atom+xml" href="opds-Fedora.xml"/>
@@ -31,7 +31,7 @@
<entry>
<title>Fedora Contributor Documentation</title>
<id>http://docs.fedoraproject.org/ia/Fedora_Contributor_Documentation/opds-Fedora_Contributor_Documentation.xml</id>
- <updated>2014-07-14T17:17:11</updated>
+ <updated>2014-07-21T13:54:27</updated>
<dc:language>ia</dc:language>
<content type="text"></content>
<link type="application/atom+xml" href="opds-Fedora_Contributor_Documentation.xml"/>
@@ -39,7 +39,7 @@
<entry>
<title>Fedora Core</title>
<id>http://docs.fedoraproject.org/ia/Fedora_Core/opds-Fedora_Core.xml</id>
- <updated>2014-07-14T17:17:11</updated>
+ <updated>2014-07-21T13:54:28</updated>
<dc:language>ia</dc:language>
<content type="text"></content>
<link type="application/atom+xml" href="opds-Fedora_Core.xml"/>
@@ -47,7 +47,7 @@
<entry>
<title>Fedora Documentation</title>
<id>http://docs.fedoraproject.org/ia/Fedora_Documentation/opds-Fedora_Documentation.xml</id>
- <updated>2014-07-14T17:17:11</updated>
+ <updated>2014-07-21T13:54:28</updated>
<dc:language>ia</dc:language>
<content type="text"></content>
<link type="application/atom+xml" href="opds-Fedora_Documentation.xml"/>
@@ -55,7 +55,7 @@
<entry>
<title>Fedora Draft Documentation</title>
<id>http://docs.fedoraproject.org/ia/Fedora_Draft_Documentation/opds-Fedora_Draft_Documentation.xml</id>
- <updated>2014-07-14T17:17:11</updated>
+ <updated>2014-07-21T13:54:28</updated>
<dc:language>ia</dc:language>
<content type="text"></content>
<link type="application/atom+xml" href="opds-Fedora_Draft_Documentation.xml"/>
@@ -63,7 +63,7 @@
<entry>
<title>Fedora Security Team</title>
<id>http://docs.fedoraproject.org/ia/Fedora_Security_Team/opds-Fedora_Security_Team.xml</id>
- <updated>2014-07-14T17:17:11</updated>
+ <updated>2014-07-21T13:54:28</updated>
<dc:language>ia</dc:language>
<content type="text"></content>
<link type="application/atom+xml" href="opds-Fedora_Security_Team.xml"/>
diff --git a/public_html/ia/toc.html b/public_html/ia/toc.html
index f41c3d1..eb2bf8d 100644
--- a/public_html/ia/toc.html
+++ b/public_html/ia/toc.html
@@ -1800,12 +1800,19 @@
<div class="product collapsed" onclick="toggle(event, 'Fedora_Security_Team');work=1;">
<span class="product">Fedora Security Team</span>
<div id='Fedora_Security_Team' class="versions hidden">
- <div id='Fedora_Security_Team.1' class="version collapsed" onclick="toggle(event, 'Fedora_Security_Team.1.books');">
- <span class="version">1</span>
- <div id='Fedora_Security_Team.1.books' class="books hidden">
+ <div id='Fedora_Security_Team.1' class="version collapsed" onclick="toggle(event, 'Fedora_Security_Team.1.books');"> <div id='Fedora_Security_Team.1.books' class="books">
<div id='Fedora_Security_Team.1' class="version collapsed untranslated" onclick="toggle(event, 'Fedora_Security_Team.1.untrans_books');">
<span class="version">Untranslated</span>
<div id='Fedora_Security_Team.1.untrans_books' class="books hidden">
+ <div id='Fedora_Security_Team.1.Defensive_Coding' class="book collapsed" onclick="toggle(event, 'Fedora_Security_Team.1.Defensive_Coding.types');">
+ <a class="type" href="../en-US/Fedora_Security_Team/1/html/Defensive_Coding/index.html" onclick="window.top.location='../en-US/Fedora_Security_Team/1/html/Defensive_Coding/index.html'"><span class="book">Defensive Coding</span></a>
+ <div id='Fedora_Security_Team.1.Defensive_Coding.types' class="types hidden" onclick="work=0;">
+ <a class="type" href="../en-US/./Fedora_Security_Team/1/epub/Defensive_Coding/Fedora_Security_Team-1-Defensive_Coding-en-US.epub" >epub</a>
+ <a class="type" href="../en-US/./Fedora_Security_Team/1/html/Defensive_Coding/index.html" onclick="window.top.location='../en-US/./Fedora_Security_Team/1/html/Defensive_Coding/index.html';return false;">html</a>
+ <a class="type" href="../en-US/./Fedora_Security_Team/1/html-single/Defensive_Coding/index.html" onclick="window.top.location='../en-US/./Fedora_Security_Team/1/html-single/Defensive_Coding/index.html';return false;">html-single</a>
+ <a class="type" href="../en-US/./Fedora_Security_Team/1/pdf/Defensive_Coding/Fedora_Security_Team-1-Defensive_Coding-en-US.pdf" onclick="window.top.location='../en-US/./Fedora_Security_Team/1/pdf/Defensive_Coding/Fedora_Security_Team-1-Defensive_Coding-en-US.pdf';return false;">pdf</a>
+ </div>
+ </div>
<div id='Fedora_Security_Team.1.Secure_Ruby_Development_Guide' class="book collapsed" onclick="toggle(event, 'Fedora_Security_Team.1.Secure_Ruby_Development_Guide.types');">
<a class="type" href="../en-US/Fedora_Security_Team/1/html/Secure_Ruby_Development_Guide/index.html" onclick="window.top.location='../en-US/Fedora_Security_Team/1/html/Secure_Ruby_Development_Guide/index.html'"><span class="book">Secure Ruby Development Guide</span></a>
<div id='Fedora_Security_Team.1.Secure_Ruby_Development_Guide.types' class="types hidden" onclick="work=0;">
diff --git a/public_html/id-ID/Site_Statistics.html b/public_html/id-ID/Site_Statistics.html
index 02caf19..bbbf9bd 100644
--- a/public_html/id-ID/Site_Statistics.html
+++ b/public_html/id-ID/Site_Statistics.html
@@ -28,7 +28,7 @@
<td>7</td>
<td>45</td>
<td>22</td>
- <td>166</td>
+ <td>167</td>
</tr>
<tr>
@@ -430,7 +430,7 @@
</table>
<div class="totals">
<b>Total Languages: </b>45<br />
- <b>Total Packages: </b>906
+ <b>Total Packages: </b>907
</div>
</body>
</html>
diff --git a/public_html/id-ID/opds-Community_Services_Infrastructure.xml b/public_html/id-ID/opds-Community_Services_Infrastructure.xml
index df7f0ea..c8ae650 100644
--- a/public_html/id-ID/opds-Community_Services_Infrastructure.xml
+++ b/public_html/id-ID/opds-Community_Services_Infrastructure.xml
@@ -6,7 +6,7 @@
<id>http://docs.fedoraproject.org/id-ID/opds-Community_Services_Infrastructure.xml</id>
<title>Community Services Infrastructure</title>
<subtitle>Community Services Infrastructure</subtitle>
- <updated>2014-07-14T17:17:11</updated>
+ <updated>2014-07-21T13:54:28</updated>
<!--author>
<name></name>
<uri></uri>
diff --git a/public_html/id-ID/opds-Fedora.xml b/public_html/id-ID/opds-Fedora.xml
index 9ca910d..96a501a 100644
--- a/public_html/id-ID/opds-Fedora.xml
+++ b/public_html/id-ID/opds-Fedora.xml
@@ -6,7 +6,7 @@
<id>http://docs.fedoraproject.org/id-ID/opds-Fedora.xml</id>
<title>Fedora</title>
<subtitle>Fedora</subtitle>
- <updated>2014-07-14T17:17:11</updated>
+ <updated>2014-07-21T13:54:28</updated>
<!--author>
<name></name>
<uri></uri>
diff --git a/public_html/id-ID/opds-Fedora_Contributor_Documentation.xml b/public_html/id-ID/opds-Fedora_Contributor_Documentation.xml
index 8ae1fef..3ccf67f 100644
--- a/public_html/id-ID/opds-Fedora_Contributor_Documentation.xml
+++ b/public_html/id-ID/opds-Fedora_Contributor_Documentation.xml
@@ -6,7 +6,7 @@
<id>http://docs.fedoraproject.org/id-ID/opds-Fedora_Contributor_Documentation.xml</id>
<title>Fedora Contributor Documentation</title>
<subtitle>Fedora Contributor Documentation</subtitle>
- <updated>2014-07-14T17:17:11</updated>
+ <updated>2014-07-21T13:54:28</updated>
<!--author>
<name></name>
<uri></uri>
diff --git a/public_html/id-ID/opds-Fedora_Core.xml b/public_html/id-ID/opds-Fedora_Core.xml
index a7f3fe6..7561049 100644
--- a/public_html/id-ID/opds-Fedora_Core.xml
+++ b/public_html/id-ID/opds-Fedora_Core.xml
@@ -6,7 +6,7 @@
<id>http://docs.fedoraproject.org/id-ID/opds-Fedora_Core.xml</id>
<title>Fedora Core</title>
<subtitle>Fedora Core</subtitle>
- <updated>2014-07-14T17:17:11</updated>
+ <updated>2014-07-21T13:54:28</updated>
<!--author>
<name></name>
<uri></uri>
diff --git a/public_html/id-ID/opds-Fedora_Documentation.xml b/public_html/id-ID/opds-Fedora_Documentation.xml
index 0384ad8..62fe3e7 100644
--- a/public_html/id-ID/opds-Fedora_Documentation.xml
+++ b/public_html/id-ID/opds-Fedora_Documentation.xml
@@ -6,7 +6,7 @@
<id>http://docs.fedoraproject.org/id-ID/opds-Fedora_Documentation.xml</id>
<title>Fedora Documentation</title>
<subtitle>Fedora Documentation</subtitle>
- <updated>2014-07-14T17:17:11</updated>
+ <updated>2014-07-21T13:54:28</updated>
<!--author>
<name></name>
<uri></uri>
diff --git a/public_html/id-ID/opds-Fedora_Draft_Documentation.xml b/public_html/id-ID/opds-Fedora_Draft_Documentation.xml
index 0d7a4b7..e1b121d 100644
--- a/public_html/id-ID/opds-Fedora_Draft_Documentation.xml
+++ b/public_html/id-ID/opds-Fedora_Draft_Documentation.xml
@@ -6,7 +6,7 @@
<id>http://docs.fedoraproject.org/id-ID/opds-Fedora_Draft_Documentation.xml</id>
<title>Fedora Draft Documentation</title>
<subtitle>Fedora Draft Documentation</subtitle>
- <updated>2014-07-14T17:17:11</updated>
+ <updated>2014-07-21T13:54:28</updated>
<!--author>
<name></name>
<uri></uri>
diff --git a/public_html/id-ID/opds-Fedora_Security_Team.xml b/public_html/id-ID/opds-Fedora_Security_Team.xml
index b71ab67..c404719 100644
--- a/public_html/id-ID/opds-Fedora_Security_Team.xml
+++ b/public_html/id-ID/opds-Fedora_Security_Team.xml
@@ -6,13 +6,31 @@
<id>http://docs.fedoraproject.org/id-ID/opds-Fedora_Security_Team.xml</id>
<title>Fedora Security Team</title>
<subtitle>Fedora Security Team</subtitle>
- <updated>2014-07-14T17:17:11</updated>
+ <updated>2014-07-21T13:54:28</updated>
<!--author>
<name></name>
<uri></uri>
</author-->
<entry>
+ <title>Defensive Coding</title>
+ <id>http://docs.fedoraproject.org/en-US/Fedora_Security_Team/1/epub/Defensive_Coding/Fedora_Security_Team-1-Defensive_Coding-en-US.epub</id>
+ <!--author>
+ <name></name>
+ <uri></uri>
+ </author-->
+ <updated>2014-07-21</updated>
+ <dc:language>id-ID</dc:language>
+ <category label="1" scheme="http://lexcycle.com/stanza/header" term="free"/>
+ <!--dc:issued></dc:issued-->
+ <summary>A Guide to Improving Software Security</summary>
+ <content type="text">This document provides guidelines for improving software security through secure coding. It covers common programming languages and libraries, and focuses on concrete recommendations.</content>
+ <link type="application/epub+zip" rel="http://opds-spec.org/acquisition" href="http://docs.fedoraproject.org/en-US/Fedora_Security_Team/1/epub/Defensive_Coding/Fedora_Security_Team-1-Defensive_Coding-en-US.epub">
+ <dc:format>application/epub+zip</dc:format>
+ </link>
+ <!--link type="application/atom+xml;type=entry" href="" rel="alternate" title="Full entry"/-->
+ </entry>
+ <entry>
<title>Secure Ruby Development Guide</title>
<id>http://docs.fedoraproject.org/en-US/Fedora_Security_Team/1/epub/Secure_Ruby_Development_Guide/Fedora_Security_Team-1-Secure_Ruby_Development_Guide-en-US.epub</id>
<!--author>
@@ -21,7 +39,7 @@
</author-->
<updated>2014-07-14</updated>
<dc:language>id-ID</dc:language>
- <category label="1" scheme="http://lexcycle.com/stanza/header" term="free"/>
+ <category label="" scheme="http://lexcycle.com/stanza/header" term="free"/>
<!--dc:issued></dc:issued-->
<summary>Guide to secure software development in Ruby</summary>
<content type="text">This guide covers security aspects of software development in Ruby.</content>
diff --git a/public_html/id-ID/opds.xml b/public_html/id-ID/opds.xml
index b5cbe7b..925d013 100644
--- a/public_html/id-ID/opds.xml
+++ b/public_html/id-ID/opds.xml
@@ -6,7 +6,7 @@
<link rel="http://opds-spec.org/crawlable" type="application/atom+xml" href="http://bookserver.archive.org/catalog/crawlable" title="Crawlable feed"/>
<id>http://docs.fedoraproject.org/id-ID/opds.xml</id>
<title>Product List</title>
- <updated>2014-07-14T17:17:11</updated>
+ <updated>2014-07-21T13:54:28</updated>
<!--author>
<name></name>
<uri></uri>
@@ -15,7 +15,7 @@
<entry>
<title>Community Services Infrastructure</title>
<id>http://docs.fedoraproject.org/id-ID/Community_Services_Infrastructure/opds-Community_Services_Infrastructure.xml</id>
- <updated>2014-07-14T17:17:11</updated>
+ <updated>2014-07-21T13:54:28</updated>
<dc:language>id-ID</dc:language>
<content type="text"></content>
<link type="application/atom+xml" href="opds-Community_Services_Infrastructure.xml"/>
@@ -23,7 +23,7 @@
<entry>
<title>Fedora</title>
<id>http://docs.fedoraproject.org/id-ID/Fedora/opds-Fedora.xml</id>
- <updated>2014-07-14T17:17:11</updated>
+ <updated>2014-07-21T13:54:28</updated>
<dc:language>id-ID</dc:language>
<content type="text"></content>
<link type="application/atom+xml" href="opds-Fedora.xml"/>
@@ -31,7 +31,7 @@
<entry>
<title>Fedora Contributor Documentation</title>
<id>http://docs.fedoraproject.org/id-ID/Fedora_Contributor_Documentation/opds-Fedora_Contributor_Documentation.xml</id>
- <updated>2014-07-14T17:17:11</updated>
+ <updated>2014-07-21T13:54:28</updated>
<dc:language>id-ID</dc:language>
<content type="text"></content>
<link type="application/atom+xml" href="opds-Fedora_Contributor_Documentation.xml"/>
@@ -39,7 +39,7 @@
<entry>
<title>Fedora Core</title>
<id>http://docs.fedoraproject.org/id-ID/Fedora_Core/opds-Fedora_Core.xml</id>
- <updated>2014-07-14T17:17:11</updated>
+ <updated>2014-07-21T13:54:28</updated>
<dc:language>id-ID</dc:language>
<content type="text"></content>
<link type="application/atom+xml" href="opds-Fedora_Core.xml"/>
@@ -47,7 +47,7 @@
<entry>
<title>Fedora Documentation</title>
<id>http://docs.fedoraproject.org/id-ID/Fedora_Documentation/opds-Fedora_Documentation.xml</id>
- <updated>2014-07-14T17:17:11</updated>
+ <updated>2014-07-21T13:54:28</updated>
<dc:language>id-ID</dc:language>
<content type="text"></content>
<link type="application/atom+xml" href="opds-Fedora_Documentation.xml"/>
@@ -55,7 +55,7 @@
<entry>
<title>Fedora Draft Documentation</title>
<id>http://docs.fedoraproject.org/id-ID/Fedora_Draft_Documentation/opds-Fedora_Draft_Documentation.xml</id>
- <updated>2014-07-14T17:17:11</updated>
+ <updated>2014-07-21T13:54:28</updated>
<dc:language>id-ID</dc:language>
<content type="text"></content>
<link type="application/atom+xml" href="opds-Fedora_Draft_Documentation.xml"/>
@@ -63,7 +63,7 @@
<entry>
<title>Fedora Security Team</title>
<id>http://docs.fedoraproject.org/id-ID/Fedora_Security_Team/opds-Fedora_Security_Team.xml</id>
- <updated>2014-07-14T17:17:11</updated>
+ <updated>2014-07-21T13:54:28</updated>
<dc:language>id-ID</dc:language>
<content type="text"></content>
<link type="application/atom+xml" href="opds-Fedora_Security_Team.xml"/>
diff --git a/public_html/id-ID/toc.html b/public_html/id-ID/toc.html
index 60af4ae..c4c0f07 100644
--- a/public_html/id-ID/toc.html
+++ b/public_html/id-ID/toc.html
@@ -1800,12 +1800,19 @@
<div class="product collapsed" onclick="toggle(event, 'Fedora_Security_Team');work=1;">
<span class="product">Fedora Security Team</span>
<div id='Fedora_Security_Team' class="versions hidden">
- <div id='Fedora_Security_Team.1' class="version collapsed" onclick="toggle(event, 'Fedora_Security_Team.1.books');">
- <span class="version">1</span>
- <div id='Fedora_Security_Team.1.books' class="books hidden">
+ <div id='Fedora_Security_Team.1' class="version collapsed" onclick="toggle(event, 'Fedora_Security_Team.1.books');"> <div id='Fedora_Security_Team.1.books' class="books">
<div id='Fedora_Security_Team.1' class="version collapsed untranslated" onclick="toggle(event, 'Fedora_Security_Team.1.untrans_books');">
<span class="version">Untranslated</span>
<div id='Fedora_Security_Team.1.untrans_books' class="books hidden">
+ <div id='Fedora_Security_Team.1.Defensive_Coding' class="book collapsed" onclick="toggle(event, 'Fedora_Security_Team.1.Defensive_Coding.types');">
+ <a class="type" href="../en-US/Fedora_Security_Team/1/html/Defensive_Coding/index.html" onclick="window.top.location='../en-US/Fedora_Security_Team/1/html/Defensive_Coding/index.html'"><span class="book">Defensive Coding</span></a>
+ <div id='Fedora_Security_Team.1.Defensive_Coding.types' class="types hidden" onclick="work=0;">
+ <a class="type" href="../en-US/./Fedora_Security_Team/1/epub/Defensive_Coding/Fedora_Security_Team-1-Defensive_Coding-en-US.epub" >epub</a>
+ <a class="type" href="../en-US/./Fedora_Security_Team/1/html/Defensive_Coding/index.html" onclick="window.top.location='../en-US/./Fedora_Security_Team/1/html/Defensive_Coding/index.html';return false;">html</a>
+ <a class="type" href="../en-US/./Fedora_Security_Team/1/html-single/Defensive_Coding/index.html" onclick="window.top.location='../en-US/./Fedora_Security_Team/1/html-single/Defensive_Coding/index.html';return false;">html-single</a>
+ <a class="type" href="../en-US/./Fedora_Security_Team/1/pdf/Defensive_Coding/Fedora_Security_Team-1-Defensive_Coding-en-US.pdf" onclick="window.top.location='../en-US/./Fedora_Security_Team/1/pdf/Defensive_Coding/Fedora_Security_Team-1-Defensive_Coding-en-US.pdf';return false;">pdf</a>
+ </div>
+ </div>
<div id='Fedora_Security_Team.1.Secure_Ruby_Development_Guide' class="book collapsed" onclick="toggle(event, 'Fedora_Security_Team.1.Secure_Ruby_Development_Guide.types');">
<a class="type" href="../en-US/Fedora_Security_Team/1/html/Secure_Ruby_Development_Guide/index.html" onclick="window.top.location='../en-US/Fedora_Security_Team/1/html/Secure_Ruby_Development_Guide/index.html'"><span class="book">Secure Ruby Development Guide</span></a>
<div id='Fedora_Security_Team.1.Secure_Ruby_Development_Guide.types' class="types hidden" onclick="work=0;">
diff --git a/public_html/it-IT/Site_Statistics.html b/public_html/it-IT/Site_Statistics.html
index 02caf19..bbbf9bd 100644
--- a/public_html/it-IT/Site_Statistics.html
+++ b/public_html/it-IT/Site_Statistics.html
@@ -28,7 +28,7 @@
<td>7</td>
<td>45</td>
<td>22</td>
- <td>166</td>
+ <td>167</td>
</tr>
<tr>
@@ -430,7 +430,7 @@
</table>
<div class="totals">
<b>Total Languages: </b>45<br />
- <b>Total Packages: </b>906
+ <b>Total Packages: </b>907
</div>
</body>
</html>
diff --git a/public_html/it-IT/opds-Community_Services_Infrastructure.xml b/public_html/it-IT/opds-Community_Services_Infrastructure.xml
index e16d586..ee06282 100644
--- a/public_html/it-IT/opds-Community_Services_Infrastructure.xml
+++ b/public_html/it-IT/opds-Community_Services_Infrastructure.xml
@@ -6,7 +6,7 @@
<id>http://docs.fedoraproject.org/it-IT/opds-Community_Services_Infrastructure.xml</id>
<title>Community Services Infrastructure</title>
<subtitle>Community Services Infrastructure</subtitle>
- <updated>2014-07-14T17:17:11</updated>
+ <updated>2014-07-21T13:54:28</updated>
<!--author>
<name></name>
<uri></uri>
diff --git a/public_html/it-IT/opds-Fedora.xml b/public_html/it-IT/opds-Fedora.xml
index c5a2b02..b4a9f42 100644
--- a/public_html/it-IT/opds-Fedora.xml
+++ b/public_html/it-IT/opds-Fedora.xml
@@ -6,7 +6,7 @@
<id>http://docs.fedoraproject.org/it-IT/opds-Fedora.xml</id>
<title>Fedora</title>
<subtitle>Fedora</subtitle>
- <updated>2014-07-14T17:17:11</updated>
+ <updated>2014-07-21T13:54:28</updated>
<!--author>
<name></name>
<uri></uri>
diff --git a/public_html/it-IT/opds-Fedora_Contributor_Documentation.xml b/public_html/it-IT/opds-Fedora_Contributor_Documentation.xml
index 08de994..65858e8 100644
--- a/public_html/it-IT/opds-Fedora_Contributor_Documentation.xml
+++ b/public_html/it-IT/opds-Fedora_Contributor_Documentation.xml
@@ -6,7 +6,7 @@
<id>http://docs.fedoraproject.org/it-IT/opds-Fedora_Contributor_Documentation.xml</id>
<title>Documentazione Collaboratori Fedora</title>
<subtitle>Documentazione Collaboratori Fedora</subtitle>
- <updated>2014-07-14T17:17:11</updated>
+ <updated>2014-07-21T13:54:28</updated>
<!--author>
<name></name>
<uri></uri>
diff --git a/public_html/it-IT/opds-Fedora_Core.xml b/public_html/it-IT/opds-Fedora_Core.xml
index 14804da..327fb2d 100644
--- a/public_html/it-IT/opds-Fedora_Core.xml
+++ b/public_html/it-IT/opds-Fedora_Core.xml
@@ -6,7 +6,7 @@
<id>http://docs.fedoraproject.org/it-IT/opds-Fedora_Core.xml</id>
<title>Fedora Core</title>
<subtitle>Fedora Core</subtitle>
- <updated>2014-07-14T17:17:11</updated>
+ <updated>2014-07-21T13:54:28</updated>
<!--author>
<name></name>
<uri></uri>
diff --git a/public_html/it-IT/opds-Fedora_Documentation.xml b/public_html/it-IT/opds-Fedora_Documentation.xml
index 7bc536f..4b4f744 100644
--- a/public_html/it-IT/opds-Fedora_Documentation.xml
+++ b/public_html/it-IT/opds-Fedora_Documentation.xml
@@ -6,7 +6,7 @@
<id>http://docs.fedoraproject.org/it-IT/opds-Fedora_Documentation.xml</id>
<title>Fedora Documentation</title>
<subtitle>Fedora Documentation</subtitle>
- <updated>2014-07-14T17:17:11</updated>
+ <updated>2014-07-21T13:54:28</updated>
<!--author>
<name></name>
<uri></uri>
diff --git a/public_html/it-IT/opds-Fedora_Draft_Documentation.xml b/public_html/it-IT/opds-Fedora_Draft_Documentation.xml
index 38da817..3727f87 100644
--- a/public_html/it-IT/opds-Fedora_Draft_Documentation.xml
+++ b/public_html/it-IT/opds-Fedora_Draft_Documentation.xml
@@ -6,7 +6,7 @@
<id>http://docs.fedoraproject.org/it-IT/opds-Fedora_Draft_Documentation.xml</id>
<title>Fedora Draft Documentation</title>
<subtitle>Fedora Draft Documentation</subtitle>
- <updated>2014-07-14T17:17:11</updated>
+ <updated>2014-07-21T13:54:28</updated>
<!--author>
<name></name>
<uri></uri>
diff --git a/public_html/it-IT/opds-Fedora_Security_Team.xml b/public_html/it-IT/opds-Fedora_Security_Team.xml
index 7aaac13..21f7473 100644
--- a/public_html/it-IT/opds-Fedora_Security_Team.xml
+++ b/public_html/it-IT/opds-Fedora_Security_Team.xml
@@ -6,13 +6,31 @@
<id>http://docs.fedoraproject.org/it-IT/opds-Fedora_Security_Team.xml</id>
<title>Fedora Security Team</title>
<subtitle>Fedora Security Team</subtitle>
- <updated>2014-07-14T17:17:11</updated>
+ <updated>2014-07-21T13:54:28</updated>
<!--author>
<name></name>
<uri></uri>
</author-->
<entry>
+ <title>Defensive Coding</title>
+ <id>http://docs.fedoraproject.org/en-US/Fedora_Security_Team/1/epub/Defensive_Coding/Fedora_Security_Team-1-Defensive_Coding-en-US.epub</id>
+ <!--author>
+ <name></name>
+ <uri></uri>
+ </author-->
+ <updated>2014-07-21</updated>
+ <dc:language>it-IT</dc:language>
+ <category label="1" scheme="http://lexcycle.com/stanza/header" term="free"/>
+ <!--dc:issued></dc:issued-->
+ <summary>A Guide to Improving Software Security</summary>
+ <content type="text">This document provides guidelines for improving software security through secure coding. It covers common programming languages and libraries, and focuses on concrete recommendations.</content>
+ <link type="application/epub+zip" rel="http://opds-spec.org/acquisition" href="http://docs.fedoraproject.org/en-US/Fedora_Security_Team/1/epub/Defensive_Coding/Fedora_Security_Team-1-Defensive_Coding-en-US.epub">
+ <dc:format>application/epub+zip</dc:format>
+ </link>
+ <!--link type="application/atom+xml;type=entry" href="" rel="alternate" title="Full entry"/-->
+ </entry>
+ <entry>
<title>Secure Ruby Development Guide</title>
<id>http://docs.fedoraproject.org/en-US/Fedora_Security_Team/1/epub/Secure_Ruby_Development_Guide/Fedora_Security_Team-1-Secure_Ruby_Development_Guide-en-US.epub</id>
<!--author>
@@ -21,7 +39,7 @@
</author-->
<updated>2014-07-14</updated>
<dc:language>it-IT</dc:language>
- <category label="1" scheme="http://lexcycle.com/stanza/header" term="free"/>
+ <category label="" scheme="http://lexcycle.com/stanza/header" term="free"/>
<!--dc:issued></dc:issued-->
<summary>Guide to secure software development in Ruby</summary>
<content type="text">This guide covers security aspects of software development in Ruby.</content>
diff --git a/public_html/it-IT/opds.xml b/public_html/it-IT/opds.xml
index 96e2990..ef7aa24 100644
--- a/public_html/it-IT/opds.xml
+++ b/public_html/it-IT/opds.xml
@@ -6,7 +6,7 @@
<link rel="http://opds-spec.org/crawlable" type="application/atom+xml" href="http://bookserver.archive.org/catalog/crawlable" title="Crawlable feed"/>
<id>http://docs.fedoraproject.org/it-IT/opds.xml</id>
<title>Product List</title>
- <updated>2014-07-14T17:17:11</updated>
+ <updated>2014-07-21T13:54:28</updated>
<!--author>
<name></name>
<uri></uri>
@@ -15,7 +15,7 @@
<entry>
<title>Community Services Infrastructure</title>
<id>http://docs.fedoraproject.org/it-IT/Community_Services_Infrastructure/opds-Community_Services_Infrastructure.xml</id>
- <updated>2014-07-14T17:17:11</updated>
+ <updated>2014-07-21T13:54:28</updated>
<dc:language>it-IT</dc:language>
<content type="text"></content>
<link type="application/atom+xml" href="opds-Community_Services_Infrastructure.xml"/>
@@ -23,7 +23,7 @@
<entry>
<title>Fedora</title>
<id>http://docs.fedoraproject.org/it-IT/Fedora/opds-Fedora.xml</id>
- <updated>2014-07-14T17:17:11</updated>
+ <updated>2014-07-21T13:54:28</updated>
<dc:language>it-IT</dc:language>
<content type="text"></content>
<link type="application/atom+xml" href="opds-Fedora.xml"/>
@@ -31,7 +31,7 @@
<entry>
<title>Documentazione Collaboratori Fedora</title>
<id>http://docs.fedoraproject.org/it-IT/Fedora_Contributor_Documentation/opds-Fedora_Contributor_Documentation.xml</id>
- <updated>2014-07-14T17:17:11</updated>
+ <updated>2014-07-21T13:54:28</updated>
<dc:language>it-IT</dc:language>
<content type="text"></content>
<link type="application/atom+xml" href="opds-Fedora_Contributor_Documentation.xml"/>
@@ -39,7 +39,7 @@
<entry>
<title>Fedora Core</title>
<id>http://docs.fedoraproject.org/it-IT/Fedora_Core/opds-Fedora_Core.xml</id>
- <updated>2014-07-14T17:17:11</updated>
+ <updated>2014-07-21T13:54:28</updated>
<dc:language>it-IT</dc:language>
<content type="text"></content>
<link type="application/atom+xml" href="opds-Fedora_Core.xml"/>
@@ -47,7 +47,7 @@
<entry>
<title>Fedora Documentation</title>
<id>http://docs.fedoraproject.org/it-IT/Fedora_Documentation/opds-Fedora_Documentation.xml</id>
- <updated>2014-07-14T17:17:11</updated>
+ <updated>2014-07-21T13:54:28</updated>
<dc:language>it-IT</dc:language>
<content type="text"></content>
<link type="application/atom+xml" href="opds-Fedora_Documentation.xml"/>
@@ -55,7 +55,7 @@
<entry>
<title>Fedora Draft Documentation</title>
<id>http://docs.fedoraproject.org/it-IT/Fedora_Draft_Documentation/opds-Fedora_Draft_Documentation.xml</id>
- <updated>2014-07-14T17:17:11</updated>
+ <updated>2014-07-21T13:54:28</updated>
<dc:language>it-IT</dc:language>
<content type="text"></content>
<link type="application/atom+xml" href="opds-Fedora_Draft_Documentation.xml"/>
@@ -63,7 +63,7 @@
<entry>
<title>Fedora Security Team</title>
<id>http://docs.fedoraproject.org/it-IT/Fedora_Security_Team/opds-Fedora_Security_Team.xml</id>
- <updated>2014-07-14T17:17:11</updated>
+ <updated>2014-07-21T13:54:28</updated>
<dc:language>it-IT</dc:language>
<content type="text"></content>
<link type="application/atom+xml" href="opds-Fedora_Security_Team.xml"/>
diff --git a/public_html/it-IT/toc.html b/public_html/it-IT/toc.html
index cc2b5cb..8276e6b 100644
--- a/public_html/it-IT/toc.html
+++ b/public_html/it-IT/toc.html
@@ -1988,12 +1988,19 @@
<div class="product collapsed" onclick="toggle(event, 'Fedora_Security_Team');work=1;">
<span class="product">Fedora Security Team</span>
<div id='Fedora_Security_Team' class="versions hidden">
- <div id='Fedora_Security_Team.1' class="version collapsed" onclick="toggle(event, 'Fedora_Security_Team.1.books');">
- <span class="version">1</span>
- <div id='Fedora_Security_Team.1.books' class="books hidden">
+ <div id='Fedora_Security_Team.1' class="version collapsed" onclick="toggle(event, 'Fedora_Security_Team.1.books');"> <div id='Fedora_Security_Team.1.books' class="books">
<div id='Fedora_Security_Team.1' class="version collapsed untranslated" onclick="toggle(event, 'Fedora_Security_Team.1.untrans_books');">
<span class="version">Untranslated</span>
<div id='Fedora_Security_Team.1.untrans_books' class="books hidden">
+ <div id='Fedora_Security_Team.1.Defensive_Coding' class="book collapsed" onclick="toggle(event, 'Fedora_Security_Team.1.Defensive_Coding.types');">
+ <a class="type" href="../en-US/Fedora_Security_Team/1/html/Defensive_Coding/index.html" onclick="window.top.location='../en-US/Fedora_Security_Team/1/html/Defensive_Coding/index.html'"><span class="book">Defensive Coding</span></a>
+ <div id='Fedora_Security_Team.1.Defensive_Coding.types' class="types hidden" onclick="work=0;">
+ <a class="type" href="../en-US/./Fedora_Security_Team/1/epub/Defensive_Coding/Fedora_Security_Team-1-Defensive_Coding-en-US.epub" >epub</a>
+ <a class="type" href="../en-US/./Fedora_Security_Team/1/html/Defensive_Coding/index.html" onclick="window.top.location='../en-US/./Fedora_Security_Team/1/html/Defensive_Coding/index.html';return false;">html</a>
+ <a class="type" href="../en-US/./Fedora_Security_Team/1/html-single/Defensive_Coding/index.html" onclick="window.top.location='../en-US/./Fedora_Security_Team/1/html-single/Defensive_Coding/index.html';return false;">html-single</a>
+ <a class="type" href="../en-US/./Fedora_Security_Team/1/pdf/Defensive_Coding/Fedora_Security_Team-1-Defensive_Coding-en-US.pdf" onclick="window.top.location='../en-US/./Fedora_Security_Team/1/pdf/Defensive_Coding/Fedora_Security_Team-1-Defensive_Coding-en-US.pdf';return false;">pdf</a>
+ </div>
+ </div>
<div id='Fedora_Security_Team.1.Secure_Ruby_Development_Guide' class="book collapsed" onclick="toggle(event, 'Fedora_Security_Team.1.Secure_Ruby_Development_Guide.types');">
<a class="type" href="../en-US/Fedora_Security_Team/1/html/Secure_Ruby_Development_Guide/index.html" onclick="window.top.location='../en-US/Fedora_Security_Team/1/html/Secure_Ruby_Development_Guide/index.html'"><span class="book">Secure Ruby Development Guide</span></a>
<div id='Fedora_Security_Team.1.Secure_Ruby_Development_Guide.types' class="types hidden" onclick="work=0;">
diff --git a/public_html/ja-JP/Site_Statistics.html b/public_html/ja-JP/Site_Statistics.html
index 3661855..3c58a5c 100644
--- a/public_html/ja-JP/Site_Statistics.html
+++ b/public_html/ja-JP/Site_Statistics.html
@@ -28,7 +28,7 @@
<td>7</td>
<td>45</td>
<td>22</td>
- <td>166</td>
+ <td>167</td>
</tr>
<tr>
@@ -430,7 +430,7 @@
</table>
<div class="totals">
<b>言語数の合計: </b>45<br />
- <b>パッケージ数の合計: </b>906
+ <b>パッケージ数の合計: </b>907
</div>
</body>
</html>
diff --git a/public_html/ja-JP/opds-Community_Services_Infrastructure.xml b/public_html/ja-JP/opds-Community_Services_Infrastructure.xml
index 17cc658..a8ed013 100644
--- a/public_html/ja-JP/opds-Community_Services_Infrastructure.xml
+++ b/public_html/ja-JP/opds-Community_Services_Infrastructure.xml
@@ -6,7 +6,7 @@
<id>http://docs.fedoraproject.org/ja-JP/opds-Community_Services_Infrastructure.xml</id>
<title>Community Services Infrastructure</title>
<subtitle>Community Services Infrastructure</subtitle>
- <updated>2014-07-14T17:17:12</updated>
+ <updated>2014-07-21T13:54:28</updated>
<!--author>
<name></name>
<uri></uri>
diff --git a/public_html/ja-JP/opds-Fedora.xml b/public_html/ja-JP/opds-Fedora.xml
index 7355768..305af10 100644
--- a/public_html/ja-JP/opds-Fedora.xml
+++ b/public_html/ja-JP/opds-Fedora.xml
@@ -6,7 +6,7 @@
<id>http://docs.fedoraproject.org/ja-JP/opds-Fedora.xml</id>
<title>Fedora</title>
<subtitle>Fedora</subtitle>
- <updated>2014-07-14T17:17:12</updated>
+ <updated>2014-07-21T13:54:28</updated>
<!--author>
<name></name>
<uri></uri>
diff --git a/public_html/ja-JP/opds-Fedora_Contributor_Documentation.xml b/public_html/ja-JP/opds-Fedora_Contributor_Documentation.xml
index 1712def..fbd6ef1 100644
--- a/public_html/ja-JP/opds-Fedora_Contributor_Documentation.xml
+++ b/public_html/ja-JP/opds-Fedora_Contributor_Documentation.xml
@@ -6,7 +6,7 @@
<id>http://docs.fedoraproject.org/ja-JP/opds-Fedora_Contributor_Documentation.xml</id>
<title>Fedora コントリビュータ用ドキュメント</title>
<subtitle>Fedora コントリビュータ用ドキュメント</subtitle>
- <updated>2014-07-14T17:17:12</updated>
+ <updated>2014-07-21T13:54:28</updated>
<!--author>
<name></name>
<uri></uri>
diff --git a/public_html/ja-JP/opds-Fedora_Core.xml b/public_html/ja-JP/opds-Fedora_Core.xml
index dbb1cad..a668c45 100644
--- a/public_html/ja-JP/opds-Fedora_Core.xml
+++ b/public_html/ja-JP/opds-Fedora_Core.xml
@@ -6,7 +6,7 @@
<id>http://docs.fedoraproject.org/ja-JP/opds-Fedora_Core.xml</id>
<title>Fedora Core</title>
<subtitle>Fedora Core</subtitle>
- <updated>2014-07-14T17:17:12</updated>
+ <updated>2014-07-21T13:54:28</updated>
<!--author>
<name></name>
<uri></uri>
diff --git a/public_html/ja-JP/opds-Fedora_Documentation.xml b/public_html/ja-JP/opds-Fedora_Documentation.xml
index 48adc9e..5e50914 100644
--- a/public_html/ja-JP/opds-Fedora_Documentation.xml
+++ b/public_html/ja-JP/opds-Fedora_Documentation.xml
@@ -6,7 +6,7 @@
<id>http://docs.fedoraproject.org/ja-JP/opds-Fedora_Documentation.xml</id>
<title>Fedora Documentation</title>
<subtitle>Fedora Documentation</subtitle>
- <updated>2014-07-14T17:17:12</updated>
+ <updated>2014-07-21T13:54:28</updated>
<!--author>
<name></name>
<uri></uri>
diff --git a/public_html/ja-JP/opds-Fedora_Draft_Documentation.xml b/public_html/ja-JP/opds-Fedora_Draft_Documentation.xml
index d19c3a8..84e0aa3 100644
--- a/public_html/ja-JP/opds-Fedora_Draft_Documentation.xml
+++ b/public_html/ja-JP/opds-Fedora_Draft_Documentation.xml
@@ -6,7 +6,7 @@
<id>http://docs.fedoraproject.org/ja-JP/opds-Fedora_Draft_Documentation.xml</id>
<title>Fedora Draft Documentation</title>
<subtitle>Fedora Draft Documentation</subtitle>
- <updated>2014-07-14T17:17:12</updated>
+ <updated>2014-07-21T13:54:28</updated>
<!--author>
<name></name>
<uri></uri>
diff --git a/public_html/ja-JP/opds-Fedora_Security_Team.xml b/public_html/ja-JP/opds-Fedora_Security_Team.xml
index d6f744b..7b27f2b 100644
--- a/public_html/ja-JP/opds-Fedora_Security_Team.xml
+++ b/public_html/ja-JP/opds-Fedora_Security_Team.xml
@@ -6,13 +6,31 @@
<id>http://docs.fedoraproject.org/ja-JP/opds-Fedora_Security_Team.xml</id>
<title>Fedora Security Team</title>
<subtitle>Fedora Security Team</subtitle>
- <updated>2014-07-14T17:17:12</updated>
+ <updated>2014-07-21T13:54:28</updated>
<!--author>
<name></name>
<uri></uri>
</author-->
<entry>
+ <title>Defensive Coding</title>
+ <id>http://docs.fedoraproject.org/en-US/Fedora_Security_Team/1/epub/Defensive_Coding/Fedora_Security_Team-1-Defensive_Coding-en-US.epub</id>
+ <!--author>
+ <name></name>
+ <uri></uri>
+ </author-->
+ <updated>2014-07-21</updated>
+ <dc:language>ja-JP</dc:language>
+ <category label="1" scheme="http://lexcycle.com/stanza/header" term="free"/>
+ <!--dc:issued></dc:issued-->
+ <summary>A Guide to Improving Software Security</summary>
+ <content type="text">This document provides guidelines for improving software security through secure coding. It covers common programming languages and libraries, and focuses on concrete recommendations.</content>
+ <link type="application/epub+zip" rel="http://opds-spec.org/acquisition" href="http://docs.fedoraproject.org/en-US/Fedora_Security_Team/1/epub/Defensive_Coding/Fedora_Security_Team-1-Defensive_Coding-en-US.epub">
+ <dc:format>application/epub+zip</dc:format>
+ </link>
+ <!--link type="application/atom+xml;type=entry" href="" rel="alternate" title="Full entry"/-->
+ </entry>
+ <entry>
<title>Secure Ruby Development Guide</title>
<id>http://docs.fedoraproject.org/en-US/Fedora_Security_Team/1/epub/Secure_Ruby_Development_Guide/Fedora_Security_Team-1-Secure_Ruby_Development_Guide-en-US.epub</id>
<!--author>
@@ -21,7 +39,7 @@
</author-->
<updated>2014-07-14</updated>
<dc:language>ja-JP</dc:language>
- <category label="1" scheme="http://lexcycle.com/stanza/header" term="free"/>
+ <category label="" scheme="http://lexcycle.com/stanza/header" term="free"/>
<!--dc:issued></dc:issued-->
<summary>Guide to secure software development in Ruby</summary>
<content type="text">This guide covers security aspects of software development in Ruby.</content>
diff --git a/public_html/ja-JP/opds.xml b/public_html/ja-JP/opds.xml
index 07d3328..56e6d1a 100644
--- a/public_html/ja-JP/opds.xml
+++ b/public_html/ja-JP/opds.xml
@@ -6,7 +6,7 @@
<link rel="http://opds-spec.org/crawlable" type="application/atom+xml" href="http://bookserver.archive.org/catalog/crawlable" title="Crawlable feed"/>
<id>http://docs.fedoraproject.org/ja-JP/opds.xml</id>
<title>Product List</title>
- <updated>2014-07-14T17:17:12</updated>
+ <updated>2014-07-21T13:54:28</updated>
<!--author>
<name></name>
<uri></uri>
@@ -15,7 +15,7 @@
<entry>
<title>Community Services Infrastructure</title>
<id>http://docs.fedoraproject.org/ja-JP/Community_Services_Infrastructure/opds-Community_Services_Infrastructure.xml</id>
- <updated>2014-07-14T17:17:12</updated>
+ <updated>2014-07-21T13:54:28</updated>
<dc:language>ja-JP</dc:language>
<content type="text"></content>
<link type="application/atom+xml" href="opds-Community_Services_Infrastructure.xml"/>
@@ -23,7 +23,7 @@
<entry>
<title>Fedora</title>
<id>http://docs.fedoraproject.org/ja-JP/Fedora/opds-Fedora.xml</id>
- <updated>2014-07-14T17:17:12</updated>
+ <updated>2014-07-21T13:54:28</updated>
<dc:language>ja-JP</dc:language>
<content type="text"></content>
<link type="application/atom+xml" href="opds-Fedora.xml"/>
@@ -31,7 +31,7 @@
<entry>
<title>Fedora コントリビュータ用ドキュメント</title>
<id>http://docs.fedoraproject.org/ja-JP/Fedora_Contributor_Documentation/opds-Fedora_Contributor_Documentation.xml</id>
- <updated>2014-07-14T17:17:12</updated>
+ <updated>2014-07-21T13:54:28</updated>
<dc:language>ja-JP</dc:language>
<content type="text"></content>
<link type="application/atom+xml" href="opds-Fedora_Contributor_Documentation.xml"/>
@@ -39,7 +39,7 @@
<entry>
<title>Fedora Core</title>
<id>http://docs.fedoraproject.org/ja-JP/Fedora_Core/opds-Fedora_Core.xml</id>
- <updated>2014-07-14T17:17:12</updated>
+ <updated>2014-07-21T13:54:28</updated>
<dc:language>ja-JP</dc:language>
<content type="text"></content>
<link type="application/atom+xml" href="opds-Fedora_Core.xml"/>
@@ -47,7 +47,7 @@
<entry>
<title>Fedora Documentation</title>
<id>http://docs.fedoraproject.org/ja-JP/Fedora_Documentation/opds-Fedora_Documentation.xml</id>
- <updated>2014-07-14T17:17:12</updated>
+ <updated>2014-07-21T13:54:28</updated>
<dc:language>ja-JP</dc:language>
<content type="text"></content>
<link type="application/atom+xml" href="opds-Fedora_Documentation.xml"/>
@@ -55,7 +55,7 @@
<entry>
<title>Fedora Draft Documentation</title>
<id>http://docs.fedoraproject.org/ja-JP/Fedora_Draft_Documentation/opds-Fedora_Draft_Documentation.xml</id>
- <updated>2014-07-14T17:17:12</updated>
+ <updated>2014-07-21T13:54:28</updated>
<dc:language>ja-JP</dc:language>
<content type="text"></content>
<link type="application/atom+xml" href="opds-Fedora_Draft_Documentation.xml"/>
@@ -63,7 +63,7 @@
<entry>
<title>Fedora Security Team</title>
<id>http://docs.fedoraproject.org/ja-JP/Fedora_Security_Team/opds-Fedora_Security_Team.xml</id>
- <updated>2014-07-14T17:17:12</updated>
+ <updated>2014-07-21T13:54:28</updated>
<dc:language>ja-JP</dc:language>
<content type="text"></content>
<link type="application/atom+xml" href="opds-Fedora_Security_Team.xml"/>
diff --git a/public_html/ja-JP/toc.html b/public_html/ja-JP/toc.html
index 6209b7c..bfd8b99 100644
--- a/public_html/ja-JP/toc.html
+++ b/public_html/ja-JP/toc.html
@@ -1830,12 +1830,19 @@
<div class="product collapsed" onclick="toggle(event, 'Fedora_Security_Team');work=1;">
<span class="product">Fedora Security Team</span>
<div id='Fedora_Security_Team' class="versions hidden">
- <div id='Fedora_Security_Team.1' class="version collapsed" onclick="toggle(event, 'Fedora_Security_Team.1.books');">
- <span class="version">1</span>
- <div id='Fedora_Security_Team.1.books' class="books hidden">
+ <div id='Fedora_Security_Team.1' class="version collapsed" onclick="toggle(event, 'Fedora_Security_Team.1.books');"> <div id='Fedora_Security_Team.1.books' class="books">
<div id='Fedora_Security_Team.1' class="version collapsed untranslated" onclick="toggle(event, 'Fedora_Security_Team.1.untrans_books');">
<span class="version">未翻訳</span>
<div id='Fedora_Security_Team.1.untrans_books' class="books hidden">
+ <div id='Fedora_Security_Team.1.Defensive_Coding' class="book collapsed" onclick="toggle(event, 'Fedora_Security_Team.1.Defensive_Coding.types');">
+ <a class="type" href="../en-US/Fedora_Security_Team/1/html/Defensive_Coding/index.html" onclick="window.top.location='../en-US/Fedora_Security_Team/1/html/Defensive_Coding/index.html'"><span class="book">Defensive Coding</span></a>
+ <div id='Fedora_Security_Team.1.Defensive_Coding.types' class="types hidden" onclick="work=0;">
+ <a class="type" href="../en-US/./Fedora_Security_Team/1/epub/Defensive_Coding/Fedora_Security_Team-1-Defensive_Coding-en-US.epub" >epub</a>
+ <a class="type" href="../en-US/./Fedora_Security_Team/1/html/Defensive_Coding/index.html" onclick="window.top.location='../en-US/./Fedora_Security_Team/1/html/Defensive_Coding/index.html';return false;">html</a>
+ <a class="type" href="../en-US/./Fedora_Security_Team/1/html-single/Defensive_Coding/index.html" onclick="window.top.location='../en-US/./Fedora_Security_Team/1/html-single/Defensive_Coding/index.html';return false;">html-single</a>
+ <a class="type" href="../en-US/./Fedora_Security_Team/1/pdf/Defensive_Coding/Fedora_Security_Team-1-Defensive_Coding-en-US.pdf" onclick="window.top.location='../en-US/./Fedora_Security_Team/1/pdf/Defensive_Coding/Fedora_Security_Team-1-Defensive_Coding-en-US.pdf';return false;">pdf</a>
+ </div>
+ </div>
<div id='Fedora_Security_Team.1.Secure_Ruby_Development_Guide' class="book collapsed" onclick="toggle(event, 'Fedora_Security_Team.1.Secure_Ruby_Development_Guide.types');">
<a class="type" href="../en-US/Fedora_Security_Team/1/html/Secure_Ruby_Development_Guide/index.html" onclick="window.top.location='../en-US/Fedora_Security_Team/1/html/Secure_Ruby_Development_Guide/index.html'"><span class="book">Secure Ruby Development Guide</span></a>
<div id='Fedora_Security_Team.1.Secure_Ruby_Development_Guide.types' class="types hidden" onclick="work=0;">
diff --git a/public_html/kn-IN/Site_Statistics.html b/public_html/kn-IN/Site_Statistics.html
index 02caf19..bbbf9bd 100644
--- a/public_html/kn-IN/Site_Statistics.html
+++ b/public_html/kn-IN/Site_Statistics.html
@@ -28,7 +28,7 @@
<td>7</td>
<td>45</td>
<td>22</td>
- <td>166</td>
+ <td>167</td>
</tr>
<tr>
@@ -430,7 +430,7 @@
</table>
<div class="totals">
<b>Total Languages: </b>45<br />
- <b>Total Packages: </b>906
+ <b>Total Packages: </b>907
</div>
</body>
</html>
diff --git a/public_html/kn-IN/opds-Community_Services_Infrastructure.xml b/public_html/kn-IN/opds-Community_Services_Infrastructure.xml
index 7f8251d..f0a9b73 100644
--- a/public_html/kn-IN/opds-Community_Services_Infrastructure.xml
+++ b/public_html/kn-IN/opds-Community_Services_Infrastructure.xml
@@ -6,7 +6,7 @@
<id>http://docs.fedoraproject.org/kn-IN/opds-Community_Services_Infrastructure.xml</id>
<title>Community Services Infrastructure</title>
<subtitle>Community Services Infrastructure</subtitle>
- <updated>2014-07-14T17:17:12</updated>
+ <updated>2014-07-21T13:54:28</updated>
<!--author>
<name></name>
<uri></uri>
diff --git a/public_html/kn-IN/opds-Fedora.xml b/public_html/kn-IN/opds-Fedora.xml
index 280a8e4..41acaed 100644
--- a/public_html/kn-IN/opds-Fedora.xml
+++ b/public_html/kn-IN/opds-Fedora.xml
@@ -6,7 +6,7 @@
<id>http://docs.fedoraproject.org/kn-IN/opds-Fedora.xml</id>
<title>Fedora</title>
<subtitle>Fedora</subtitle>
- <updated>2014-07-14T17:17:12</updated>
+ <updated>2014-07-21T13:54:28</updated>
<!--author>
<name></name>
<uri></uri>
diff --git a/public_html/kn-IN/opds-Fedora_Contributor_Documentation.xml b/public_html/kn-IN/opds-Fedora_Contributor_Documentation.xml
index 9fc939f..a1499ab 100644
--- a/public_html/kn-IN/opds-Fedora_Contributor_Documentation.xml
+++ b/public_html/kn-IN/opds-Fedora_Contributor_Documentation.xml
@@ -6,7 +6,7 @@
<id>http://docs.fedoraproject.org/kn-IN/opds-Fedora_Contributor_Documentation.xml</id>
<title>Fedora Contributor Documentation</title>
<subtitle>Fedora Contributor Documentation</subtitle>
- <updated>2014-07-14T17:17:12</updated>
+ <updated>2014-07-21T13:54:28</updated>
<!--author>
<name></name>
<uri></uri>
diff --git a/public_html/kn-IN/opds-Fedora_Core.xml b/public_html/kn-IN/opds-Fedora_Core.xml
index 9476791..dc9bf54 100644
--- a/public_html/kn-IN/opds-Fedora_Core.xml
+++ b/public_html/kn-IN/opds-Fedora_Core.xml
@@ -6,7 +6,7 @@
<id>http://docs.fedoraproject.org/kn-IN/opds-Fedora_Core.xml</id>
<title>Fedora Core</title>
<subtitle>Fedora Core</subtitle>
- <updated>2014-07-14T17:17:12</updated>
+ <updated>2014-07-21T13:54:28</updated>
<!--author>
<name></name>
<uri></uri>
diff --git a/public_html/kn-IN/opds-Fedora_Documentation.xml b/public_html/kn-IN/opds-Fedora_Documentation.xml
index 04e9fb9..c21c707 100644
--- a/public_html/kn-IN/opds-Fedora_Documentation.xml
+++ b/public_html/kn-IN/opds-Fedora_Documentation.xml
@@ -6,7 +6,7 @@
<id>http://docs.fedoraproject.org/kn-IN/opds-Fedora_Documentation.xml</id>
<title>Fedora Documentation</title>
<subtitle>Fedora Documentation</subtitle>
- <updated>2014-07-14T17:17:12</updated>
+ <updated>2014-07-21T13:54:28</updated>
<!--author>
<name></name>
<uri></uri>
diff --git a/public_html/kn-IN/opds-Fedora_Draft_Documentation.xml b/public_html/kn-IN/opds-Fedora_Draft_Documentation.xml
index 7d08358..483438f 100644
--- a/public_html/kn-IN/opds-Fedora_Draft_Documentation.xml
+++ b/public_html/kn-IN/opds-Fedora_Draft_Documentation.xml
@@ -6,7 +6,7 @@
<id>http://docs.fedoraproject.org/kn-IN/opds-Fedora_Draft_Documentation.xml</id>
<title>Fedora Draft Documentation</title>
<subtitle>Fedora Draft Documentation</subtitle>
- <updated>2014-07-14T17:17:12</updated>
+ <updated>2014-07-21T13:54:28</updated>
<!--author>
<name></name>
<uri></uri>
diff --git a/public_html/kn-IN/opds-Fedora_Security_Team.xml b/public_html/kn-IN/opds-Fedora_Security_Team.xml
index 84a3b5a..5666c29 100644
--- a/public_html/kn-IN/opds-Fedora_Security_Team.xml
+++ b/public_html/kn-IN/opds-Fedora_Security_Team.xml
@@ -6,13 +6,31 @@
<id>http://docs.fedoraproject.org/kn-IN/opds-Fedora_Security_Team.xml</id>
<title>Fedora Security Team</title>
<subtitle>Fedora Security Team</subtitle>
- <updated>2014-07-14T17:17:12</updated>
+ <updated>2014-07-21T13:54:28</updated>
<!--author>
<name></name>
<uri></uri>
</author-->
<entry>
+ <title>Defensive Coding</title>
+ <id>http://docs.fedoraproject.org/en-US/Fedora_Security_Team/1/epub/Defensive_Coding/Fedora_Security_Team-1-Defensive_Coding-en-US.epub</id>
+ <!--author>
+ <name></name>
+ <uri></uri>
+ </author-->
+ <updated>2014-07-21</updated>
+ <dc:language>kn-IN</dc:language>
+ <category label="1" scheme="http://lexcycle.com/stanza/header" term="free"/>
+ <!--dc:issued></dc:issued-->
+ <summary>A Guide to Improving Software Security</summary>
+ <content type="text">This document provides guidelines for improving software security through secure coding. It covers common programming languages and libraries, and focuses on concrete recommendations.</content>
+ <link type="application/epub+zip" rel="http://opds-spec.org/acquisition" href="http://docs.fedoraproject.org/en-US/Fedora_Security_Team/1/epub/Defensive_Coding/Fedora_Security_Team-1-Defensive_Coding-en-US.epub">
+ <dc:format>application/epub+zip</dc:format>
+ </link>
+ <!--link type="application/atom+xml;type=entry" href="" rel="alternate" title="Full entry"/-->
+ </entry>
+ <entry>
<title>Secure Ruby Development Guide</title>
<id>http://docs.fedoraproject.org/en-US/Fedora_Security_Team/1/epub/Secure_Ruby_Development_Guide/Fedora_Security_Team-1-Secure_Ruby_Development_Guide-en-US.epub</id>
<!--author>
@@ -21,7 +39,7 @@
</author-->
<updated>2014-07-14</updated>
<dc:language>kn-IN</dc:language>
- <category label="1" scheme="http://lexcycle.com/stanza/header" term="free"/>
+ <category label="" scheme="http://lexcycle.com/stanza/header" term="free"/>
<!--dc:issued></dc:issued-->
<summary>Guide to secure software development in Ruby</summary>
<content type="text">This guide covers security aspects of software development in Ruby.</content>
diff --git a/public_html/kn-IN/opds.xml b/public_html/kn-IN/opds.xml
index 7b8afd9..c9eb072 100644
--- a/public_html/kn-IN/opds.xml
+++ b/public_html/kn-IN/opds.xml
@@ -6,7 +6,7 @@
<link rel="http://opds-spec.org/crawlable" type="application/atom+xml" href="http://bookserver.archive.org/catalog/crawlable" title="Crawlable feed"/>
<id>http://docs.fedoraproject.org/kn-IN/opds.xml</id>
<title>Product List</title>
- <updated>2014-07-14T17:17:12</updated>
+ <updated>2014-07-21T13:54:28</updated>
<!--author>
<name></name>
<uri></uri>
@@ -15,7 +15,7 @@
<entry>
<title>Community Services Infrastructure</title>
<id>http://docs.fedoraproject.org/kn-IN/Community_Services_Infrastructure/opds-Community_Services_Infrastructure.xml</id>
- <updated>2014-07-14T17:17:12</updated>
+ <updated>2014-07-21T13:54:28</updated>
<dc:language>kn-IN</dc:language>
<content type="text"></content>
<link type="application/atom+xml" href="opds-Community_Services_Infrastructure.xml"/>
@@ -23,7 +23,7 @@
<entry>
<title>Fedora</title>
<id>http://docs.fedoraproject.org/kn-IN/Fedora/opds-Fedora.xml</id>
- <updated>2014-07-14T17:17:12</updated>
+ <updated>2014-07-21T13:54:28</updated>
<dc:language>kn-IN</dc:language>
<content type="text"></content>
<link type="application/atom+xml" href="opds-Fedora.xml"/>
@@ -31,7 +31,7 @@
<entry>
<title>Fedora Contributor Documentation</title>
<id>http://docs.fedoraproject.org/kn-IN/Fedora_Contributor_Documentation/opds-Fedora_Contributor_Documentation.xml</id>
- <updated>2014-07-14T17:17:12</updated>
+ <updated>2014-07-21T13:54:28</updated>
<dc:language>kn-IN</dc:language>
<content type="text"></content>
<link type="application/atom+xml" href="opds-Fedora_Contributor_Documentation.xml"/>
@@ -39,7 +39,7 @@
<entry>
<title>Fedora Core</title>
<id>http://docs.fedoraproject.org/kn-IN/Fedora_Core/opds-Fedora_Core.xml</id>
- <updated>2014-07-14T17:17:12</updated>
+ <updated>2014-07-21T13:54:28</updated>
<dc:language>kn-IN</dc:language>
<content type="text"></content>
<link type="application/atom+xml" href="opds-Fedora_Core.xml"/>
@@ -47,7 +47,7 @@
<entry>
<title>Fedora Documentation</title>
<id>http://docs.fedoraproject.org/kn-IN/Fedora_Documentation/opds-Fedora_Documentation.xml</id>
- <updated>2014-07-14T17:17:12</updated>
+ <updated>2014-07-21T13:54:28</updated>
<dc:language>kn-IN</dc:language>
<content type="text"></content>
<link type="application/atom+xml" href="opds-Fedora_Documentation.xml"/>
@@ -55,7 +55,7 @@
<entry>
<title>Fedora Draft Documentation</title>
<id>http://docs.fedoraproject.org/kn-IN/Fedora_Draft_Documentation/opds-Fedora_Draft_Documentation.xml</id>
- <updated>2014-07-14T17:17:12</updated>
+ <updated>2014-07-21T13:54:28</updated>
<dc:language>kn-IN</dc:language>
<content type="text"></content>
<link type="application/atom+xml" href="opds-Fedora_Draft_Documentation.xml"/>
@@ -63,7 +63,7 @@
<entry>
<title>Fedora Security Team</title>
<id>http://docs.fedoraproject.org/kn-IN/Fedora_Security_Team/opds-Fedora_Security_Team.xml</id>
- <updated>2014-07-14T17:17:12</updated>
+ <updated>2014-07-21T13:54:28</updated>
<dc:language>kn-IN</dc:language>
<content type="text"></content>
<link type="application/atom+xml" href="opds-Fedora_Security_Team.xml"/>
diff --git a/public_html/kn-IN/toc.html b/public_html/kn-IN/toc.html
index 94b8a8b..42112bd 100644
--- a/public_html/kn-IN/toc.html
+++ b/public_html/kn-IN/toc.html
@@ -1800,12 +1800,19 @@
<div class="product collapsed" onclick="toggle(event, 'Fedora_Security_Team');work=1;">
<span class="product">Fedora Security Team</span>
<div id='Fedora_Security_Team' class="versions hidden">
- <div id='Fedora_Security_Team.1' class="version collapsed" onclick="toggle(event, 'Fedora_Security_Team.1.books');">
- <span class="version">1</span>
- <div id='Fedora_Security_Team.1.books' class="books hidden">
+ <div id='Fedora_Security_Team.1' class="version collapsed" onclick="toggle(event, 'Fedora_Security_Team.1.books');"> <div id='Fedora_Security_Team.1.books' class="books">
<div id='Fedora_Security_Team.1' class="version collapsed untranslated" onclick="toggle(event, 'Fedora_Security_Team.1.untrans_books');">
<span class="version">Untranslated</span>
<div id='Fedora_Security_Team.1.untrans_books' class="books hidden">
+ <div id='Fedora_Security_Team.1.Defensive_Coding' class="book collapsed" onclick="toggle(event, 'Fedora_Security_Team.1.Defensive_Coding.types');">
+ <a class="type" href="../en-US/Fedora_Security_Team/1/html/Defensive_Coding/index.html" onclick="window.top.location='../en-US/Fedora_Security_Team/1/html/Defensive_Coding/index.html'"><span class="book">Defensive Coding</span></a>
+ <div id='Fedora_Security_Team.1.Defensive_Coding.types' class="types hidden" onclick="work=0;">
+ <a class="type" href="../en-US/./Fedora_Security_Team/1/epub/Defensive_Coding/Fedora_Security_Team-1-Defensive_Coding-en-US.epub" >epub</a>
+ <a class="type" href="../en-US/./Fedora_Security_Team/1/html/Defensive_Coding/index.html" onclick="window.top.location='../en-US/./Fedora_Security_Team/1/html/Defensive_Coding/index.html';return false;">html</a>
+ <a class="type" href="../en-US/./Fedora_Security_Team/1/html-single/Defensive_Coding/index.html" onclick="window.top.location='../en-US/./Fedora_Security_Team/1/html-single/Defensive_Coding/index.html';return false;">html-single</a>
+ <a class="type" href="../en-US/./Fedora_Security_Team/1/pdf/Defensive_Coding/Fedora_Security_Team-1-Defensive_Coding-en-US.pdf" onclick="window.top.location='../en-US/./Fedora_Security_Team/1/pdf/Defensive_Coding/Fedora_Security_Team-1-Defensive_Coding-en-US.pdf';return false;">pdf</a>
+ </div>
+ </div>
<div id='Fedora_Security_Team.1.Secure_Ruby_Development_Guide' class="book collapsed" onclick="toggle(event, 'Fedora_Security_Team.1.Secure_Ruby_Development_Guide.types');">
<a class="type" href="../en-US/Fedora_Security_Team/1/html/Secure_Ruby_Development_Guide/index.html" onclick="window.top.location='../en-US/Fedora_Security_Team/1/html/Secure_Ruby_Development_Guide/index.html'"><span class="book">Secure Ruby Development Guide</span></a>
<div id='Fedora_Security_Team.1.Secure_Ruby_Development_Guide.types' class="types hidden" onclick="work=0;">
diff --git a/public_html/ko-KR/Site_Statistics.html b/public_html/ko-KR/Site_Statistics.html
index 02caf19..bbbf9bd 100644
--- a/public_html/ko-KR/Site_Statistics.html
+++ b/public_html/ko-KR/Site_Statistics.html
@@ -28,7 +28,7 @@
<td>7</td>
<td>45</td>
<td>22</td>
- <td>166</td>
+ <td>167</td>
</tr>
<tr>
@@ -430,7 +430,7 @@
</table>
<div class="totals">
<b>Total Languages: </b>45<br />
- <b>Total Packages: </b>906
+ <b>Total Packages: </b>907
</div>
</body>
</html>
diff --git a/public_html/ko-KR/opds-Community_Services_Infrastructure.xml b/public_html/ko-KR/opds-Community_Services_Infrastructure.xml
index 59c9123..456c6d0 100644
--- a/public_html/ko-KR/opds-Community_Services_Infrastructure.xml
+++ b/public_html/ko-KR/opds-Community_Services_Infrastructure.xml
@@ -6,7 +6,7 @@
<id>http://docs.fedoraproject.org/ko-KR/opds-Community_Services_Infrastructure.xml</id>
<title>Community Services Infrastructure</title>
<subtitle>Community Services Infrastructure</subtitle>
- <updated>2014-07-14T17:17:12</updated>
+ <updated>2014-07-21T13:54:28</updated>
<!--author>
<name></name>
<uri></uri>
diff --git a/public_html/ko-KR/opds-Fedora.xml b/public_html/ko-KR/opds-Fedora.xml
index 7f5e393..35ea901 100644
--- a/public_html/ko-KR/opds-Fedora.xml
+++ b/public_html/ko-KR/opds-Fedora.xml
@@ -6,7 +6,7 @@
<id>http://docs.fedoraproject.org/ko-KR/opds-Fedora.xml</id>
<title>Fedora</title>
<subtitle>Fedora</subtitle>
- <updated>2014-07-14T17:17:12</updated>
+ <updated>2014-07-21T13:54:28</updated>
<!--author>
<name></name>
<uri></uri>
diff --git a/public_html/ko-KR/opds-Fedora_Contributor_Documentation.xml b/public_html/ko-KR/opds-Fedora_Contributor_Documentation.xml
index c6628b3..831fee2 100644
--- a/public_html/ko-KR/opds-Fedora_Contributor_Documentation.xml
+++ b/public_html/ko-KR/opds-Fedora_Contributor_Documentation.xml
@@ -6,7 +6,7 @@
<id>http://docs.fedoraproject.org/ko-KR/opds-Fedora_Contributor_Documentation.xml</id>
<title>Fedora Contributor Documentation</title>
<subtitle>Fedora Contributor Documentation</subtitle>
- <updated>2014-07-14T17:17:12</updated>
+ <updated>2014-07-21T13:54:28</updated>
<!--author>
<name></name>
<uri></uri>
diff --git a/public_html/ko-KR/opds-Fedora_Core.xml b/public_html/ko-KR/opds-Fedora_Core.xml
index 708b01c..af2cd93 100644
--- a/public_html/ko-KR/opds-Fedora_Core.xml
+++ b/public_html/ko-KR/opds-Fedora_Core.xml
@@ -6,7 +6,7 @@
<id>http://docs.fedoraproject.org/ko-KR/opds-Fedora_Core.xml</id>
<title>Fedora Core</title>
<subtitle>Fedora Core</subtitle>
- <updated>2014-07-14T17:17:12</updated>
+ <updated>2014-07-21T13:54:28</updated>
<!--author>
<name></name>
<uri></uri>
diff --git a/public_html/ko-KR/opds-Fedora_Documentation.xml b/public_html/ko-KR/opds-Fedora_Documentation.xml
index 718d16a..8dbe3a0 100644
--- a/public_html/ko-KR/opds-Fedora_Documentation.xml
+++ b/public_html/ko-KR/opds-Fedora_Documentation.xml
@@ -6,7 +6,7 @@
<id>http://docs.fedoraproject.org/ko-KR/opds-Fedora_Documentation.xml</id>
<title>Fedora Documentation</title>
<subtitle>Fedora Documentation</subtitle>
- <updated>2014-07-14T17:17:12</updated>
+ <updated>2014-07-21T13:54:28</updated>
<!--author>
<name></name>
<uri></uri>
diff --git a/public_html/ko-KR/opds-Fedora_Draft_Documentation.xml b/public_html/ko-KR/opds-Fedora_Draft_Documentation.xml
index 57b0ed5..3d47e44 100644
--- a/public_html/ko-KR/opds-Fedora_Draft_Documentation.xml
+++ b/public_html/ko-KR/opds-Fedora_Draft_Documentation.xml
@@ -6,7 +6,7 @@
<id>http://docs.fedoraproject.org/ko-KR/opds-Fedora_Draft_Documentation.xml</id>
<title>Fedora Draft Documentation</title>
<subtitle>Fedora Draft Documentation</subtitle>
- <updated>2014-07-14T17:17:12</updated>
+ <updated>2014-07-21T13:54:28</updated>
<!--author>
<name></name>
<uri></uri>
diff --git a/public_html/ko-KR/opds-Fedora_Security_Team.xml b/public_html/ko-KR/opds-Fedora_Security_Team.xml
index 19cb2a9..9bc59f9 100644
--- a/public_html/ko-KR/opds-Fedora_Security_Team.xml
+++ b/public_html/ko-KR/opds-Fedora_Security_Team.xml
@@ -6,13 +6,31 @@
<id>http://docs.fedoraproject.org/ko-KR/opds-Fedora_Security_Team.xml</id>
<title>Fedora Security Team</title>
<subtitle>Fedora Security Team</subtitle>
- <updated>2014-07-14T17:17:12</updated>
+ <updated>2014-07-21T13:54:28</updated>
<!--author>
<name></name>
<uri></uri>
</author-->
<entry>
+ <title>Defensive Coding</title>
+ <id>http://docs.fedoraproject.org/en-US/Fedora_Security_Team/1/epub/Defensive_Coding/Fedora_Security_Team-1-Defensive_Coding-en-US.epub</id>
+ <!--author>
+ <name></name>
+ <uri></uri>
+ </author-->
+ <updated>2014-07-21</updated>
+ <dc:language>ko-KR</dc:language>
+ <category label="1" scheme="http://lexcycle.com/stanza/header" term="free"/>
+ <!--dc:issued></dc:issued-->
+ <summary>A Guide to Improving Software Security</summary>
+ <content type="text">This document provides guidelines for improving software security through secure coding. It covers common programming languages and libraries, and focuses on concrete recommendations.</content>
+ <link type="application/epub+zip" rel="http://opds-spec.org/acquisition" href="http://docs.fedoraproject.org/en-US/Fedora_Security_Team/1/epub/Defensive_Coding/Fedora_Security_Team-1-Defensive_Coding-en-US.epub">
+ <dc:format>application/epub+zip</dc:format>
+ </link>
+ <!--link type="application/atom+xml;type=entry" href="" rel="alternate" title="Full entry"/-->
+ </entry>
+ <entry>
<title>Secure Ruby Development Guide</title>
<id>http://docs.fedoraproject.org/en-US/Fedora_Security_Team/1/epub/Secure_Ruby_Development_Guide/Fedora_Security_Team-1-Secure_Ruby_Development_Guide-en-US.epub</id>
<!--author>
@@ -21,7 +39,7 @@
</author-->
<updated>2014-07-14</updated>
<dc:language>ko-KR</dc:language>
- <category label="1" scheme="http://lexcycle.com/stanza/header" term="free"/>
+ <category label="" scheme="http://lexcycle.com/stanza/header" term="free"/>
<!--dc:issued></dc:issued-->
<summary>Guide to secure software development in Ruby</summary>
<content type="text">This guide covers security aspects of software development in Ruby.</content>
diff --git a/public_html/ko-KR/opds.xml b/public_html/ko-KR/opds.xml
index c866e35..9722b20 100644
--- a/public_html/ko-KR/opds.xml
+++ b/public_html/ko-KR/opds.xml
@@ -6,7 +6,7 @@
<link rel="http://opds-spec.org/crawlable" type="application/atom+xml" href="http://bookserver.archive.org/catalog/crawlable" title="Crawlable feed"/>
<id>http://docs.fedoraproject.org/ko-KR/opds.xml</id>
<title>Product List</title>
- <updated>2014-07-14T17:17:12</updated>
+ <updated>2014-07-21T13:54:29</updated>
<!--author>
<name></name>
<uri></uri>
@@ -15,7 +15,7 @@
<entry>
<title>Community Services Infrastructure</title>
<id>http://docs.fedoraproject.org/ko-KR/Community_Services_Infrastructure/opds-Community_Services_Infrastructure.xml</id>
- <updated>2014-07-14T17:17:12</updated>
+ <updated>2014-07-21T13:54:28</updated>
<dc:language>ko-KR</dc:language>
<content type="text"></content>
<link type="application/atom+xml" href="opds-Community_Services_Infrastructure.xml"/>
@@ -23,7 +23,7 @@
<entry>
<title>Fedora</title>
<id>http://docs.fedoraproject.org/ko-KR/Fedora/opds-Fedora.xml</id>
- <updated>2014-07-14T17:17:12</updated>
+ <updated>2014-07-21T13:54:28</updated>
<dc:language>ko-KR</dc:language>
<content type="text"></content>
<link type="application/atom+xml" href="opds-Fedora.xml"/>
@@ -31,7 +31,7 @@
<entry>
<title>Fedora Contributor Documentation</title>
<id>http://docs.fedoraproject.org/ko-KR/Fedora_Contributor_Documentation/opds-Fedora_Contributor_Documentation.xml</id>
- <updated>2014-07-14T17:17:12</updated>
+ <updated>2014-07-21T13:54:28</updated>
<dc:language>ko-KR</dc:language>
<content type="text"></content>
<link type="application/atom+xml" href="opds-Fedora_Contributor_Documentation.xml"/>
@@ -39,7 +39,7 @@
<entry>
<title>Fedora Core</title>
<id>http://docs.fedoraproject.org/ko-KR/Fedora_Core/opds-Fedora_Core.xml</id>
- <updated>2014-07-14T17:17:12</updated>
+ <updated>2014-07-21T13:54:28</updated>
<dc:language>ko-KR</dc:language>
<content type="text"></content>
<link type="application/atom+xml" href="opds-Fedora_Core.xml"/>
@@ -47,7 +47,7 @@
<entry>
<title>Fedora Documentation</title>
<id>http://docs.fedoraproject.org/ko-KR/Fedora_Documentation/opds-Fedora_Documentation.xml</id>
- <updated>2014-07-14T17:17:12</updated>
+ <updated>2014-07-21T13:54:28</updated>
<dc:language>ko-KR</dc:language>
<content type="text"></content>
<link type="application/atom+xml" href="opds-Fedora_Documentation.xml"/>
@@ -55,7 +55,7 @@
<entry>
<title>Fedora Draft Documentation</title>
<id>http://docs.fedoraproject.org/ko-KR/Fedora_Draft_Documentation/opds-Fedora_Draft_Documentation.xml</id>
- <updated>2014-07-14T17:17:12</updated>
+ <updated>2014-07-21T13:54:28</updated>
<dc:language>ko-KR</dc:language>
<content type="text"></content>
<link type="application/atom+xml" href="opds-Fedora_Draft_Documentation.xml"/>
@@ -63,7 +63,7 @@
<entry>
<title>Fedora Security Team</title>
<id>http://docs.fedoraproject.org/ko-KR/Fedora_Security_Team/opds-Fedora_Security_Team.xml</id>
- <updated>2014-07-14T17:17:12</updated>
+ <updated>2014-07-21T13:54:28</updated>
<dc:language>ko-KR</dc:language>
<content type="text"></content>
<link type="application/atom+xml" href="opds-Fedora_Security_Team.xml"/>
diff --git a/public_html/ko-KR/toc.html b/public_html/ko-KR/toc.html
index 2db3474..c596ad8 100644
--- a/public_html/ko-KR/toc.html
+++ b/public_html/ko-KR/toc.html
@@ -1800,12 +1800,19 @@
<div class="product collapsed" onclick="toggle(event, 'Fedora_Security_Team');work=1;">
<span class="product">Fedora Security Team</span>
<div id='Fedora_Security_Team' class="versions hidden">
- <div id='Fedora_Security_Team.1' class="version collapsed" onclick="toggle(event, 'Fedora_Security_Team.1.books');">
- <span class="version">1</span>
- <div id='Fedora_Security_Team.1.books' class="books hidden">
+ <div id='Fedora_Security_Team.1' class="version collapsed" onclick="toggle(event, 'Fedora_Security_Team.1.books');"> <div id='Fedora_Security_Team.1.books' class="books">
<div id='Fedora_Security_Team.1' class="version collapsed untranslated" onclick="toggle(event, 'Fedora_Security_Team.1.untrans_books');">
<span class="version">Untranslated</span>
<div id='Fedora_Security_Team.1.untrans_books' class="books hidden">
+ <div id='Fedora_Security_Team.1.Defensive_Coding' class="book collapsed" onclick="toggle(event, 'Fedora_Security_Team.1.Defensive_Coding.types');">
+ <a class="type" href="../en-US/Fedora_Security_Team/1/html/Defensive_Coding/index.html" onclick="window.top.location='../en-US/Fedora_Security_Team/1/html/Defensive_Coding/index.html'"><span class="book">Defensive Coding</span></a>
+ <div id='Fedora_Security_Team.1.Defensive_Coding.types' class="types hidden" onclick="work=0;">
+ <a class="type" href="../en-US/./Fedora_Security_Team/1/epub/Defensive_Coding/Fedora_Security_Team-1-Defensive_Coding-en-US.epub" >epub</a>
+ <a class="type" href="../en-US/./Fedora_Security_Team/1/html/Defensive_Coding/index.html" onclick="window.top.location='../en-US/./Fedora_Security_Team/1/html/Defensive_Coding/index.html';return false;">html</a>
+ <a class="type" href="../en-US/./Fedora_Security_Team/1/html-single/Defensive_Coding/index.html" onclick="window.top.location='../en-US/./Fedora_Security_Team/1/html-single/Defensive_Coding/index.html';return false;">html-single</a>
+ <a class="type" href="../en-US/./Fedora_Security_Team/1/pdf/Defensive_Coding/Fedora_Security_Team-1-Defensive_Coding-en-US.pdf" onclick="window.top.location='../en-US/./Fedora_Security_Team/1/pdf/Defensive_Coding/Fedora_Security_Team-1-Defensive_Coding-en-US.pdf';return false;">pdf</a>
+ </div>
+ </div>
<div id='Fedora_Security_Team.1.Secure_Ruby_Development_Guide' class="book collapsed" onclick="toggle(event, 'Fedora_Security_Team.1.Secure_Ruby_Development_Guide.types');">
<a class="type" href="../en-US/Fedora_Security_Team/1/html/Secure_Ruby_Development_Guide/index.html" onclick="window.top.location='../en-US/Fedora_Security_Team/1/html/Secure_Ruby_Development_Guide/index.html'"><span class="book">Secure Ruby Development Guide</span></a>
<div id='Fedora_Security_Team.1.Secure_Ruby_Development_Guide.types' class="types hidden" onclick="work=0;">
diff --git a/public_html/lt-LT/Site_Statistics.html b/public_html/lt-LT/Site_Statistics.html
index 02caf19..bbbf9bd 100644
--- a/public_html/lt-LT/Site_Statistics.html
+++ b/public_html/lt-LT/Site_Statistics.html
@@ -28,7 +28,7 @@
<td>7</td>
<td>45</td>
<td>22</td>
- <td>166</td>
+ <td>167</td>
</tr>
<tr>
@@ -430,7 +430,7 @@
</table>
<div class="totals">
<b>Total Languages: </b>45<br />
- <b>Total Packages: </b>906
+ <b>Total Packages: </b>907
</div>
</body>
</html>
diff --git a/public_html/lt-LT/opds-Community_Services_Infrastructure.xml b/public_html/lt-LT/opds-Community_Services_Infrastructure.xml
index f1d093f..742da89 100644
--- a/public_html/lt-LT/opds-Community_Services_Infrastructure.xml
+++ b/public_html/lt-LT/opds-Community_Services_Infrastructure.xml
@@ -6,7 +6,7 @@
<id>http://docs.fedoraproject.org/lt-LT/opds-Community_Services_Infrastructure.xml</id>
<title>Community Services Infrastructure</title>
<subtitle>Community Services Infrastructure</subtitle>
- <updated>2014-07-14T17:17:12</updated>
+ <updated>2014-07-21T13:54:29</updated>
<!--author>
<name></name>
<uri></uri>
diff --git a/public_html/lt-LT/opds-Fedora.xml b/public_html/lt-LT/opds-Fedora.xml
index c9c7ddb..8105402 100644
--- a/public_html/lt-LT/opds-Fedora.xml
+++ b/public_html/lt-LT/opds-Fedora.xml
@@ -6,7 +6,7 @@
<id>http://docs.fedoraproject.org/lt-LT/opds-Fedora.xml</id>
<title>Fedora</title>
<subtitle>Fedora</subtitle>
- <updated>2014-07-14T17:17:12</updated>
+ <updated>2014-07-21T13:54:29</updated>
<!--author>
<name></name>
<uri></uri>
diff --git a/public_html/lt-LT/opds-Fedora_Contributor_Documentation.xml b/public_html/lt-LT/opds-Fedora_Contributor_Documentation.xml
index c461dfb..4f07bc3 100644
--- a/public_html/lt-LT/opds-Fedora_Contributor_Documentation.xml
+++ b/public_html/lt-LT/opds-Fedora_Contributor_Documentation.xml
@@ -6,7 +6,7 @@
<id>http://docs.fedoraproject.org/lt-LT/opds-Fedora_Contributor_Documentation.xml</id>
<title>Fedora Contributor Documentation</title>
<subtitle>Fedora Contributor Documentation</subtitle>
- <updated>2014-07-14T17:17:12</updated>
+ <updated>2014-07-21T13:54:29</updated>
<!--author>
<name></name>
<uri></uri>
diff --git a/public_html/lt-LT/opds-Fedora_Core.xml b/public_html/lt-LT/opds-Fedora_Core.xml
index 0dc86ac..4748c00 100644
--- a/public_html/lt-LT/opds-Fedora_Core.xml
+++ b/public_html/lt-LT/opds-Fedora_Core.xml
@@ -6,7 +6,7 @@
<id>http://docs.fedoraproject.org/lt-LT/opds-Fedora_Core.xml</id>
<title>Fedora Core</title>
<subtitle>Fedora Core</subtitle>
- <updated>2014-07-14T17:17:12</updated>
+ <updated>2014-07-21T13:54:29</updated>
<!--author>
<name></name>
<uri></uri>
diff --git a/public_html/lt-LT/opds-Fedora_Documentation.xml b/public_html/lt-LT/opds-Fedora_Documentation.xml
index bf1489d..ed9b7ef 100644
--- a/public_html/lt-LT/opds-Fedora_Documentation.xml
+++ b/public_html/lt-LT/opds-Fedora_Documentation.xml
@@ -6,7 +6,7 @@
<id>http://docs.fedoraproject.org/lt-LT/opds-Fedora_Documentation.xml</id>
<title>Fedora Documentation</title>
<subtitle>Fedora Documentation</subtitle>
- <updated>2014-07-14T17:17:12</updated>
+ <updated>2014-07-21T13:54:29</updated>
<!--author>
<name></name>
<uri></uri>
diff --git a/public_html/lt-LT/opds-Fedora_Draft_Documentation.xml b/public_html/lt-LT/opds-Fedora_Draft_Documentation.xml
index e709345..9313c2e 100644
--- a/public_html/lt-LT/opds-Fedora_Draft_Documentation.xml
+++ b/public_html/lt-LT/opds-Fedora_Draft_Documentation.xml
@@ -6,7 +6,7 @@
<id>http://docs.fedoraproject.org/lt-LT/opds-Fedora_Draft_Documentation.xml</id>
<title>Fedora Draft Documentation</title>
<subtitle>Fedora Draft Documentation</subtitle>
- <updated>2014-07-14T17:17:12</updated>
+ <updated>2014-07-21T13:54:29</updated>
<!--author>
<name></name>
<uri></uri>
diff --git a/public_html/lt-LT/opds-Fedora_Security_Team.xml b/public_html/lt-LT/opds-Fedora_Security_Team.xml
index 6151062..bc052fd 100644
--- a/public_html/lt-LT/opds-Fedora_Security_Team.xml
+++ b/public_html/lt-LT/opds-Fedora_Security_Team.xml
@@ -6,13 +6,31 @@
<id>http://docs.fedoraproject.org/lt-LT/opds-Fedora_Security_Team.xml</id>
<title>Fedora Security Team</title>
<subtitle>Fedora Security Team</subtitle>
- <updated>2014-07-14T17:17:12</updated>
+ <updated>2014-07-21T13:54:29</updated>
<!--author>
<name></name>
<uri></uri>
</author-->
<entry>
+ <title>Defensive Coding</title>
+ <id>http://docs.fedoraproject.org/en-US/Fedora_Security_Team/1/epub/Defensive_Coding/Fedora_Security_Team-1-Defensive_Coding-en-US.epub</id>
+ <!--author>
+ <name></name>
+ <uri></uri>
+ </author-->
+ <updated>2014-07-21</updated>
+ <dc:language>lt-LT</dc:language>
+ <category label="1" scheme="http://lexcycle.com/stanza/header" term="free"/>
+ <!--dc:issued></dc:issued-->
+ <summary>A Guide to Improving Software Security</summary>
+ <content type="text">This document provides guidelines for improving software security through secure coding. It covers common programming languages and libraries, and focuses on concrete recommendations.</content>
+ <link type="application/epub+zip" rel="http://opds-spec.org/acquisition" href="http://docs.fedoraproject.org/en-US/Fedora_Security_Team/1/epub/Defensive_Coding/Fedora_Security_Team-1-Defensive_Coding-en-US.epub">
+ <dc:format>application/epub+zip</dc:format>
+ </link>
+ <!--link type="application/atom+xml;type=entry" href="" rel="alternate" title="Full entry"/-->
+ </entry>
+ <entry>
<title>Secure Ruby Development Guide</title>
<id>http://docs.fedoraproject.org/en-US/Fedora_Security_Team/1/epub/Secure_Ruby_Development_Guide/Fedora_Security_Team-1-Secure_Ruby_Development_Guide-en-US.epub</id>
<!--author>
@@ -21,7 +39,7 @@
</author-->
<updated>2014-07-14</updated>
<dc:language>lt-LT</dc:language>
- <category label="1" scheme="http://lexcycle.com/stanza/header" term="free"/>
+ <category label="" scheme="http://lexcycle.com/stanza/header" term="free"/>
<!--dc:issued></dc:issued-->
<summary>Guide to secure software development in Ruby</summary>
<content type="text">This guide covers security aspects of software development in Ruby.</content>
diff --git a/public_html/lt-LT/opds.xml b/public_html/lt-LT/opds.xml
index f4266a4..19de3ad 100644
--- a/public_html/lt-LT/opds.xml
+++ b/public_html/lt-LT/opds.xml
@@ -6,7 +6,7 @@
<link rel="http://opds-spec.org/crawlable" type="application/atom+xml" href="http://bookserver.archive.org/catalog/crawlable" title="Crawlable feed"/>
<id>http://docs.fedoraproject.org/lt-LT/opds.xml</id>
<title>Product List</title>
- <updated>2014-07-14T17:17:12</updated>
+ <updated>2014-07-21T13:54:29</updated>
<!--author>
<name></name>
<uri></uri>
@@ -15,7 +15,7 @@
<entry>
<title>Community Services Infrastructure</title>
<id>http://docs.fedoraproject.org/lt-LT/Community_Services_Infrastructure/opds-Community_Services_Infrastructure.xml</id>
- <updated>2014-07-14T17:17:12</updated>
+ <updated>2014-07-21T13:54:29</updated>
<dc:language>lt-LT</dc:language>
<content type="text"></content>
<link type="application/atom+xml" href="opds-Community_Services_Infrastructure.xml"/>
@@ -23,7 +23,7 @@
<entry>
<title>Fedora</title>
<id>http://docs.fedoraproject.org/lt-LT/Fedora/opds-Fedora.xml</id>
- <updated>2014-07-14T17:17:12</updated>
+ <updated>2014-07-21T13:54:29</updated>
<dc:language>lt-LT</dc:language>
<content type="text"></content>
<link type="application/atom+xml" href="opds-Fedora.xml"/>
@@ -31,7 +31,7 @@
<entry>
<title>Fedora Contributor Documentation</title>
<id>http://docs.fedoraproject.org/lt-LT/Fedora_Contributor_Documentation/opds-Fedora_Contributor_Documentation.xml</id>
- <updated>2014-07-14T17:17:12</updated>
+ <updated>2014-07-21T13:54:29</updated>
<dc:language>lt-LT</dc:language>
<content type="text"></content>
<link type="application/atom+xml" href="opds-Fedora_Contributor_Documentation.xml"/>
@@ -39,7 +39,7 @@
<entry>
<title>Fedora Core</title>
<id>http://docs.fedoraproject.org/lt-LT/Fedora_Core/opds-Fedora_Core.xml</id>
- <updated>2014-07-14T17:17:12</updated>
+ <updated>2014-07-21T13:54:29</updated>
<dc:language>lt-LT</dc:language>
<content type="text"></content>
<link type="application/atom+xml" href="opds-Fedora_Core.xml"/>
@@ -47,7 +47,7 @@
<entry>
<title>Fedora Documentation</title>
<id>http://docs.fedoraproject.org/lt-LT/Fedora_Documentation/opds-Fedora_Documentation.xml</id>
- <updated>2014-07-14T17:17:12</updated>
+ <updated>2014-07-21T13:54:29</updated>
<dc:language>lt-LT</dc:language>
<content type="text"></content>
<link type="application/atom+xml" href="opds-Fedora_Documentation.xml"/>
@@ -55,7 +55,7 @@
<entry>
<title>Fedora Draft Documentation</title>
<id>http://docs.fedoraproject.org/lt-LT/Fedora_Draft_Documentation/opds-Fedora_Draft_Documentation.xml</id>
- <updated>2014-07-14T17:17:12</updated>
+ <updated>2014-07-21T13:54:29</updated>
<dc:language>lt-LT</dc:language>
<content type="text"></content>
<link type="application/atom+xml" href="opds-Fedora_Draft_Documentation.xml"/>
@@ -63,7 +63,7 @@
<entry>
<title>Fedora Security Team</title>
<id>http://docs.fedoraproject.org/lt-LT/Fedora_Security_Team/opds-Fedora_Security_Team.xml</id>
- <updated>2014-07-14T17:17:12</updated>
+ <updated>2014-07-21T13:54:29</updated>
<dc:language>lt-LT</dc:language>
<content type="text"></content>
<link type="application/atom+xml" href="opds-Fedora_Security_Team.xml"/>
diff --git a/public_html/lt-LT/toc.html b/public_html/lt-LT/toc.html
index fda56ec..364323e 100644
--- a/public_html/lt-LT/toc.html
+++ b/public_html/lt-LT/toc.html
@@ -1800,12 +1800,19 @@
<div class="product collapsed" onclick="toggle(event, 'Fedora_Security_Team');work=1;">
<span class="product">Fedora Security Team</span>
<div id='Fedora_Security_Team' class="versions hidden">
- <div id='Fedora_Security_Team.1' class="version collapsed" onclick="toggle(event, 'Fedora_Security_Team.1.books');">
- <span class="version">1</span>
- <div id='Fedora_Security_Team.1.books' class="books hidden">
+ <div id='Fedora_Security_Team.1' class="version collapsed" onclick="toggle(event, 'Fedora_Security_Team.1.books');"> <div id='Fedora_Security_Team.1.books' class="books">
<div id='Fedora_Security_Team.1' class="version collapsed untranslated" onclick="toggle(event, 'Fedora_Security_Team.1.untrans_books');">
<span class="version">Untranslated</span>
<div id='Fedora_Security_Team.1.untrans_books' class="books hidden">
+ <div id='Fedora_Security_Team.1.Defensive_Coding' class="book collapsed" onclick="toggle(event, 'Fedora_Security_Team.1.Defensive_Coding.types');">
+ <a class="type" href="../en-US/Fedora_Security_Team/1/html/Defensive_Coding/index.html" onclick="window.top.location='../en-US/Fedora_Security_Team/1/html/Defensive_Coding/index.html'"><span class="book">Defensive Coding</span></a>
+ <div id='Fedora_Security_Team.1.Defensive_Coding.types' class="types hidden" onclick="work=0;">
+ <a class="type" href="../en-US/./Fedora_Security_Team/1/epub/Defensive_Coding/Fedora_Security_Team-1-Defensive_Coding-en-US.epub" >epub</a>
+ <a class="type" href="../en-US/./Fedora_Security_Team/1/html/Defensive_Coding/index.html" onclick="window.top.location='../en-US/./Fedora_Security_Team/1/html/Defensive_Coding/index.html';return false;">html</a>
+ <a class="type" href="../en-US/./Fedora_Security_Team/1/html-single/Defensive_Coding/index.html" onclick="window.top.location='../en-US/./Fedora_Security_Team/1/html-single/Defensive_Coding/index.html';return false;">html-single</a>
+ <a class="type" href="../en-US/./Fedora_Security_Team/1/pdf/Defensive_Coding/Fedora_Security_Team-1-Defensive_Coding-en-US.pdf" onclick="window.top.location='../en-US/./Fedora_Security_Team/1/pdf/Defensive_Coding/Fedora_Security_Team-1-Defensive_Coding-en-US.pdf';return false;">pdf</a>
+ </div>
+ </div>
<div id='Fedora_Security_Team.1.Secure_Ruby_Development_Guide' class="book collapsed" onclick="toggle(event, 'Fedora_Security_Team.1.Secure_Ruby_Development_Guide.types');">
<a class="type" href="../en-US/Fedora_Security_Team/1/html/Secure_Ruby_Development_Guide/index.html" onclick="window.top.location='../en-US/Fedora_Security_Team/1/html/Secure_Ruby_Development_Guide/index.html'"><span class="book">Secure Ruby Development Guide</span></a>
<div id='Fedora_Security_Team.1.Secure_Ruby_Development_Guide.types' class="types hidden" onclick="work=0;">
diff --git a/public_html/ml-IN/Site_Statistics.html b/public_html/ml-IN/Site_Statistics.html
index 02caf19..bbbf9bd 100644
--- a/public_html/ml-IN/Site_Statistics.html
+++ b/public_html/ml-IN/Site_Statistics.html
@@ -28,7 +28,7 @@
<td>7</td>
<td>45</td>
<td>22</td>
- <td>166</td>
+ <td>167</td>
</tr>
<tr>
@@ -430,7 +430,7 @@
</table>
<div class="totals">
<b>Total Languages: </b>45<br />
- <b>Total Packages: </b>906
+ <b>Total Packages: </b>907
</div>
</body>
</html>
diff --git a/public_html/ml-IN/opds-Community_Services_Infrastructure.xml b/public_html/ml-IN/opds-Community_Services_Infrastructure.xml
index 538a310..a6c7d73 100644
--- a/public_html/ml-IN/opds-Community_Services_Infrastructure.xml
+++ b/public_html/ml-IN/opds-Community_Services_Infrastructure.xml
@@ -6,7 +6,7 @@
<id>http://docs.fedoraproject.org/ml-IN/opds-Community_Services_Infrastructure.xml</id>
<title>Community Services Infrastructure</title>
<subtitle>Community Services Infrastructure</subtitle>
- <updated>2014-07-14T17:17:12</updated>
+ <updated>2014-07-21T13:54:29</updated>
<!--author>
<name></name>
<uri></uri>
diff --git a/public_html/ml-IN/opds-Fedora.xml b/public_html/ml-IN/opds-Fedora.xml
index cacbbe8..3f293f9 100644
--- a/public_html/ml-IN/opds-Fedora.xml
+++ b/public_html/ml-IN/opds-Fedora.xml
@@ -6,7 +6,7 @@
<id>http://docs.fedoraproject.org/ml-IN/opds-Fedora.xml</id>
<title>Fedora</title>
<subtitle>Fedora</subtitle>
- <updated>2014-07-14T17:17:12</updated>
+ <updated>2014-07-21T13:54:29</updated>
<!--author>
<name></name>
<uri></uri>
diff --git a/public_html/ml-IN/opds-Fedora_Contributor_Documentation.xml b/public_html/ml-IN/opds-Fedora_Contributor_Documentation.xml
index ba2d6a0..27f8b8a 100644
--- a/public_html/ml-IN/opds-Fedora_Contributor_Documentation.xml
+++ b/public_html/ml-IN/opds-Fedora_Contributor_Documentation.xml
@@ -6,7 +6,7 @@
<id>http://docs.fedoraproject.org/ml-IN/opds-Fedora_Contributor_Documentation.xml</id>
<title>Fedora Contributor Documentation</title>
<subtitle>Fedora Contributor Documentation</subtitle>
- <updated>2014-07-14T17:17:12</updated>
+ <updated>2014-07-21T13:54:29</updated>
<!--author>
<name></name>
<uri></uri>
diff --git a/public_html/ml-IN/opds-Fedora_Core.xml b/public_html/ml-IN/opds-Fedora_Core.xml
index 6442a63..0dd0fc3 100644
--- a/public_html/ml-IN/opds-Fedora_Core.xml
+++ b/public_html/ml-IN/opds-Fedora_Core.xml
@@ -6,7 +6,7 @@
<id>http://docs.fedoraproject.org/ml-IN/opds-Fedora_Core.xml</id>
<title>Fedora Core</title>
<subtitle>Fedora Core</subtitle>
- <updated>2014-07-14T17:17:12</updated>
+ <updated>2014-07-21T13:54:29</updated>
<!--author>
<name></name>
<uri></uri>
diff --git a/public_html/ml-IN/opds-Fedora_Documentation.xml b/public_html/ml-IN/opds-Fedora_Documentation.xml
index 6ce982c..58ab729 100644
--- a/public_html/ml-IN/opds-Fedora_Documentation.xml
+++ b/public_html/ml-IN/opds-Fedora_Documentation.xml
@@ -6,7 +6,7 @@
<id>http://docs.fedoraproject.org/ml-IN/opds-Fedora_Documentation.xml</id>
<title>Fedora Documentation</title>
<subtitle>Fedora Documentation</subtitle>
- <updated>2014-07-14T17:17:12</updated>
+ <updated>2014-07-21T13:54:29</updated>
<!--author>
<name></name>
<uri></uri>
diff --git a/public_html/ml-IN/opds-Fedora_Draft_Documentation.xml b/public_html/ml-IN/opds-Fedora_Draft_Documentation.xml
index 4505073..ed7cb8f 100644
--- a/public_html/ml-IN/opds-Fedora_Draft_Documentation.xml
+++ b/public_html/ml-IN/opds-Fedora_Draft_Documentation.xml
@@ -6,7 +6,7 @@
<id>http://docs.fedoraproject.org/ml-IN/opds-Fedora_Draft_Documentation.xml</id>
<title>Fedora Draft Documentation</title>
<subtitle>Fedora Draft Documentation</subtitle>
- <updated>2014-07-14T17:17:12</updated>
+ <updated>2014-07-21T13:54:29</updated>
<!--author>
<name></name>
<uri></uri>
diff --git a/public_html/ml-IN/opds-Fedora_Security_Team.xml b/public_html/ml-IN/opds-Fedora_Security_Team.xml
index 06840f5..6241e9d 100644
--- a/public_html/ml-IN/opds-Fedora_Security_Team.xml
+++ b/public_html/ml-IN/opds-Fedora_Security_Team.xml
@@ -6,13 +6,31 @@
<id>http://docs.fedoraproject.org/ml-IN/opds-Fedora_Security_Team.xml</id>
<title>Fedora Security Team</title>
<subtitle>Fedora Security Team</subtitle>
- <updated>2014-07-14T17:17:12</updated>
+ <updated>2014-07-21T13:54:29</updated>
<!--author>
<name></name>
<uri></uri>
</author-->
<entry>
+ <title>Defensive Coding</title>
+ <id>http://docs.fedoraproject.org/en-US/Fedora_Security_Team/1/epub/Defensive_Coding/Fedora_Security_Team-1-Defensive_Coding-en-US.epub</id>
+ <!--author>
+ <name></name>
+ <uri></uri>
+ </author-->
+ <updated>2014-07-21</updated>
+ <dc:language>ml-IN</dc:language>
+ <category label="1" scheme="http://lexcycle.com/stanza/header" term="free"/>
+ <!--dc:issued></dc:issued-->
+ <summary>A Guide to Improving Software Security</summary>
+ <content type="text">This document provides guidelines for improving software security through secure coding. It covers common programming languages and libraries, and focuses on concrete recommendations.</content>
+ <link type="application/epub+zip" rel="http://opds-spec.org/acquisition" href="http://docs.fedoraproject.org/en-US/Fedora_Security_Team/1/epub/Defensive_Coding/Fedora_Security_Team-1-Defensive_Coding-en-US.epub">
+ <dc:format>application/epub+zip</dc:format>
+ </link>
+ <!--link type="application/atom+xml;type=entry" href="" rel="alternate" title="Full entry"/-->
+ </entry>
+ <entry>
<title>Secure Ruby Development Guide</title>
<id>http://docs.fedoraproject.org/en-US/Fedora_Security_Team/1/epub/Secure_Ruby_Development_Guide/Fedora_Security_Team-1-Secure_Ruby_Development_Guide-en-US.epub</id>
<!--author>
@@ -21,7 +39,7 @@
</author-->
<updated>2014-07-14</updated>
<dc:language>ml-IN</dc:language>
- <category label="1" scheme="http://lexcycle.com/stanza/header" term="free"/>
+ <category label="" scheme="http://lexcycle.com/stanza/header" term="free"/>
<!--dc:issued></dc:issued-->
<summary>Guide to secure software development in Ruby</summary>
<content type="text">This guide covers security aspects of software development in Ruby.</content>
diff --git a/public_html/ml-IN/opds.xml b/public_html/ml-IN/opds.xml
index 52c0441..d987c8d 100644
--- a/public_html/ml-IN/opds.xml
+++ b/public_html/ml-IN/opds.xml
@@ -6,7 +6,7 @@
<link rel="http://opds-spec.org/crawlable" type="application/atom+xml" href="http://bookserver.archive.org/catalog/crawlable" title="Crawlable feed"/>
<id>http://docs.fedoraproject.org/ml-IN/opds.xml</id>
<title>Product List</title>
- <updated>2014-07-14T17:17:12</updated>
+ <updated>2014-07-21T13:54:29</updated>
<!--author>
<name></name>
<uri></uri>
@@ -15,7 +15,7 @@
<entry>
<title>Community Services Infrastructure</title>
<id>http://docs.fedoraproject.org/ml-IN/Community_Services_Infrastructure/opds-Community_Services_Infrastructure.xml</id>
- <updated>2014-07-14T17:17:12</updated>
+ <updated>2014-07-21T13:54:29</updated>
<dc:language>ml-IN</dc:language>
<content type="text"></content>
<link type="application/atom+xml" href="opds-Community_Services_Infrastructure.xml"/>
@@ -23,7 +23,7 @@
<entry>
<title>Fedora</title>
<id>http://docs.fedoraproject.org/ml-IN/Fedora/opds-Fedora.xml</id>
- <updated>2014-07-14T17:17:12</updated>
+ <updated>2014-07-21T13:54:29</updated>
<dc:language>ml-IN</dc:language>
<content type="text"></content>
<link type="application/atom+xml" href="opds-Fedora.xml"/>
@@ -31,7 +31,7 @@
<entry>
<title>Fedora Contributor Documentation</title>
<id>http://docs.fedoraproject.org/ml-IN/Fedora_Contributor_Documentation/opds-Fedora_Contributor_Documentation.xml</id>
- <updated>2014-07-14T17:17:12</updated>
+ <updated>2014-07-21T13:54:29</updated>
<dc:language>ml-IN</dc:language>
<content type="text"></content>
<link type="application/atom+xml" href="opds-Fedora_Contributor_Documentation.xml"/>
@@ -39,7 +39,7 @@
<entry>
<title>Fedora Core</title>
<id>http://docs.fedoraproject.org/ml-IN/Fedora_Core/opds-Fedora_Core.xml</id>
- <updated>2014-07-14T17:17:12</updated>
+ <updated>2014-07-21T13:54:29</updated>
<dc:language>ml-IN</dc:language>
<content type="text"></content>
<link type="application/atom+xml" href="opds-Fedora_Core.xml"/>
@@ -47,7 +47,7 @@
<entry>
<title>Fedora Documentation</title>
<id>http://docs.fedoraproject.org/ml-IN/Fedora_Documentation/opds-Fedora_Documentation.xml</id>
- <updated>2014-07-14T17:17:12</updated>
+ <updated>2014-07-21T13:54:29</updated>
<dc:language>ml-IN</dc:language>
<content type="text"></content>
<link type="application/atom+xml" href="opds-Fedora_Documentation.xml"/>
@@ -55,7 +55,7 @@
<entry>
<title>Fedora Draft Documentation</title>
<id>http://docs.fedoraproject.org/ml-IN/Fedora_Draft_Documentation/opds-Fedora_Draft_Documentation.xml</id>
- <updated>2014-07-14T17:17:12</updated>
+ <updated>2014-07-21T13:54:29</updated>
<dc:language>ml-IN</dc:language>
<content type="text"></content>
<link type="application/atom+xml" href="opds-Fedora_Draft_Documentation.xml"/>
@@ -63,7 +63,7 @@
<entry>
<title>Fedora Security Team</title>
<id>http://docs.fedoraproject.org/ml-IN/Fedora_Security_Team/opds-Fedora_Security_Team.xml</id>
- <updated>2014-07-14T17:17:12</updated>
+ <updated>2014-07-21T13:54:29</updated>
<dc:language>ml-IN</dc:language>
<content type="text"></content>
<link type="application/atom+xml" href="opds-Fedora_Security_Team.xml"/>
diff --git a/public_html/ml-IN/toc.html b/public_html/ml-IN/toc.html
index 7ab9ad5..4e80ff5 100644
--- a/public_html/ml-IN/toc.html
+++ b/public_html/ml-IN/toc.html
@@ -1800,12 +1800,19 @@
<div class="product collapsed" onclick="toggle(event, 'Fedora_Security_Team');work=1;">
<span class="product">Fedora Security Team</span>
<div id='Fedora_Security_Team' class="versions hidden">
- <div id='Fedora_Security_Team.1' class="version collapsed" onclick="toggle(event, 'Fedora_Security_Team.1.books');">
- <span class="version">1</span>
- <div id='Fedora_Security_Team.1.books' class="books hidden">
+ <div id='Fedora_Security_Team.1' class="version collapsed" onclick="toggle(event, 'Fedora_Security_Team.1.books');"> <div id='Fedora_Security_Team.1.books' class="books">
<div id='Fedora_Security_Team.1' class="version collapsed untranslated" onclick="toggle(event, 'Fedora_Security_Team.1.untrans_books');">
<span class="version">Untranslated</span>
<div id='Fedora_Security_Team.1.untrans_books' class="books hidden">
+ <div id='Fedora_Security_Team.1.Defensive_Coding' class="book collapsed" onclick="toggle(event, 'Fedora_Security_Team.1.Defensive_Coding.types');">
+ <a class="type" href="../en-US/Fedora_Security_Team/1/html/Defensive_Coding/index.html" onclick="window.top.location='../en-US/Fedora_Security_Team/1/html/Defensive_Coding/index.html'"><span class="book">Defensive Coding</span></a>
+ <div id='Fedora_Security_Team.1.Defensive_Coding.types' class="types hidden" onclick="work=0;">
+ <a class="type" href="../en-US/./Fedora_Security_Team/1/epub/Defensive_Coding/Fedora_Security_Team-1-Defensive_Coding-en-US.epub" >epub</a>
+ <a class="type" href="../en-US/./Fedora_Security_Team/1/html/Defensive_Coding/index.html" onclick="window.top.location='../en-US/./Fedora_Security_Team/1/html/Defensive_Coding/index.html';return false;">html</a>
+ <a class="type" href="../en-US/./Fedora_Security_Team/1/html-single/Defensive_Coding/index.html" onclick="window.top.location='../en-US/./Fedora_Security_Team/1/html-single/Defensive_Coding/index.html';return false;">html-single</a>
+ <a class="type" href="../en-US/./Fedora_Security_Team/1/pdf/Defensive_Coding/Fedora_Security_Team-1-Defensive_Coding-en-US.pdf" onclick="window.top.location='../en-US/./Fedora_Security_Team/1/pdf/Defensive_Coding/Fedora_Security_Team-1-Defensive_Coding-en-US.pdf';return false;">pdf</a>
+ </div>
+ </div>
<div id='Fedora_Security_Team.1.Secure_Ruby_Development_Guide' class="book collapsed" onclick="toggle(event, 'Fedora_Security_Team.1.Secure_Ruby_Development_Guide.types');">
<a class="type" href="../en-US/Fedora_Security_Team/1/html/Secure_Ruby_Development_Guide/index.html" onclick="window.top.location='../en-US/Fedora_Security_Team/1/html/Secure_Ruby_Development_Guide/index.html'"><span class="book">Secure Ruby Development Guide</span></a>
<div id='Fedora_Security_Team.1.Secure_Ruby_Development_Guide.types' class="types hidden" onclick="work=0;">
diff --git a/public_html/mr-IN/Site_Statistics.html b/public_html/mr-IN/Site_Statistics.html
index 02caf19..bbbf9bd 100644
--- a/public_html/mr-IN/Site_Statistics.html
+++ b/public_html/mr-IN/Site_Statistics.html
@@ -28,7 +28,7 @@
<td>7</td>
<td>45</td>
<td>22</td>
- <td>166</td>
+ <td>167</td>
</tr>
<tr>
@@ -430,7 +430,7 @@
</table>
<div class="totals">
<b>Total Languages: </b>45<br />
- <b>Total Packages: </b>906
+ <b>Total Packages: </b>907
</div>
</body>
</html>
diff --git a/public_html/mr-IN/opds-Community_Services_Infrastructure.xml b/public_html/mr-IN/opds-Community_Services_Infrastructure.xml
index dfe620c..a36199a 100644
--- a/public_html/mr-IN/opds-Community_Services_Infrastructure.xml
+++ b/public_html/mr-IN/opds-Community_Services_Infrastructure.xml
@@ -6,7 +6,7 @@
<id>http://docs.fedoraproject.org/mr-IN/opds-Community_Services_Infrastructure.xml</id>
<title>Community Services Infrastructure</title>
<subtitle>Community Services Infrastructure</subtitle>
- <updated>2014-07-14T17:17:12</updated>
+ <updated>2014-07-21T13:54:29</updated>
<!--author>
<name></name>
<uri></uri>
diff --git a/public_html/mr-IN/opds-Fedora.xml b/public_html/mr-IN/opds-Fedora.xml
index 1f70d3b..4eff153 100644
--- a/public_html/mr-IN/opds-Fedora.xml
+++ b/public_html/mr-IN/opds-Fedora.xml
@@ -6,7 +6,7 @@
<id>http://docs.fedoraproject.org/mr-IN/opds-Fedora.xml</id>
<title>Fedora</title>
<subtitle>Fedora</subtitle>
- <updated>2014-07-14T17:17:12</updated>
+ <updated>2014-07-21T13:54:29</updated>
<!--author>
<name></name>
<uri></uri>
diff --git a/public_html/mr-IN/opds-Fedora_Contributor_Documentation.xml b/public_html/mr-IN/opds-Fedora_Contributor_Documentation.xml
index ba9070c..2caa70b 100644
--- a/public_html/mr-IN/opds-Fedora_Contributor_Documentation.xml
+++ b/public_html/mr-IN/opds-Fedora_Contributor_Documentation.xml
@@ -6,7 +6,7 @@
<id>http://docs.fedoraproject.org/mr-IN/opds-Fedora_Contributor_Documentation.xml</id>
<title>Fedora Contributor Documentation</title>
<subtitle>Fedora Contributor Documentation</subtitle>
- <updated>2014-07-14T17:17:12</updated>
+ <updated>2014-07-21T13:54:29</updated>
<!--author>
<name></name>
<uri></uri>
diff --git a/public_html/mr-IN/opds-Fedora_Core.xml b/public_html/mr-IN/opds-Fedora_Core.xml
index 9522bc7..339eb7b 100644
--- a/public_html/mr-IN/opds-Fedora_Core.xml
+++ b/public_html/mr-IN/opds-Fedora_Core.xml
@@ -6,7 +6,7 @@
<id>http://docs.fedoraproject.org/mr-IN/opds-Fedora_Core.xml</id>
<title>Fedora Core</title>
<subtitle>Fedora Core</subtitle>
- <updated>2014-07-14T17:17:12</updated>
+ <updated>2014-07-21T13:54:29</updated>
<!--author>
<name></name>
<uri></uri>
diff --git a/public_html/mr-IN/opds-Fedora_Documentation.xml b/public_html/mr-IN/opds-Fedora_Documentation.xml
index 0f3204e..e0e72ed 100644
--- a/public_html/mr-IN/opds-Fedora_Documentation.xml
+++ b/public_html/mr-IN/opds-Fedora_Documentation.xml
@@ -6,7 +6,7 @@
<id>http://docs.fedoraproject.org/mr-IN/opds-Fedora_Documentation.xml</id>
<title>Fedora Documentation</title>
<subtitle>Fedora Documentation</subtitle>
- <updated>2014-07-14T17:17:12</updated>
+ <updated>2014-07-21T13:54:29</updated>
<!--author>
<name></name>
<uri></uri>
diff --git a/public_html/mr-IN/opds-Fedora_Draft_Documentation.xml b/public_html/mr-IN/opds-Fedora_Draft_Documentation.xml
index 9f35732..bcde3eb 100644
--- a/public_html/mr-IN/opds-Fedora_Draft_Documentation.xml
+++ b/public_html/mr-IN/opds-Fedora_Draft_Documentation.xml
@@ -6,7 +6,7 @@
<id>http://docs.fedoraproject.org/mr-IN/opds-Fedora_Draft_Documentation.xml</id>
<title>Fedora Draft Documentation</title>
<subtitle>Fedora Draft Documentation</subtitle>
- <updated>2014-07-14T17:17:12</updated>
+ <updated>2014-07-21T13:54:29</updated>
<!--author>
<name></name>
<uri></uri>
diff --git a/public_html/mr-IN/opds-Fedora_Security_Team.xml b/public_html/mr-IN/opds-Fedora_Security_Team.xml
index 2932140..03143f1 100644
--- a/public_html/mr-IN/opds-Fedora_Security_Team.xml
+++ b/public_html/mr-IN/opds-Fedora_Security_Team.xml
@@ -6,13 +6,31 @@
<id>http://docs.fedoraproject.org/mr-IN/opds-Fedora_Security_Team.xml</id>
<title>Fedora Security Team</title>
<subtitle>Fedora Security Team</subtitle>
- <updated>2014-07-14T17:17:12</updated>
+ <updated>2014-07-21T13:54:29</updated>
<!--author>
<name></name>
<uri></uri>
</author-->
<entry>
+ <title>Defensive Coding</title>
+ <id>http://docs.fedoraproject.org/en-US/Fedora_Security_Team/1/epub/Defensive_Coding/Fedora_Security_Team-1-Defensive_Coding-en-US.epub</id>
+ <!--author>
+ <name></name>
+ <uri></uri>
+ </author-->
+ <updated>2014-07-21</updated>
+ <dc:language>mr-IN</dc:language>
+ <category label="1" scheme="http://lexcycle.com/stanza/header" term="free"/>
+ <!--dc:issued></dc:issued-->
+ <summary>A Guide to Improving Software Security</summary>
+ <content type="text">This document provides guidelines for improving software security through secure coding. It covers common programming languages and libraries, and focuses on concrete recommendations.</content>
+ <link type="application/epub+zip" rel="http://opds-spec.org/acquisition" href="http://docs.fedoraproject.org/en-US/Fedora_Security_Team/1/epub/Defensive_Coding/Fedora_Security_Team-1-Defensive_Coding-en-US.epub">
+ <dc:format>application/epub+zip</dc:format>
+ </link>
+ <!--link type="application/atom+xml;type=entry" href="" rel="alternate" title="Full entry"/-->
+ </entry>
+ <entry>
<title>Secure Ruby Development Guide</title>
<id>http://docs.fedoraproject.org/en-US/Fedora_Security_Team/1/epub/Secure_Ruby_Development_Guide/Fedora_Security_Team-1-Secure_Ruby_Development_Guide-en-US.epub</id>
<!--author>
@@ -21,7 +39,7 @@
</author-->
<updated>2014-07-14</updated>
<dc:language>mr-IN</dc:language>
- <category label="1" scheme="http://lexcycle.com/stanza/header" term="free"/>
+ <category label="" scheme="http://lexcycle.com/stanza/header" term="free"/>
<!--dc:issued></dc:issued-->
<summary>Guide to secure software development in Ruby</summary>
<content type="text">This guide covers security aspects of software development in Ruby.</content>
diff --git a/public_html/mr-IN/opds.xml b/public_html/mr-IN/opds.xml
index 1d10612..7742fd4 100644
--- a/public_html/mr-IN/opds.xml
+++ b/public_html/mr-IN/opds.xml
@@ -6,7 +6,7 @@
<link rel="http://opds-spec.org/crawlable" type="application/atom+xml" href="http://bookserver.archive.org/catalog/crawlable" title="Crawlable feed"/>
<id>http://docs.fedoraproject.org/mr-IN/opds.xml</id>
<title>Product List</title>
- <updated>2014-07-14T17:17:13</updated>
+ <updated>2014-07-21T13:54:29</updated>
<!--author>
<name></name>
<uri></uri>
@@ -15,7 +15,7 @@
<entry>
<title>Community Services Infrastructure</title>
<id>http://docs.fedoraproject.org/mr-IN/Community_Services_Infrastructure/opds-Community_Services_Infrastructure.xml</id>
- <updated>2014-07-14T17:17:12</updated>
+ <updated>2014-07-21T13:54:29</updated>
<dc:language>mr-IN</dc:language>
<content type="text"></content>
<link type="application/atom+xml" href="opds-Community_Services_Infrastructure.xml"/>
@@ -23,7 +23,7 @@
<entry>
<title>Fedora</title>
<id>http://docs.fedoraproject.org/mr-IN/Fedora/opds-Fedora.xml</id>
- <updated>2014-07-14T17:17:12</updated>
+ <updated>2014-07-21T13:54:29</updated>
<dc:language>mr-IN</dc:language>
<content type="text"></content>
<link type="application/atom+xml" href="opds-Fedora.xml"/>
@@ -31,7 +31,7 @@
<entry>
<title>Fedora Contributor Documentation</title>
<id>http://docs.fedoraproject.org/mr-IN/Fedora_Contributor_Documentation/opds-Fedora_Contributor_Documentation.xml</id>
- <updated>2014-07-14T17:17:12</updated>
+ <updated>2014-07-21T13:54:29</updated>
<dc:language>mr-IN</dc:language>
<content type="text"></content>
<link type="application/atom+xml" href="opds-Fedora_Contributor_Documentation.xml"/>
@@ -39,7 +39,7 @@
<entry>
<title>Fedora Core</title>
<id>http://docs.fedoraproject.org/mr-IN/Fedora_Core/opds-Fedora_Core.xml</id>
- <updated>2014-07-14T17:17:12</updated>
+ <updated>2014-07-21T13:54:29</updated>
<dc:language>mr-IN</dc:language>
<content type="text"></content>
<link type="application/atom+xml" href="opds-Fedora_Core.xml"/>
@@ -47,7 +47,7 @@
<entry>
<title>Fedora Documentation</title>
<id>http://docs.fedoraproject.org/mr-IN/Fedora_Documentation/opds-Fedora_Documentation.xml</id>
- <updated>2014-07-14T17:17:12</updated>
+ <updated>2014-07-21T13:54:29</updated>
<dc:language>mr-IN</dc:language>
<content type="text"></content>
<link type="application/atom+xml" href="opds-Fedora_Documentation.xml"/>
@@ -55,7 +55,7 @@
<entry>
<title>Fedora Draft Documentation</title>
<id>http://docs.fedoraproject.org/mr-IN/Fedora_Draft_Documentation/opds-Fedora_Draft_Documentation.xml</id>
- <updated>2014-07-14T17:17:12</updated>
+ <updated>2014-07-21T13:54:29</updated>
<dc:language>mr-IN</dc:language>
<content type="text"></content>
<link type="application/atom+xml" href="opds-Fedora_Draft_Documentation.xml"/>
@@ -63,7 +63,7 @@
<entry>
<title>Fedora Security Team</title>
<id>http://docs.fedoraproject.org/mr-IN/Fedora_Security_Team/opds-Fedora_Security_Team.xml</id>
- <updated>2014-07-14T17:17:12</updated>
+ <updated>2014-07-21T13:54:29</updated>
<dc:language>mr-IN</dc:language>
<content type="text"></content>
<link type="application/atom+xml" href="opds-Fedora_Security_Team.xml"/>
diff --git a/public_html/mr-IN/toc.html b/public_html/mr-IN/toc.html
index 98f88c6..f25707b 100644
--- a/public_html/mr-IN/toc.html
+++ b/public_html/mr-IN/toc.html
@@ -1800,12 +1800,19 @@
<div class="product collapsed" onclick="toggle(event, 'Fedora_Security_Team');work=1;">
<span class="product">Fedora Security Team</span>
<div id='Fedora_Security_Team' class="versions hidden">
- <div id='Fedora_Security_Team.1' class="version collapsed" onclick="toggle(event, 'Fedora_Security_Team.1.books');">
- <span class="version">1</span>
- <div id='Fedora_Security_Team.1.books' class="books hidden">
+ <div id='Fedora_Security_Team.1' class="version collapsed" onclick="toggle(event, 'Fedora_Security_Team.1.books');"> <div id='Fedora_Security_Team.1.books' class="books">
<div id='Fedora_Security_Team.1' class="version collapsed untranslated" onclick="toggle(event, 'Fedora_Security_Team.1.untrans_books');">
<span class="version">Untranslated</span>
<div id='Fedora_Security_Team.1.untrans_books' class="books hidden">
+ <div id='Fedora_Security_Team.1.Defensive_Coding' class="book collapsed" onclick="toggle(event, 'Fedora_Security_Team.1.Defensive_Coding.types');">
+ <a class="type" href="../en-US/Fedora_Security_Team/1/html/Defensive_Coding/index.html" onclick="window.top.location='../en-US/Fedora_Security_Team/1/html/Defensive_Coding/index.html'"><span class="book">Defensive Coding</span></a>
+ <div id='Fedora_Security_Team.1.Defensive_Coding.types' class="types hidden" onclick="work=0;">
+ <a class="type" href="../en-US/./Fedora_Security_Team/1/epub/Defensive_Coding/Fedora_Security_Team-1-Defensive_Coding-en-US.epub" >epub</a>
+ <a class="type" href="../en-US/./Fedora_Security_Team/1/html/Defensive_Coding/index.html" onclick="window.top.location='../en-US/./Fedora_Security_Team/1/html/Defensive_Coding/index.html';return false;">html</a>
+ <a class="type" href="../en-US/./Fedora_Security_Team/1/html-single/Defensive_Coding/index.html" onclick="window.top.location='../en-US/./Fedora_Security_Team/1/html-single/Defensive_Coding/index.html';return false;">html-single</a>
+ <a class="type" href="../en-US/./Fedora_Security_Team/1/pdf/Defensive_Coding/Fedora_Security_Team-1-Defensive_Coding-en-US.pdf" onclick="window.top.location='../en-US/./Fedora_Security_Team/1/pdf/Defensive_Coding/Fedora_Security_Team-1-Defensive_Coding-en-US.pdf';return false;">pdf</a>
+ </div>
+ </div>
<div id='Fedora_Security_Team.1.Secure_Ruby_Development_Guide' class="book collapsed" onclick="toggle(event, 'Fedora_Security_Team.1.Secure_Ruby_Development_Guide.types');">
<a class="type" href="../en-US/Fedora_Security_Team/1/html/Secure_Ruby_Development_Guide/index.html" onclick="window.top.location='../en-US/Fedora_Security_Team/1/html/Secure_Ruby_Development_Guide/index.html'"><span class="book">Secure Ruby Development Guide</span></a>
<div id='Fedora_Security_Team.1.Secure_Ruby_Development_Guide.types' class="types hidden" onclick="work=0;">
diff --git a/public_html/nb-NO/Site_Statistics.html b/public_html/nb-NO/Site_Statistics.html
index 02caf19..bbbf9bd 100644
--- a/public_html/nb-NO/Site_Statistics.html
+++ b/public_html/nb-NO/Site_Statistics.html
@@ -28,7 +28,7 @@
<td>7</td>
<td>45</td>
<td>22</td>
- <td>166</td>
+ <td>167</td>
</tr>
<tr>
@@ -430,7 +430,7 @@
</table>
<div class="totals">
<b>Total Languages: </b>45<br />
- <b>Total Packages: </b>906
+ <b>Total Packages: </b>907
</div>
</body>
</html>
diff --git a/public_html/nb-NO/opds-Community_Services_Infrastructure.xml b/public_html/nb-NO/opds-Community_Services_Infrastructure.xml
index 503f250..ed3eec9 100644
--- a/public_html/nb-NO/opds-Community_Services_Infrastructure.xml
+++ b/public_html/nb-NO/opds-Community_Services_Infrastructure.xml
@@ -6,7 +6,7 @@
<id>http://docs.fedoraproject.org/nb-NO/opds-Community_Services_Infrastructure.xml</id>
<title>Community Services Infrastructure</title>
<subtitle>Community Services Infrastructure</subtitle>
- <updated>2014-07-14T17:17:13</updated>
+ <updated>2014-07-21T13:54:29</updated>
<!--author>
<name></name>
<uri></uri>
diff --git a/public_html/nb-NO/opds-Fedora.xml b/public_html/nb-NO/opds-Fedora.xml
index 44d1fd7..6b302e4 100644
--- a/public_html/nb-NO/opds-Fedora.xml
+++ b/public_html/nb-NO/opds-Fedora.xml
@@ -6,7 +6,7 @@
<id>http://docs.fedoraproject.org/nb-NO/opds-Fedora.xml</id>
<title>Fedora</title>
<subtitle>Fedora</subtitle>
- <updated>2014-07-14T17:17:13</updated>
+ <updated>2014-07-21T13:54:29</updated>
<!--author>
<name></name>
<uri></uri>
diff --git a/public_html/nb-NO/opds-Fedora_Contributor_Documentation.xml b/public_html/nb-NO/opds-Fedora_Contributor_Documentation.xml
index 1167a30..172d3d6 100644
--- a/public_html/nb-NO/opds-Fedora_Contributor_Documentation.xml
+++ b/public_html/nb-NO/opds-Fedora_Contributor_Documentation.xml
@@ -6,7 +6,7 @@
<id>http://docs.fedoraproject.org/nb-NO/opds-Fedora_Contributor_Documentation.xml</id>
<title>Fedora Contributor Documentation</title>
<subtitle>Fedora Contributor Documentation</subtitle>
- <updated>2014-07-14T17:17:13</updated>
+ <updated>2014-07-21T13:54:29</updated>
<!--author>
<name></name>
<uri></uri>
diff --git a/public_html/nb-NO/opds-Fedora_Core.xml b/public_html/nb-NO/opds-Fedora_Core.xml
index d96cfdd..9765d19 100644
--- a/public_html/nb-NO/opds-Fedora_Core.xml
+++ b/public_html/nb-NO/opds-Fedora_Core.xml
@@ -6,7 +6,7 @@
<id>http://docs.fedoraproject.org/nb-NO/opds-Fedora_Core.xml</id>
<title>Fedora Core</title>
<subtitle>Fedora Core</subtitle>
- <updated>2014-07-14T17:17:13</updated>
+ <updated>2014-07-21T13:54:29</updated>
<!--author>
<name></name>
<uri></uri>
diff --git a/public_html/nb-NO/opds-Fedora_Documentation.xml b/public_html/nb-NO/opds-Fedora_Documentation.xml
index 9180c09..4a9a020 100644
--- a/public_html/nb-NO/opds-Fedora_Documentation.xml
+++ b/public_html/nb-NO/opds-Fedora_Documentation.xml
@@ -6,7 +6,7 @@
<id>http://docs.fedoraproject.org/nb-NO/opds-Fedora_Documentation.xml</id>
<title>Fedora Documentation</title>
<subtitle>Fedora Documentation</subtitle>
- <updated>2014-07-14T17:17:13</updated>
+ <updated>2014-07-21T13:54:29</updated>
<!--author>
<name></name>
<uri></uri>
diff --git a/public_html/nb-NO/opds-Fedora_Draft_Documentation.xml b/public_html/nb-NO/opds-Fedora_Draft_Documentation.xml
index 46efcd1..1c3f5d7 100644
--- a/public_html/nb-NO/opds-Fedora_Draft_Documentation.xml
+++ b/public_html/nb-NO/opds-Fedora_Draft_Documentation.xml
@@ -6,7 +6,7 @@
<id>http://docs.fedoraproject.org/nb-NO/opds-Fedora_Draft_Documentation.xml</id>
<title>Fedora Draft Documentation</title>
<subtitle>Fedora Draft Documentation</subtitle>
- <updated>2014-07-14T17:17:13</updated>
+ <updated>2014-07-21T13:54:29</updated>
<!--author>
<name></name>
<uri></uri>
diff --git a/public_html/nb-NO/opds-Fedora_Security_Team.xml b/public_html/nb-NO/opds-Fedora_Security_Team.xml
index aabb367..b66ea7d 100644
--- a/public_html/nb-NO/opds-Fedora_Security_Team.xml
+++ b/public_html/nb-NO/opds-Fedora_Security_Team.xml
@@ -6,13 +6,31 @@
<id>http://docs.fedoraproject.org/nb-NO/opds-Fedora_Security_Team.xml</id>
<title>Fedora Security Team</title>
<subtitle>Fedora Security Team</subtitle>
- <updated>2014-07-14T17:17:13</updated>
+ <updated>2014-07-21T13:54:29</updated>
<!--author>
<name></name>
<uri></uri>
</author-->
<entry>
+ <title>Defensive Coding</title>
+ <id>http://docs.fedoraproject.org/en-US/Fedora_Security_Team/1/epub/Defensive_Coding/Fedora_Security_Team-1-Defensive_Coding-en-US.epub</id>
+ <!--author>
+ <name></name>
+ <uri></uri>
+ </author-->
+ <updated>2014-07-21</updated>
+ <dc:language>nb-NO</dc:language>
+ <category label="1" scheme="http://lexcycle.com/stanza/header" term="free"/>
+ <!--dc:issued></dc:issued-->
+ <summary>A Guide to Improving Software Security</summary>
+ <content type="text">This document provides guidelines for improving software security through secure coding. It covers common programming languages and libraries, and focuses on concrete recommendations.</content>
+ <link type="application/epub+zip" rel="http://opds-spec.org/acquisition" href="http://docs.fedoraproject.org/en-US/Fedora_Security_Team/1/epub/Defensive_Coding/Fedora_Security_Team-1-Defensive_Coding-en-US.epub">
+ <dc:format>application/epub+zip</dc:format>
+ </link>
+ <!--link type="application/atom+xml;type=entry" href="" rel="alternate" title="Full entry"/-->
+ </entry>
+ <entry>
<title>Secure Ruby Development Guide</title>
<id>http://docs.fedoraproject.org/en-US/Fedora_Security_Team/1/epub/Secure_Ruby_Development_Guide/Fedora_Security_Team-1-Secure_Ruby_Development_Guide-en-US.epub</id>
<!--author>
@@ -21,7 +39,7 @@
</author-->
<updated>2014-07-14</updated>
<dc:language>nb-NO</dc:language>
- <category label="1" scheme="http://lexcycle.com/stanza/header" term="free"/>
+ <category label="" scheme="http://lexcycle.com/stanza/header" term="free"/>
<!--dc:issued></dc:issued-->
<summary>Guide to secure software development in Ruby</summary>
<content type="text">This guide covers security aspects of software development in Ruby.</content>
diff --git a/public_html/nb-NO/opds.xml b/public_html/nb-NO/opds.xml
index 316ffcb..919e668 100644
--- a/public_html/nb-NO/opds.xml
+++ b/public_html/nb-NO/opds.xml
@@ -6,7 +6,7 @@
<link rel="http://opds-spec.org/crawlable" type="application/atom+xml" href="http://bookserver.archive.org/catalog/crawlable" title="Crawlable feed"/>
<id>http://docs.fedoraproject.org/nb-NO/opds.xml</id>
<title>Product List</title>
- <updated>2014-07-14T17:17:13</updated>
+ <updated>2014-07-21T13:54:29</updated>
<!--author>
<name></name>
<uri></uri>
@@ -15,7 +15,7 @@
<entry>
<title>Community Services Infrastructure</title>
<id>http://docs.fedoraproject.org/nb-NO/Community_Services_Infrastructure/opds-Community_Services_Infrastructure.xml</id>
- <updated>2014-07-14T17:17:13</updated>
+ <updated>2014-07-21T13:54:29</updated>
<dc:language>nb-NO</dc:language>
<content type="text"></content>
<link type="application/atom+xml" href="opds-Community_Services_Infrastructure.xml"/>
@@ -23,7 +23,7 @@
<entry>
<title>Fedora</title>
<id>http://docs.fedoraproject.org/nb-NO/Fedora/opds-Fedora.xml</id>
- <updated>2014-07-14T17:17:13</updated>
+ <updated>2014-07-21T13:54:29</updated>
<dc:language>nb-NO</dc:language>
<content type="text"></content>
<link type="application/atom+xml" href="opds-Fedora.xml"/>
@@ -31,7 +31,7 @@
<entry>
<title>Fedora Contributor Documentation</title>
<id>http://docs.fedoraproject.org/nb-NO/Fedora_Contributor_Documentation/opds-Fedora_Contributor_Documentation.xml</id>
- <updated>2014-07-14T17:17:13</updated>
+ <updated>2014-07-21T13:54:29</updated>
<dc:language>nb-NO</dc:language>
<content type="text"></content>
<link type="application/atom+xml" href="opds-Fedora_Contributor_Documentation.xml"/>
@@ -39,7 +39,7 @@
<entry>
<title>Fedora Core</title>
<id>http://docs.fedoraproject.org/nb-NO/Fedora_Core/opds-Fedora_Core.xml</id>
- <updated>2014-07-14T17:17:13</updated>
+ <updated>2014-07-21T13:54:29</updated>
<dc:language>nb-NO</dc:language>
<content type="text"></content>
<link type="application/atom+xml" href="opds-Fedora_Core.xml"/>
@@ -47,7 +47,7 @@
<entry>
<title>Fedora Documentation</title>
<id>http://docs.fedoraproject.org/nb-NO/Fedora_Documentation/opds-Fedora_Documentation.xml</id>
- <updated>2014-07-14T17:17:13</updated>
+ <updated>2014-07-21T13:54:29</updated>
<dc:language>nb-NO</dc:language>
<content type="text"></content>
<link type="application/atom+xml" href="opds-Fedora_Documentation.xml"/>
@@ -55,7 +55,7 @@
<entry>
<title>Fedora Draft Documentation</title>
<id>http://docs.fedoraproject.org/nb-NO/Fedora_Draft_Documentation/opds-Fedora_Draft_Documentation.xml</id>
- <updated>2014-07-14T17:17:13</updated>
+ <updated>2014-07-21T13:54:29</updated>
<dc:language>nb-NO</dc:language>
<content type="text"></content>
<link type="application/atom+xml" href="opds-Fedora_Draft_Documentation.xml"/>
@@ -63,7 +63,7 @@
<entry>
<title>Fedora Security Team</title>
<id>http://docs.fedoraproject.org/nb-NO/Fedora_Security_Team/opds-Fedora_Security_Team.xml</id>
- <updated>2014-07-14T17:17:13</updated>
+ <updated>2014-07-21T13:54:29</updated>
<dc:language>nb-NO</dc:language>
<content type="text"></content>
<link type="application/atom+xml" href="opds-Fedora_Security_Team.xml"/>
diff --git a/public_html/nb-NO/toc.html b/public_html/nb-NO/toc.html
index 2379121..aa64d59 100644
--- a/public_html/nb-NO/toc.html
+++ b/public_html/nb-NO/toc.html
@@ -1800,12 +1800,19 @@
<div class="product collapsed" onclick="toggle(event, 'Fedora_Security_Team');work=1;">
<span class="product">Fedora Security Team</span>
<div id='Fedora_Security_Team' class="versions hidden">
- <div id='Fedora_Security_Team.1' class="version collapsed" onclick="toggle(event, 'Fedora_Security_Team.1.books');">
- <span class="version">1</span>
- <div id='Fedora_Security_Team.1.books' class="books hidden">
+ <div id='Fedora_Security_Team.1' class="version collapsed" onclick="toggle(event, 'Fedora_Security_Team.1.books');"> <div id='Fedora_Security_Team.1.books' class="books">
<div id='Fedora_Security_Team.1' class="version collapsed untranslated" onclick="toggle(event, 'Fedora_Security_Team.1.untrans_books');">
<span class="version">Untranslated</span>
<div id='Fedora_Security_Team.1.untrans_books' class="books hidden">
+ <div id='Fedora_Security_Team.1.Defensive_Coding' class="book collapsed" onclick="toggle(event, 'Fedora_Security_Team.1.Defensive_Coding.types');">
+ <a class="type" href="../en-US/Fedora_Security_Team/1/html/Defensive_Coding/index.html" onclick="window.top.location='../en-US/Fedora_Security_Team/1/html/Defensive_Coding/index.html'"><span class="book">Defensive Coding</span></a>
+ <div id='Fedora_Security_Team.1.Defensive_Coding.types' class="types hidden" onclick="work=0;">
+ <a class="type" href="../en-US/./Fedora_Security_Team/1/epub/Defensive_Coding/Fedora_Security_Team-1-Defensive_Coding-en-US.epub" >epub</a>
+ <a class="type" href="../en-US/./Fedora_Security_Team/1/html/Defensive_Coding/index.html" onclick="window.top.location='../en-US/./Fedora_Security_Team/1/html/Defensive_Coding/index.html';return false;">html</a>
+ <a class="type" href="../en-US/./Fedora_Security_Team/1/html-single/Defensive_Coding/index.html" onclick="window.top.location='../en-US/./Fedora_Security_Team/1/html-single/Defensive_Coding/index.html';return false;">html-single</a>
+ <a class="type" href="../en-US/./Fedora_Security_Team/1/pdf/Defensive_Coding/Fedora_Security_Team-1-Defensive_Coding-en-US.pdf" onclick="window.top.location='../en-US/./Fedora_Security_Team/1/pdf/Defensive_Coding/Fedora_Security_Team-1-Defensive_Coding-en-US.pdf';return false;">pdf</a>
+ </div>
+ </div>
<div id='Fedora_Security_Team.1.Secure_Ruby_Development_Guide' class="book collapsed" onclick="toggle(event, 'Fedora_Security_Team.1.Secure_Ruby_Development_Guide.types');">
<a class="type" href="../en-US/Fedora_Security_Team/1/html/Secure_Ruby_Development_Guide/index.html" onclick="window.top.location='../en-US/Fedora_Security_Team/1/html/Secure_Ruby_Development_Guide/index.html'"><span class="book">Secure Ruby Development Guide</span></a>
<div id='Fedora_Security_Team.1.Secure_Ruby_Development_Guide.types' class="types hidden" onclick="work=0;">
diff --git a/public_html/nl-NL/Site_Statistics.html b/public_html/nl-NL/Site_Statistics.html
index 6e6dc4f..dc3226e 100644
--- a/public_html/nl-NL/Site_Statistics.html
+++ b/public_html/nl-NL/Site_Statistics.html
@@ -28,7 +28,7 @@
<td>7</td>
<td>45</td>
<td>22</td>
- <td>166</td>
+ <td>167</td>
</tr>
<tr>
@@ -430,7 +430,7 @@
</table>
<div class="totals">
<b>Totaal talen: </b>45<br />
- <b>Totaal pakketten: </b>906
+ <b>Totaal pakketten: </b>907
</div>
</body>
</html>
diff --git a/public_html/nl-NL/opds-Community_Services_Infrastructure.xml b/public_html/nl-NL/opds-Community_Services_Infrastructure.xml
index b17d1dd..cc93db0 100644
--- a/public_html/nl-NL/opds-Community_Services_Infrastructure.xml
+++ b/public_html/nl-NL/opds-Community_Services_Infrastructure.xml
@@ -6,7 +6,7 @@
<id>http://docs.fedoraproject.org/nl-NL/opds-Community_Services_Infrastructure.xml</id>
<title>Community Services Infrastructure</title>
<subtitle>Community Services Infrastructure</subtitle>
- <updated>2014-07-14T17:17:13</updated>
+ <updated>2014-07-21T13:54:29</updated>
<!--author>
<name></name>
<uri></uri>
diff --git a/public_html/nl-NL/opds-Fedora.xml b/public_html/nl-NL/opds-Fedora.xml
index 3555b59..1c4b74a 100644
--- a/public_html/nl-NL/opds-Fedora.xml
+++ b/public_html/nl-NL/opds-Fedora.xml
@@ -6,7 +6,7 @@
<id>http://docs.fedoraproject.org/nl-NL/opds-Fedora.xml</id>
<title>Fedora</title>
<subtitle>Fedora</subtitle>
- <updated>2014-07-14T17:17:13</updated>
+ <updated>2014-07-21T13:54:30</updated>
<!--author>
<name></name>
<uri></uri>
diff --git a/public_html/nl-NL/opds-Fedora_Contributor_Documentation.xml b/public_html/nl-NL/opds-Fedora_Contributor_Documentation.xml
index 01284e4..b43aa15 100644
--- a/public_html/nl-NL/opds-Fedora_Contributor_Documentation.xml
+++ b/public_html/nl-NL/opds-Fedora_Contributor_Documentation.xml
@@ -6,7 +6,7 @@
<id>http://docs.fedoraproject.org/nl-NL/opds-Fedora_Contributor_Documentation.xml</id>
<title>Fedora Contributor Documentation</title>
<subtitle>Fedora Contributor Documentation</subtitle>
- <updated>2014-07-14T17:17:13</updated>
+ <updated>2014-07-21T13:54:30</updated>
<!--author>
<name></name>
<uri></uri>
diff --git a/public_html/nl-NL/opds-Fedora_Core.xml b/public_html/nl-NL/opds-Fedora_Core.xml
index 971a749..157746a 100644
--- a/public_html/nl-NL/opds-Fedora_Core.xml
+++ b/public_html/nl-NL/opds-Fedora_Core.xml
@@ -6,7 +6,7 @@
<id>http://docs.fedoraproject.org/nl-NL/opds-Fedora_Core.xml</id>
<title>Fedora Core</title>
<subtitle>Fedora Core</subtitle>
- <updated>2014-07-14T17:17:13</updated>
+ <updated>2014-07-21T13:54:30</updated>
<!--author>
<name></name>
<uri></uri>
diff --git a/public_html/nl-NL/opds-Fedora_Documentation.xml b/public_html/nl-NL/opds-Fedora_Documentation.xml
index c47d614..cd1db3d 100644
--- a/public_html/nl-NL/opds-Fedora_Documentation.xml
+++ b/public_html/nl-NL/opds-Fedora_Documentation.xml
@@ -6,7 +6,7 @@
<id>http://docs.fedoraproject.org/nl-NL/opds-Fedora_Documentation.xml</id>
<title>Fedora Documentation</title>
<subtitle>Fedora Documentation</subtitle>
- <updated>2014-07-14T17:17:13</updated>
+ <updated>2014-07-21T13:54:30</updated>
<!--author>
<name></name>
<uri></uri>
diff --git a/public_html/nl-NL/opds-Fedora_Draft_Documentation.xml b/public_html/nl-NL/opds-Fedora_Draft_Documentation.xml
index 0911ec1..03f0583 100644
--- a/public_html/nl-NL/opds-Fedora_Draft_Documentation.xml
+++ b/public_html/nl-NL/opds-Fedora_Draft_Documentation.xml
@@ -6,7 +6,7 @@
<id>http://docs.fedoraproject.org/nl-NL/opds-Fedora_Draft_Documentation.xml</id>
<title>Fedora Draft Documentation</title>
<subtitle>Fedora Draft Documentation</subtitle>
- <updated>2014-07-14T17:17:13</updated>
+ <updated>2014-07-21T13:54:30</updated>
<!--author>
<name></name>
<uri></uri>
diff --git a/public_html/nl-NL/opds-Fedora_Security_Team.xml b/public_html/nl-NL/opds-Fedora_Security_Team.xml
index 6a0fb9f..02a56ec 100644
--- a/public_html/nl-NL/opds-Fedora_Security_Team.xml
+++ b/public_html/nl-NL/opds-Fedora_Security_Team.xml
@@ -6,13 +6,31 @@
<id>http://docs.fedoraproject.org/nl-NL/opds-Fedora_Security_Team.xml</id>
<title>Fedora Security Team</title>
<subtitle>Fedora Security Team</subtitle>
- <updated>2014-07-14T17:17:13</updated>
+ <updated>2014-07-21T13:54:30</updated>
<!--author>
<name></name>
<uri></uri>
</author-->
<entry>
+ <title>Defensive Coding</title>
+ <id>http://docs.fedoraproject.org/en-US/Fedora_Security_Team/1/epub/Defensive_Coding/Fedora_Security_Team-1-Defensive_Coding-en-US.epub</id>
+ <!--author>
+ <name></name>
+ <uri></uri>
+ </author-->
+ <updated>2014-07-21</updated>
+ <dc:language>nl-NL</dc:language>
+ <category label="1" scheme="http://lexcycle.com/stanza/header" term="free"/>
+ <!--dc:issued></dc:issued-->
+ <summary>A Guide to Improving Software Security</summary>
+ <content type="text">This document provides guidelines for improving software security through secure coding. It covers common programming languages and libraries, and focuses on concrete recommendations.</content>
+ <link type="application/epub+zip" rel="http://opds-spec.org/acquisition" href="http://docs.fedoraproject.org/en-US/Fedora_Security_Team/1/epub/Defensive_Coding/Fedora_Security_Team-1-Defensive_Coding-en-US.epub">
+ <dc:format>application/epub+zip</dc:format>
+ </link>
+ <!--link type="application/atom+xml;type=entry" href="" rel="alternate" title="Full entry"/-->
+ </entry>
+ <entry>
<title>Secure Ruby Development Guide</title>
<id>http://docs.fedoraproject.org/en-US/Fedora_Security_Team/1/epub/Secure_Ruby_Development_Guide/Fedora_Security_Team-1-Secure_Ruby_Development_Guide-en-US.epub</id>
<!--author>
@@ -21,7 +39,7 @@
</author-->
<updated>2014-07-14</updated>
<dc:language>nl-NL</dc:language>
- <category label="1" scheme="http://lexcycle.com/stanza/header" term="free"/>
+ <category label="" scheme="http://lexcycle.com/stanza/header" term="free"/>
<!--dc:issued></dc:issued-->
<summary>Guide to secure software development in Ruby</summary>
<content type="text">This guide covers security aspects of software development in Ruby.</content>
diff --git a/public_html/nl-NL/opds.xml b/public_html/nl-NL/opds.xml
index 5be1081..a581bac 100644
--- a/public_html/nl-NL/opds.xml
+++ b/public_html/nl-NL/opds.xml
@@ -6,7 +6,7 @@
<link rel="http://opds-spec.org/crawlable" type="application/atom+xml" href="http://bookserver.archive.org/catalog/crawlable" title="Crawlable feed"/>
<id>http://docs.fedoraproject.org/nl-NL/opds.xml</id>
<title>Product List</title>
- <updated>2014-07-14T17:17:13</updated>
+ <updated>2014-07-21T13:54:30</updated>
<!--author>
<name></name>
<uri></uri>
@@ -15,7 +15,7 @@
<entry>
<title>Community Services Infrastructure</title>
<id>http://docs.fedoraproject.org/nl-NL/Community_Services_Infrastructure/opds-Community_Services_Infrastructure.xml</id>
- <updated>2014-07-14T17:17:13</updated>
+ <updated>2014-07-21T13:54:29</updated>
<dc:language>nl-NL</dc:language>
<content type="text"></content>
<link type="application/atom+xml" href="opds-Community_Services_Infrastructure.xml"/>
@@ -23,7 +23,7 @@
<entry>
<title>Fedora</title>
<id>http://docs.fedoraproject.org/nl-NL/Fedora/opds-Fedora.xml</id>
- <updated>2014-07-14T17:17:13</updated>
+ <updated>2014-07-21T13:54:30</updated>
<dc:language>nl-NL</dc:language>
<content type="text"></content>
<link type="application/atom+xml" href="opds-Fedora.xml"/>
@@ -31,7 +31,7 @@
<entry>
<title>Fedora Contributor Documentation</title>
<id>http://docs.fedoraproject.org/nl-NL/Fedora_Contributor_Documentation/opds-Fedora_Contributor_Documentation.xml</id>
- <updated>2014-07-14T17:17:13</updated>
+ <updated>2014-07-21T13:54:30</updated>
<dc:language>nl-NL</dc:language>
<content type="text"></content>
<link type="application/atom+xml" href="opds-Fedora_Contributor_Documentation.xml"/>
@@ -39,7 +39,7 @@
<entry>
<title>Fedora Core</title>
<id>http://docs.fedoraproject.org/nl-NL/Fedora_Core/opds-Fedora_Core.xml</id>
- <updated>2014-07-14T17:17:13</updated>
+ <updated>2014-07-21T13:54:30</updated>
<dc:language>nl-NL</dc:language>
<content type="text"></content>
<link type="application/atom+xml" href="opds-Fedora_Core.xml"/>
@@ -47,7 +47,7 @@
<entry>
<title>Fedora Documentation</title>
<id>http://docs.fedoraproject.org/nl-NL/Fedora_Documentation/opds-Fedora_Documentation.xml</id>
- <updated>2014-07-14T17:17:13</updated>
+ <updated>2014-07-21T13:54:30</updated>
<dc:language>nl-NL</dc:language>
<content type="text"></content>
<link type="application/atom+xml" href="opds-Fedora_Documentation.xml"/>
@@ -55,7 +55,7 @@
<entry>
<title>Fedora Draft Documentation</title>
<id>http://docs.fedoraproject.org/nl-NL/Fedora_Draft_Documentation/opds-Fedora_Draft_Documentation.xml</id>
- <updated>2014-07-14T17:17:13</updated>
+ <updated>2014-07-21T13:54:30</updated>
<dc:language>nl-NL</dc:language>
<content type="text"></content>
<link type="application/atom+xml" href="opds-Fedora_Draft_Documentation.xml"/>
@@ -63,7 +63,7 @@
<entry>
<title>Fedora Security Team</title>
<id>http://docs.fedoraproject.org/nl-NL/Fedora_Security_Team/opds-Fedora_Security_Team.xml</id>
- <updated>2014-07-14T17:17:13</updated>
+ <updated>2014-07-21T13:54:30</updated>
<dc:language>nl-NL</dc:language>
<content type="text"></content>
<link type="application/atom+xml" href="opds-Fedora_Security_Team.xml"/>
diff --git a/public_html/nl-NL/toc.html b/public_html/nl-NL/toc.html
index aa47b1c..b835835 100644
--- a/public_html/nl-NL/toc.html
+++ b/public_html/nl-NL/toc.html
@@ -2009,12 +2009,19 @@
<div class="product collapsed" onclick="toggle(event, 'Fedora_Security_Team');work=1;">
<span class="product">Fedora Security Team</span>
<div id='Fedora_Security_Team' class="versions hidden">
- <div id='Fedora_Security_Team.1' class="version collapsed" onclick="toggle(event, 'Fedora_Security_Team.1.books');">
- <span class="version">1</span>
- <div id='Fedora_Security_Team.1.books' class="books hidden">
+ <div id='Fedora_Security_Team.1' class="version collapsed" onclick="toggle(event, 'Fedora_Security_Team.1.books');"> <div id='Fedora_Security_Team.1.books' class="books">
<div id='Fedora_Security_Team.1' class="version collapsed untranslated" onclick="toggle(event, 'Fedora_Security_Team.1.untrans_books');">
<span class="version">Onvertaald</span>
<div id='Fedora_Security_Team.1.untrans_books' class="books hidden">
+ <div id='Fedora_Security_Team.1.Defensive_Coding' class="book collapsed" onclick="toggle(event, 'Fedora_Security_Team.1.Defensive_Coding.types');">
+ <a class="type" href="../en-US/Fedora_Security_Team/1/html/Defensive_Coding/index.html" onclick="window.top.location='../en-US/Fedora_Security_Team/1/html/Defensive_Coding/index.html'"><span class="book">Defensive Coding</span></a>
+ <div id='Fedora_Security_Team.1.Defensive_Coding.types' class="types hidden" onclick="work=0;">
+ <a class="type" href="../en-US/./Fedora_Security_Team/1/epub/Defensive_Coding/Fedora_Security_Team-1-Defensive_Coding-en-US.epub" >epub</a>
+ <a class="type" href="../en-US/./Fedora_Security_Team/1/html/Defensive_Coding/index.html" onclick="window.top.location='../en-US/./Fedora_Security_Team/1/html/Defensive_Coding/index.html';return false;">html</a>
+ <a class="type" href="../en-US/./Fedora_Security_Team/1/html-single/Defensive_Coding/index.html" onclick="window.top.location='../en-US/./Fedora_Security_Team/1/html-single/Defensive_Coding/index.html';return false;">html-single</a>
+ <a class="type" href="../en-US/./Fedora_Security_Team/1/pdf/Defensive_Coding/Fedora_Security_Team-1-Defensive_Coding-en-US.pdf" onclick="window.top.location='../en-US/./Fedora_Security_Team/1/pdf/Defensive_Coding/Fedora_Security_Team-1-Defensive_Coding-en-US.pdf';return false;">pdf</a>
+ </div>
+ </div>
<div id='Fedora_Security_Team.1.Secure_Ruby_Development_Guide' class="book collapsed" onclick="toggle(event, 'Fedora_Security_Team.1.Secure_Ruby_Development_Guide.types');">
<a class="type" href="../en-US/Fedora_Security_Team/1/html/Secure_Ruby_Development_Guide/index.html" onclick="window.top.location='../en-US/Fedora_Security_Team/1/html/Secure_Ruby_Development_Guide/index.html'"><span class="book">Secure Ruby Development Guide</span></a>
<div id='Fedora_Security_Team.1.Secure_Ruby_Development_Guide.types' class="types hidden" onclick="work=0;">
diff --git a/public_html/opds.xml b/public_html/opds.xml
index 9a5d3ac..f69c6ef 100644
--- a/public_html/opds.xml
+++ b/public_html/opds.xml
@@ -7,7 +7,7 @@
<link rel="start" href="http://docs.fedoraproject.org/opds.xml" type="application/atom+xml;type=feed;profile=opds-catalog"/>
<link rel="http://opds-spec.org/crawlable" type="application/atom+xml" href="http://bookserver.archive.org/catalog/crawlable" title="Crawlable feed"/>
<title>Fedora Documentation</title>
- <updated>2014-07-14T17:17:16</updated>
+ <updated>2014-07-21T13:54:33</updated>
<!--author>
<name></name>
<uri></uri>
@@ -16,7 +16,7 @@
<entry>
<title>অসমীয়া</title>
<id>as-IN/opds.xml</id>
- <updated>2014-07-14T17:17:08</updated>
+ <updated>2014-07-21T13:54:24</updated>
<dc:language>as-IN</dc:language>
<content type="text"></content>
<link type="application/atom+xml" href="as-IN/opds.xml"/>
@@ -24,7 +24,7 @@
<entry>
<title>български</title>
<id>bg-BG/opds.xml</id>
- <updated>2014-07-14T17:17:08</updated>
+ <updated>2014-07-21T13:54:24</updated>
<dc:language>bg-BG</dc:language>
<content type="text"></content>
<link type="application/atom+xml" href="bg-BG/opds.xml"/>
@@ -32,7 +32,7 @@
<entry>
<title>বাংলা</title>
<id>bn-IN/opds.xml</id>
- <updated>2014-07-14T17:17:08</updated>
+ <updated>2014-07-21T13:54:24</updated>
<dc:language>bn-IN</dc:language>
<content type="text"></content>
<link type="application/atom+xml" href="bn-IN/opds.xml"/>
@@ -40,7 +40,7 @@
<entry>
<title>Bosanski</title>
<id>bs-BA/opds.xml</id>
- <updated>2014-07-14T17:17:09</updated>
+ <updated>2014-07-21T13:54:25</updated>
<dc:language>bs-BA</dc:language>
<content type="text"></content>
<link type="application/atom+xml" href="bs-BA/opds.xml"/>
@@ -48,7 +48,7 @@
<entry>
<title>Català</title>
<id>ca-ES/opds.xml</id>
- <updated>2014-07-14T17:17:09</updated>
+ <updated>2014-07-21T13:54:25</updated>
<dc:language>ca-ES</dc:language>
<content type="text"></content>
<link type="application/atom+xml" href="ca-ES/opds.xml"/>
@@ -56,7 +56,7 @@
<entry>
<title>Čeština</title>
<id>cs-CZ/opds.xml</id>
- <updated>2014-07-14T17:17:09</updated>
+ <updated>2014-07-21T13:54:25</updated>
<dc:language>cs-CZ</dc:language>
<content type="text"></content>
<link type="application/atom+xml" href="cs-CZ/opds.xml"/>
@@ -64,7 +64,7 @@
<entry>
<title>Dansk</title>
<id>da-DK/opds.xml</id>
- <updated>2014-07-14T17:17:09</updated>
+ <updated>2014-07-21T13:54:25</updated>
<dc:language>da-DK</dc:language>
<content type="text"></content>
<link type="application/atom+xml" href="da-DK/opds.xml"/>
@@ -72,7 +72,7 @@
<entry>
<title>Deutsch</title>
<id>de-DE/opds.xml</id>
- <updated>2014-07-14T17:17:09</updated>
+ <updated>2014-07-21T13:54:25</updated>
<dc:language>de-DE</dc:language>
<content type="text"></content>
<link type="application/atom+xml" href="de-DE/opds.xml"/>
@@ -80,7 +80,7 @@
<entry>
<title>Ελληνικά</title>
<id>el-GR/opds.xml</id>
- <updated>2014-07-14T17:17:09</updated>
+ <updated>2014-07-21T13:54:26</updated>
<dc:language>el-GR</dc:language>
<content type="text"></content>
<link type="application/atom+xml" href="el-GR/opds.xml"/>
@@ -88,7 +88,7 @@
<entry>
<title>English</title>
<id>en-US/opds.xml</id>
- <updated>2014-07-14T17:17:10</updated>
+ <updated>2014-07-21T13:54:26</updated>
<dc:language>en-US</dc:language>
<content type="text"></content>
<link type="application/atom+xml" href="en-US/opds.xml"/>
@@ -96,7 +96,7 @@
<entry>
<title>Español</title>
<id>es-ES/opds.xml</id>
- <updated>2014-07-14T17:17:10</updated>
+ <updated>2014-07-21T13:54:26</updated>
<dc:language>es-ES</dc:language>
<content type="text"></content>
<link type="application/atom+xml" href="es-ES/opds.xml"/>
@@ -104,7 +104,7 @@
<entry>
<title>فارسی</title>
<id>fa-IR/opds.xml</id>
- <updated>2014-07-14T17:17:10</updated>
+ <updated>2014-07-21T13:54:26</updated>
<dc:language>fa-IR</dc:language>
<content type="text"></content>
<link type="application/atom+xml" href="fa-IR/opds.xml"/>
@@ -112,7 +112,7 @@
<entry>
<title>Suomi</title>
<id>fi-FI/opds.xml</id>
- <updated>2014-07-14T17:17:10</updated>
+ <updated>2014-07-21T13:54:26</updated>
<dc:language>fi-FI</dc:language>
<content type="text"></content>
<link type="application/atom+xml" href="fi-FI/opds.xml"/>
@@ -120,7 +120,7 @@
<entry>
<title>Français</title>
<id>fr-FR/opds.xml</id>
- <updated>2014-07-14T17:17:10</updated>
+ <updated>2014-07-21T13:54:27</updated>
<dc:language>fr-FR</dc:language>
<content type="text"></content>
<link type="application/atom+xml" href="fr-FR/opds.xml"/>
@@ -128,7 +128,7 @@
<entry>
<title>ગુજરાતી</title>
<id>gu-IN/opds.xml</id>
- <updated>2014-07-14T17:17:10</updated>
+ <updated>2014-07-21T13:54:27</updated>
<dc:language>gu-IN</dc:language>
<content type="text"></content>
<link type="application/atom+xml" href="gu-IN/opds.xml"/>
@@ -136,7 +136,7 @@
<entry>
<title>עברית</title>
<id>he-IL/opds.xml</id>
- <updated>2014-07-14T17:17:11</updated>
+ <updated>2014-07-21T13:54:27</updated>
<dc:language>he-IL</dc:language>
<content type="text"></content>
<link type="application/atom+xml" href="he-IL/opds.xml"/>
@@ -144,7 +144,7 @@
<entry>
<title>हिन्दी</title>
<id>hi-IN/opds.xml</id>
- <updated>2014-07-14T17:17:11</updated>
+ <updated>2014-07-21T13:54:27</updated>
<dc:language>hi-IN</dc:language>
<content type="text"></content>
<link type="application/atom+xml" href="hi-IN/opds.xml"/>
@@ -152,7 +152,7 @@
<entry>
<title>Magyar</title>
<id>hu-HU/opds.xml</id>
- <updated>2014-07-14T17:17:11</updated>
+ <updated>2014-07-21T13:54:27</updated>
<dc:language>hu-HU</dc:language>
<content type="text"></content>
<link type="application/atom+xml" href="hu-HU/opds.xml"/>
@@ -160,7 +160,7 @@
<entry>
<title>Interlingua (International Auxiliary Language Association)</title>
<id>ia/opds.xml</id>
- <updated>2014-07-14T17:17:11</updated>
+ <updated>2014-07-21T13:54:28</updated>
<dc:language>ia</dc:language>
<content type="text"></content>
<link type="application/atom+xml" href="ia/opds.xml"/>
@@ -168,7 +168,7 @@
<entry>
<title>Indonesia</title>
<id>id-ID/opds.xml</id>
- <updated>2014-07-14T17:17:11</updated>
+ <updated>2014-07-21T13:54:28</updated>
<dc:language>id-ID</dc:language>
<content type="text"></content>
<link type="application/atom+xml" href="id-ID/opds.xml"/>
@@ -176,7 +176,7 @@
<entry>
<title>Italiano</title>
<id>it-IT/opds.xml</id>
- <updated>2014-07-14T17:17:11</updated>
+ <updated>2014-07-21T13:54:28</updated>
<dc:language>it-IT</dc:language>
<content type="text"></content>
<link type="application/atom+xml" href="it-IT/opds.xml"/>
@@ -184,7 +184,7 @@
<entry>
<title>日本語</title>
<id>ja-JP/opds.xml</id>
- <updated>2014-07-14T17:17:12</updated>
+ <updated>2014-07-21T13:54:28</updated>
<dc:language>ja-JP</dc:language>
<content type="text"></content>
<link type="application/atom+xml" href="ja-JP/opds.xml"/>
@@ -192,7 +192,7 @@
<entry>
<title>ಕನ್ನಡ</title>
<id>kn-IN/opds.xml</id>
- <updated>2014-07-14T17:17:12</updated>
+ <updated>2014-07-21T13:54:28</updated>
<dc:language>kn-IN</dc:language>
<content type="text"></content>
<link type="application/atom+xml" href="kn-IN/opds.xml"/>
@@ -200,7 +200,7 @@
<entry>
<title>한국어</title>
<id>ko-KR/opds.xml</id>
- <updated>2014-07-14T17:17:12</updated>
+ <updated>2014-07-21T13:54:29</updated>
<dc:language>ko-KR</dc:language>
<content type="text"></content>
<link type="application/atom+xml" href="ko-KR/opds.xml"/>
@@ -208,7 +208,7 @@
<entry>
<title>Lithuanian</title>
<id>lt-LT/opds.xml</id>
- <updated>2014-07-14T17:17:12</updated>
+ <updated>2014-07-21T13:54:29</updated>
<dc:language>lt-LT</dc:language>
<content type="text"></content>
<link type="application/atom+xml" href="lt-LT/opds.xml"/>
@@ -216,7 +216,7 @@
<entry>
<title>മലയാളം</title>
<id>ml-IN/opds.xml</id>
- <updated>2014-07-14T17:17:12</updated>
+ <updated>2014-07-21T13:54:29</updated>
<dc:language>ml-IN</dc:language>
<content type="text"></content>
<link type="application/atom+xml" href="ml-IN/opds.xml"/>
@@ -224,7 +224,7 @@
<entry>
<title>मराठी</title>
<id>mr-IN/opds.xml</id>
- <updated>2014-07-14T17:17:13</updated>
+ <updated>2014-07-21T13:54:29</updated>
<dc:language>mr-IN</dc:language>
<content type="text"></content>
<link type="application/atom+xml" href="mr-IN/opds.xml"/>
@@ -232,7 +232,7 @@
<entry>
<title>Norsk (bokmål)</title>
<id>nb-NO/opds.xml</id>
- <updated>2014-07-14T17:17:13</updated>
+ <updated>2014-07-21T13:54:29</updated>
<dc:language>nb-NO</dc:language>
<content type="text"></content>
<link type="application/atom+xml" href="nb-NO/opds.xml"/>
@@ -240,7 +240,7 @@
<entry>
<title>Nederlands</title>
<id>nl-NL/opds.xml</id>
- <updated>2014-07-14T17:17:13</updated>
+ <updated>2014-07-21T13:54:30</updated>
<dc:language>nl-NL</dc:language>
<content type="text"></content>
<link type="application/atom+xml" href="nl-NL/opds.xml"/>
@@ -248,7 +248,7 @@
<entry>
<title>ଓଡ଼ିଆ</title>
<id>or-IN/opds.xml</id>
- <updated>2014-07-14T17:17:13</updated>
+ <updated>2014-07-21T13:54:30</updated>
<dc:language>or-IN</dc:language>
<content type="text"></content>
<link type="application/atom+xml" href="or-IN/opds.xml"/>
@@ -256,7 +256,7 @@
<entry>
<title>ਪੰਜਾਬੀ</title>
<id>pa-IN/opds.xml</id>
- <updated>2014-07-14T17:17:13</updated>
+ <updated>2014-07-21T13:54:30</updated>
<dc:language>pa-IN</dc:language>
<content type="text"></content>
<link type="application/atom+xml" href="pa-IN/opds.xml"/>
@@ -264,7 +264,7 @@
<entry>
<title>Polski</title>
<id>pl-PL/opds.xml</id>
- <updated>2014-07-14T17:17:14</updated>
+ <updated>2014-07-21T13:54:30</updated>
<dc:language>pl-PL</dc:language>
<content type="text"></content>
<link type="application/atom+xml" href="pl-PL/opds.xml"/>
@@ -272,7 +272,7 @@
<entry>
<title>Português Brasileiro</title>
<id>pt-BR/opds.xml</id>
- <updated>2014-07-14T17:17:14</updated>
+ <updated>2014-07-21T13:54:30</updated>
<dc:language>pt-BR</dc:language>
<content type="text"></content>
<link type="application/atom+xml" href="pt-BR/opds.xml"/>
@@ -280,7 +280,7 @@
<entry>
<title>Português</title>
<id>pt-PT/opds.xml</id>
- <updated>2014-07-14T17:17:14</updated>
+ <updated>2014-07-21T13:54:31</updated>
<dc:language>pt-PT</dc:language>
<content type="text"></content>
<link type="application/atom+xml" href="pt-PT/opds.xml"/>
@@ -288,7 +288,7 @@
<entry>
<title>Romanian</title>
<id>ro/opds.xml</id>
- <updated>2014-07-14T17:17:14</updated>
+ <updated>2014-07-21T13:54:31</updated>
<dc:language>ro</dc:language>
<content type="text"></content>
<link type="application/atom+xml" href="ro/opds.xml"/>
@@ -296,7 +296,7 @@
<entry>
<title>Русский</title>
<id>ru-RU/opds.xml</id>
- <updated>2014-07-14T17:17:14</updated>
+ <updated>2014-07-21T13:54:31</updated>
<dc:language>ru-RU</dc:language>
<content type="text"></content>
<link type="application/atom+xml" href="ru-RU/opds.xml"/>
@@ -304,7 +304,7 @@
<entry>
<title>Slovenščina</title>
<id>sk-SK/opds.xml</id>
- <updated>2014-07-14T17:17:14</updated>
+ <updated>2014-07-21T13:54:31</updated>
<dc:language>sk-SK</dc:language>
<content type="text"></content>
<link type="application/atom+xml" href="sk-SK/opds.xml"/>
@@ -312,7 +312,7 @@
<entry>
<title>Srpski (latinica)</title>
<id>sr-Latn-RS/opds.xml</id>
- <updated>2014-07-14T17:17:15</updated>
+ <updated>2014-07-21T13:54:31</updated>
<dc:language>sr-Latn-RS</dc:language>
<content type="text"></content>
<link type="application/atom+xml" href="sr-Latn-RS/opds.xml"/>
@@ -320,7 +320,7 @@
<entry>
<title>Српски</title>
<id>sr-RS/opds.xml</id>
- <updated>2014-07-14T17:17:15</updated>
+ <updated>2014-07-21T13:54:32</updated>
<dc:language>sr-RS</dc:language>
<content type="text"></content>
<link type="application/atom+xml" href="sr-RS/opds.xml"/>
@@ -328,7 +328,7 @@
<entry>
<title>Svenska</title>
<id>sv-SE/opds.xml</id>
- <updated>2014-07-14T17:17:15</updated>
+ <updated>2014-07-21T13:54:32</updated>
<dc:language>sv-SE</dc:language>
<content type="text"></content>
<link type="application/atom+xml" href="sv-SE/opds.xml"/>
@@ -336,7 +336,7 @@
<entry>
<title>தமிழ்</title>
<id>ta-IN/opds.xml</id>
- <updated>2014-07-14T17:17:15</updated>
+ <updated>2014-07-21T13:54:32</updated>
<dc:language>ta-IN</dc:language>
<content type="text"></content>
<link type="application/atom+xml" href="ta-IN/opds.xml"/>
@@ -344,7 +344,7 @@
<entry>
<title>తెలుగు</title>
<id>te-IN/opds.xml</id>
- <updated>2014-07-14T17:17:15</updated>
+ <updated>2014-07-21T13:54:32</updated>
<dc:language>te-IN</dc:language>
<content type="text"></content>
<link type="application/atom+xml" href="te-IN/opds.xml"/>
@@ -352,7 +352,7 @@
<entry>
<title>Українська</title>
<id>uk-UA/opds.xml</id>
- <updated>2014-07-14T17:17:16</updated>
+ <updated>2014-07-21T13:54:32</updated>
<dc:language>uk-UA</dc:language>
<content type="text"></content>
<link type="application/atom+xml" href="uk-UA/opds.xml"/>
@@ -360,7 +360,7 @@
<entry>
<title>简体中文</title>
<id>zh-CN/opds.xml</id>
- <updated>2014-07-14T17:17:16</updated>
+ <updated>2014-07-21T13:54:33</updated>
<dc:language>zh-CN</dc:language>
<content type="text"></content>
<link type="application/atom+xml" href="zh-CN/opds.xml"/>
@@ -368,7 +368,7 @@
<entry>
<title>繁體中文</title>
<id>zh-TW/opds.xml</id>
- <updated>2014-07-14T17:17:16</updated>
+ <updated>2014-07-21T13:54:33</updated>
<dc:language>zh-TW</dc:language>
<content type="text"></content>
<link type="application/atom+xml" href="zh-TW/opds.xml"/>
diff --git a/public_html/or-IN/Site_Statistics.html b/public_html/or-IN/Site_Statistics.html
index 02caf19..bbbf9bd 100644
--- a/public_html/or-IN/Site_Statistics.html
+++ b/public_html/or-IN/Site_Statistics.html
@@ -28,7 +28,7 @@
<td>7</td>
<td>45</td>
<td>22</td>
- <td>166</td>
+ <td>167</td>
</tr>
<tr>
@@ -430,7 +430,7 @@
</table>
<div class="totals">
<b>Total Languages: </b>45<br />
- <b>Total Packages: </b>906
+ <b>Total Packages: </b>907
</div>
</body>
</html>
diff --git a/public_html/or-IN/opds-Community_Services_Infrastructure.xml b/public_html/or-IN/opds-Community_Services_Infrastructure.xml
index 78dc509..fedb18f 100644
--- a/public_html/or-IN/opds-Community_Services_Infrastructure.xml
+++ b/public_html/or-IN/opds-Community_Services_Infrastructure.xml
@@ -6,7 +6,7 @@
<id>http://docs.fedoraproject.org/or-IN/opds-Community_Services_Infrastructure.xml</id>
<title>Community Services Infrastructure</title>
<subtitle>Community Services Infrastructure</subtitle>
- <updated>2014-07-14T17:17:13</updated>
+ <updated>2014-07-21T13:54:30</updated>
<!--author>
<name></name>
<uri></uri>
diff --git a/public_html/or-IN/opds-Fedora.xml b/public_html/or-IN/opds-Fedora.xml
index 825f65b..77af0f3 100644
--- a/public_html/or-IN/opds-Fedora.xml
+++ b/public_html/or-IN/opds-Fedora.xml
@@ -6,7 +6,7 @@
<id>http://docs.fedoraproject.org/or-IN/opds-Fedora.xml</id>
<title>Fedora</title>
<subtitle>Fedora</subtitle>
- <updated>2014-07-14T17:17:13</updated>
+ <updated>2014-07-21T13:54:30</updated>
<!--author>
<name></name>
<uri></uri>
diff --git a/public_html/or-IN/opds-Fedora_Contributor_Documentation.xml b/public_html/or-IN/opds-Fedora_Contributor_Documentation.xml
index 553d438..e97c679 100644
--- a/public_html/or-IN/opds-Fedora_Contributor_Documentation.xml
+++ b/public_html/or-IN/opds-Fedora_Contributor_Documentation.xml
@@ -6,7 +6,7 @@
<id>http://docs.fedoraproject.org/or-IN/opds-Fedora_Contributor_Documentation.xml</id>
<title>Fedora Contributor Documentation</title>
<subtitle>Fedora Contributor Documentation</subtitle>
- <updated>2014-07-14T17:17:13</updated>
+ <updated>2014-07-21T13:54:30</updated>
<!--author>
<name></name>
<uri></uri>
diff --git a/public_html/or-IN/opds-Fedora_Core.xml b/public_html/or-IN/opds-Fedora_Core.xml
index 8529139..1f62051 100644
--- a/public_html/or-IN/opds-Fedora_Core.xml
+++ b/public_html/or-IN/opds-Fedora_Core.xml
@@ -6,7 +6,7 @@
<id>http://docs.fedoraproject.org/or-IN/opds-Fedora_Core.xml</id>
<title>Fedora Core</title>
<subtitle>Fedora Core</subtitle>
- <updated>2014-07-14T17:17:13</updated>
+ <updated>2014-07-21T13:54:30</updated>
<!--author>
<name></name>
<uri></uri>
diff --git a/public_html/or-IN/opds-Fedora_Documentation.xml b/public_html/or-IN/opds-Fedora_Documentation.xml
index b787330..24da6dc 100644
--- a/public_html/or-IN/opds-Fedora_Documentation.xml
+++ b/public_html/or-IN/opds-Fedora_Documentation.xml
@@ -6,7 +6,7 @@
<id>http://docs.fedoraproject.org/or-IN/opds-Fedora_Documentation.xml</id>
<title>Fedora Documentation</title>
<subtitle>Fedora Documentation</subtitle>
- <updated>2014-07-14T17:17:13</updated>
+ <updated>2014-07-21T13:54:30</updated>
<!--author>
<name></name>
<uri></uri>
diff --git a/public_html/or-IN/opds-Fedora_Draft_Documentation.xml b/public_html/or-IN/opds-Fedora_Draft_Documentation.xml
index e2ec1f2..73553a9 100644
--- a/public_html/or-IN/opds-Fedora_Draft_Documentation.xml
+++ b/public_html/or-IN/opds-Fedora_Draft_Documentation.xml
@@ -6,7 +6,7 @@
<id>http://docs.fedoraproject.org/or-IN/opds-Fedora_Draft_Documentation.xml</id>
<title>Fedora Draft Documentation</title>
<subtitle>Fedora Draft Documentation</subtitle>
- <updated>2014-07-14T17:17:13</updated>
+ <updated>2014-07-21T13:54:30</updated>
<!--author>
<name></name>
<uri></uri>
diff --git a/public_html/or-IN/opds-Fedora_Security_Team.xml b/public_html/or-IN/opds-Fedora_Security_Team.xml
index 701c7ec..d3547ee 100644
--- a/public_html/or-IN/opds-Fedora_Security_Team.xml
+++ b/public_html/or-IN/opds-Fedora_Security_Team.xml
@@ -6,13 +6,31 @@
<id>http://docs.fedoraproject.org/or-IN/opds-Fedora_Security_Team.xml</id>
<title>Fedora Security Team</title>
<subtitle>Fedora Security Team</subtitle>
- <updated>2014-07-14T17:17:13</updated>
+ <updated>2014-07-21T13:54:30</updated>
<!--author>
<name></name>
<uri></uri>
</author-->
<entry>
+ <title>Defensive Coding</title>
+ <id>http://docs.fedoraproject.org/en-US/Fedora_Security_Team/1/epub/Defensive_Coding/Fedora_Security_Team-1-Defensive_Coding-en-US.epub</id>
+ <!--author>
+ <name></name>
+ <uri></uri>
+ </author-->
+ <updated>2014-07-21</updated>
+ <dc:language>or-IN</dc:language>
+ <category label="1" scheme="http://lexcycle.com/stanza/header" term="free"/>
+ <!--dc:issued></dc:issued-->
+ <summary>A Guide to Improving Software Security</summary>
+ <content type="text">This document provides guidelines for improving software security through secure coding. It covers common programming languages and libraries, and focuses on concrete recommendations.</content>
+ <link type="application/epub+zip" rel="http://opds-spec.org/acquisition" href="http://docs.fedoraproject.org/en-US/Fedora_Security_Team/1/epub/Defensive_Coding/Fedora_Security_Team-1-Defensive_Coding-en-US.epub">
+ <dc:format>application/epub+zip</dc:format>
+ </link>
+ <!--link type="application/atom+xml;type=entry" href="" rel="alternate" title="Full entry"/-->
+ </entry>
+ <entry>
<title>Secure Ruby Development Guide</title>
<id>http://docs.fedoraproject.org/en-US/Fedora_Security_Team/1/epub/Secure_Ruby_Development_Guide/Fedora_Security_Team-1-Secure_Ruby_Development_Guide-en-US.epub</id>
<!--author>
@@ -21,7 +39,7 @@
</author-->
<updated>2014-07-14</updated>
<dc:language>or-IN</dc:language>
- <category label="1" scheme="http://lexcycle.com/stanza/header" term="free"/>
+ <category label="" scheme="http://lexcycle.com/stanza/header" term="free"/>
<!--dc:issued></dc:issued-->
<summary>Guide to secure software development in Ruby</summary>
<content type="text">This guide covers security aspects of software development in Ruby.</content>
diff --git a/public_html/or-IN/opds.xml b/public_html/or-IN/opds.xml
index 1d793d9..fe9d218 100644
--- a/public_html/or-IN/opds.xml
+++ b/public_html/or-IN/opds.xml
@@ -6,7 +6,7 @@
<link rel="http://opds-spec.org/crawlable" type="application/atom+xml" href="http://bookserver.archive.org/catalog/crawlable" title="Crawlable feed"/>
<id>http://docs.fedoraproject.org/or-IN/opds.xml</id>
<title>Product List</title>
- <updated>2014-07-14T17:17:13</updated>
+ <updated>2014-07-21T13:54:30</updated>
<!--author>
<name></name>
<uri></uri>
@@ -15,7 +15,7 @@
<entry>
<title>Community Services Infrastructure</title>
<id>http://docs.fedoraproject.org/or-IN/Community_Services_Infrastructure/opds-Community_Services_Infrastructure.xml</id>
- <updated>2014-07-14T17:17:13</updated>
+ <updated>2014-07-21T13:54:30</updated>
<dc:language>or-IN</dc:language>
<content type="text"></content>
<link type="application/atom+xml" href="opds-Community_Services_Infrastructure.xml"/>
@@ -23,7 +23,7 @@
<entry>
<title>Fedora</title>
<id>http://docs.fedoraproject.org/or-IN/Fedora/opds-Fedora.xml</id>
- <updated>2014-07-14T17:17:13</updated>
+ <updated>2014-07-21T13:54:30</updated>
<dc:language>or-IN</dc:language>
<content type="text"></content>
<link type="application/atom+xml" href="opds-Fedora.xml"/>
@@ -31,7 +31,7 @@
<entry>
<title>Fedora Contributor Documentation</title>
<id>http://docs.fedoraproject.org/or-IN/Fedora_Contributor_Documentation/opds-Fedora_Contributor_Documentation.xml</id>
- <updated>2014-07-14T17:17:13</updated>
+ <updated>2014-07-21T13:54:30</updated>
<dc:language>or-IN</dc:language>
<content type="text"></content>
<link type="application/atom+xml" href="opds-Fedora_Contributor_Documentation.xml"/>
@@ -39,7 +39,7 @@
<entry>
<title>Fedora Core</title>
<id>http://docs.fedoraproject.org/or-IN/Fedora_Core/opds-Fedora_Core.xml</id>
- <updated>2014-07-14T17:17:13</updated>
+ <updated>2014-07-21T13:54:30</updated>
<dc:language>or-IN</dc:language>
<content type="text"></content>
<link type="application/atom+xml" href="opds-Fedora_Core.xml"/>
@@ -47,7 +47,7 @@
<entry>
<title>Fedora Documentation</title>
<id>http://docs.fedoraproject.org/or-IN/Fedora_Documentation/opds-Fedora_Documentation.xml</id>
- <updated>2014-07-14T17:17:13</updated>
+ <updated>2014-07-21T13:54:30</updated>
<dc:language>or-IN</dc:language>
<content type="text"></content>
<link type="application/atom+xml" href="opds-Fedora_Documentation.xml"/>
@@ -55,7 +55,7 @@
<entry>
<title>Fedora Draft Documentation</title>
<id>http://docs.fedoraproject.org/or-IN/Fedora_Draft_Documentation/opds-Fedora_Draft_Documentation.xml</id>
- <updated>2014-07-14T17:17:13</updated>
+ <updated>2014-07-21T13:54:30</updated>
<dc:language>or-IN</dc:language>
<content type="text"></content>
<link type="application/atom+xml" href="opds-Fedora_Draft_Documentation.xml"/>
@@ -63,7 +63,7 @@
<entry>
<title>Fedora Security Team</title>
<id>http://docs.fedoraproject.org/or-IN/Fedora_Security_Team/opds-Fedora_Security_Team.xml</id>
- <updated>2014-07-14T17:17:13</updated>
+ <updated>2014-07-21T13:54:30</updated>
<dc:language>or-IN</dc:language>
<content type="text"></content>
<link type="application/atom+xml" href="opds-Fedora_Security_Team.xml"/>
diff --git a/public_html/or-IN/toc.html b/public_html/or-IN/toc.html
index d5d4cb5..ab4bb59 100644
--- a/public_html/or-IN/toc.html
+++ b/public_html/or-IN/toc.html
@@ -1800,12 +1800,19 @@
<div class="product collapsed" onclick="toggle(event, 'Fedora_Security_Team');work=1;">
<span class="product">Fedora Security Team</span>
<div id='Fedora_Security_Team' class="versions hidden">
- <div id='Fedora_Security_Team.1' class="version collapsed" onclick="toggle(event, 'Fedora_Security_Team.1.books');">
- <span class="version">1</span>
- <div id='Fedora_Security_Team.1.books' class="books hidden">
+ <div id='Fedora_Security_Team.1' class="version collapsed" onclick="toggle(event, 'Fedora_Security_Team.1.books');"> <div id='Fedora_Security_Team.1.books' class="books">
<div id='Fedora_Security_Team.1' class="version collapsed untranslated" onclick="toggle(event, 'Fedora_Security_Team.1.untrans_books');">
<span class="version">Untranslated</span>
<div id='Fedora_Security_Team.1.untrans_books' class="books hidden">
+ <div id='Fedora_Security_Team.1.Defensive_Coding' class="book collapsed" onclick="toggle(event, 'Fedora_Security_Team.1.Defensive_Coding.types');">
+ <a class="type" href="../en-US/Fedora_Security_Team/1/html/Defensive_Coding/index.html" onclick="window.top.location='../en-US/Fedora_Security_Team/1/html/Defensive_Coding/index.html'"><span class="book">Defensive Coding</span></a>
+ <div id='Fedora_Security_Team.1.Defensive_Coding.types' class="types hidden" onclick="work=0;">
+ <a class="type" href="../en-US/./Fedora_Security_Team/1/epub/Defensive_Coding/Fedora_Security_Team-1-Defensive_Coding-en-US.epub" >epub</a>
+ <a class="type" href="../en-US/./Fedora_Security_Team/1/html/Defensive_Coding/index.html" onclick="window.top.location='../en-US/./Fedora_Security_Team/1/html/Defensive_Coding/index.html';return false;">html</a>
+ <a class="type" href="../en-US/./Fedora_Security_Team/1/html-single/Defensive_Coding/index.html" onclick="window.top.location='../en-US/./Fedora_Security_Team/1/html-single/Defensive_Coding/index.html';return false;">html-single</a>
+ <a class="type" href="../en-US/./Fedora_Security_Team/1/pdf/Defensive_Coding/Fedora_Security_Team-1-Defensive_Coding-en-US.pdf" onclick="window.top.location='../en-US/./Fedora_Security_Team/1/pdf/Defensive_Coding/Fedora_Security_Team-1-Defensive_Coding-en-US.pdf';return false;">pdf</a>
+ </div>
+ </div>
<div id='Fedora_Security_Team.1.Secure_Ruby_Development_Guide' class="book collapsed" onclick="toggle(event, 'Fedora_Security_Team.1.Secure_Ruby_Development_Guide.types');">
<a class="type" href="../en-US/Fedora_Security_Team/1/html/Secure_Ruby_Development_Guide/index.html" onclick="window.top.location='../en-US/Fedora_Security_Team/1/html/Secure_Ruby_Development_Guide/index.html'"><span class="book">Secure Ruby Development Guide</span></a>
<div id='Fedora_Security_Team.1.Secure_Ruby_Development_Guide.types' class="types hidden" onclick="work=0;">
diff --git a/public_html/pa-IN/Site_Statistics.html b/public_html/pa-IN/Site_Statistics.html
index 02caf19..bbbf9bd 100644
--- a/public_html/pa-IN/Site_Statistics.html
+++ b/public_html/pa-IN/Site_Statistics.html
@@ -28,7 +28,7 @@
<td>7</td>
<td>45</td>
<td>22</td>
- <td>166</td>
+ <td>167</td>
</tr>
<tr>
@@ -430,7 +430,7 @@
</table>
<div class="totals">
<b>Total Languages: </b>45<br />
- <b>Total Packages: </b>906
+ <b>Total Packages: </b>907
</div>
</body>
</html>
diff --git a/public_html/pa-IN/opds-Community_Services_Infrastructure.xml b/public_html/pa-IN/opds-Community_Services_Infrastructure.xml
index 833916f..f6ed7b4 100644
--- a/public_html/pa-IN/opds-Community_Services_Infrastructure.xml
+++ b/public_html/pa-IN/opds-Community_Services_Infrastructure.xml
@@ -6,7 +6,7 @@
<id>http://docs.fedoraproject.org/pa-IN/opds-Community_Services_Infrastructure.xml</id>
<title>Community Services Infrastructure</title>
<subtitle>Community Services Infrastructure</subtitle>
- <updated>2014-07-14T17:17:13</updated>
+ <updated>2014-07-21T13:54:30</updated>
<!--author>
<name></name>
<uri></uri>
diff --git a/public_html/pa-IN/opds-Fedora.xml b/public_html/pa-IN/opds-Fedora.xml
index fa02ea5..77d7c03 100644
--- a/public_html/pa-IN/opds-Fedora.xml
+++ b/public_html/pa-IN/opds-Fedora.xml
@@ -6,7 +6,7 @@
<id>http://docs.fedoraproject.org/pa-IN/opds-Fedora.xml</id>
<title>Fedora</title>
<subtitle>Fedora</subtitle>
- <updated>2014-07-14T17:17:13</updated>
+ <updated>2014-07-21T13:54:30</updated>
<!--author>
<name></name>
<uri></uri>
diff --git a/public_html/pa-IN/opds-Fedora_Contributor_Documentation.xml b/public_html/pa-IN/opds-Fedora_Contributor_Documentation.xml
index f793edf..ad6959a 100644
--- a/public_html/pa-IN/opds-Fedora_Contributor_Documentation.xml
+++ b/public_html/pa-IN/opds-Fedora_Contributor_Documentation.xml
@@ -6,7 +6,7 @@
<id>http://docs.fedoraproject.org/pa-IN/opds-Fedora_Contributor_Documentation.xml</id>
<title>Fedora Contributor Documentation</title>
<subtitle>Fedora Contributor Documentation</subtitle>
- <updated>2014-07-14T17:17:13</updated>
+ <updated>2014-07-21T13:54:30</updated>
<!--author>
<name></name>
<uri></uri>
diff --git a/public_html/pa-IN/opds-Fedora_Core.xml b/public_html/pa-IN/opds-Fedora_Core.xml
index f0e869c..1e5d077 100644
--- a/public_html/pa-IN/opds-Fedora_Core.xml
+++ b/public_html/pa-IN/opds-Fedora_Core.xml
@@ -6,7 +6,7 @@
<id>http://docs.fedoraproject.org/pa-IN/opds-Fedora_Core.xml</id>
<title>Fedora Core</title>
<subtitle>Fedora Core</subtitle>
- <updated>2014-07-14T17:17:13</updated>
+ <updated>2014-07-21T13:54:30</updated>
<!--author>
<name></name>
<uri></uri>
diff --git a/public_html/pa-IN/opds-Fedora_Documentation.xml b/public_html/pa-IN/opds-Fedora_Documentation.xml
index 3237d13..9102512 100644
--- a/public_html/pa-IN/opds-Fedora_Documentation.xml
+++ b/public_html/pa-IN/opds-Fedora_Documentation.xml
@@ -6,7 +6,7 @@
<id>http://docs.fedoraproject.org/pa-IN/opds-Fedora_Documentation.xml</id>
<title>Fedora Documentation</title>
<subtitle>Fedora Documentation</subtitle>
- <updated>2014-07-14T17:17:13</updated>
+ <updated>2014-07-21T13:54:30</updated>
<!--author>
<name></name>
<uri></uri>
diff --git a/public_html/pa-IN/opds-Fedora_Draft_Documentation.xml b/public_html/pa-IN/opds-Fedora_Draft_Documentation.xml
index 9c87c83..5b3e2f0 100644
--- a/public_html/pa-IN/opds-Fedora_Draft_Documentation.xml
+++ b/public_html/pa-IN/opds-Fedora_Draft_Documentation.xml
@@ -6,7 +6,7 @@
<id>http://docs.fedoraproject.org/pa-IN/opds-Fedora_Draft_Documentation.xml</id>
<title>Fedora Draft Documentation</title>
<subtitle>Fedora Draft Documentation</subtitle>
- <updated>2014-07-14T17:17:13</updated>
+ <updated>2014-07-21T13:54:30</updated>
<!--author>
<name></name>
<uri></uri>
diff --git a/public_html/pa-IN/opds-Fedora_Security_Team.xml b/public_html/pa-IN/opds-Fedora_Security_Team.xml
index 7ab7dbf..1b63558 100644
--- a/public_html/pa-IN/opds-Fedora_Security_Team.xml
+++ b/public_html/pa-IN/opds-Fedora_Security_Team.xml
@@ -6,13 +6,31 @@
<id>http://docs.fedoraproject.org/pa-IN/opds-Fedora_Security_Team.xml</id>
<title>Fedora Security Team</title>
<subtitle>Fedora Security Team</subtitle>
- <updated>2014-07-14T17:17:13</updated>
+ <updated>2014-07-21T13:54:30</updated>
<!--author>
<name></name>
<uri></uri>
</author-->
<entry>
+ <title>Defensive Coding</title>
+ <id>http://docs.fedoraproject.org/en-US/Fedora_Security_Team/1/epub/Defensive_Coding/Fedora_Security_Team-1-Defensive_Coding-en-US.epub</id>
+ <!--author>
+ <name></name>
+ <uri></uri>
+ </author-->
+ <updated>2014-07-21</updated>
+ <dc:language>pa-IN</dc:language>
+ <category label="1" scheme="http://lexcycle.com/stanza/header" term="free"/>
+ <!--dc:issued></dc:issued-->
+ <summary>A Guide to Improving Software Security</summary>
+ <content type="text">This document provides guidelines for improving software security through secure coding. It covers common programming languages and libraries, and focuses on concrete recommendations.</content>
+ <link type="application/epub+zip" rel="http://opds-spec.org/acquisition" href="http://docs.fedoraproject.org/en-US/Fedora_Security_Team/1/epub/Defensive_Coding/Fedora_Security_Team-1-Defensive_Coding-en-US.epub">
+ <dc:format>application/epub+zip</dc:format>
+ </link>
+ <!--link type="application/atom+xml;type=entry" href="" rel="alternate" title="Full entry"/-->
+ </entry>
+ <entry>
<title>Secure Ruby Development Guide</title>
<id>http://docs.fedoraproject.org/en-US/Fedora_Security_Team/1/epub/Secure_Ruby_Development_Guide/Fedora_Security_Team-1-Secure_Ruby_Development_Guide-en-US.epub</id>
<!--author>
@@ -21,7 +39,7 @@
</author-->
<updated>2014-07-14</updated>
<dc:language>pa-IN</dc:language>
- <category label="1" scheme="http://lexcycle.com/stanza/header" term="free"/>
+ <category label="" scheme="http://lexcycle.com/stanza/header" term="free"/>
<!--dc:issued></dc:issued-->
<summary>Guide to secure software development in Ruby</summary>
<content type="text">This guide covers security aspects of software development in Ruby.</content>
diff --git a/public_html/pa-IN/opds.xml b/public_html/pa-IN/opds.xml
index 78dc047..a020a99 100644
--- a/public_html/pa-IN/opds.xml
+++ b/public_html/pa-IN/opds.xml
@@ -6,7 +6,7 @@
<link rel="http://opds-spec.org/crawlable" type="application/atom+xml" href="http://bookserver.archive.org/catalog/crawlable" title="Crawlable feed"/>
<id>http://docs.fedoraproject.org/pa-IN/opds.xml</id>
<title>Product List</title>
- <updated>2014-07-14T17:17:13</updated>
+ <updated>2014-07-21T13:54:30</updated>
<!--author>
<name></name>
<uri></uri>
@@ -15,7 +15,7 @@
<entry>
<title>Community Services Infrastructure</title>
<id>http://docs.fedoraproject.org/pa-IN/Community_Services_Infrastructure/opds-Community_Services_Infrastructure.xml</id>
- <updated>2014-07-14T17:17:13</updated>
+ <updated>2014-07-21T13:54:30</updated>
<dc:language>pa-IN</dc:language>
<content type="text"></content>
<link type="application/atom+xml" href="opds-Community_Services_Infrastructure.xml"/>
@@ -23,7 +23,7 @@
<entry>
<title>Fedora</title>
<id>http://docs.fedoraproject.org/pa-IN/Fedora/opds-Fedora.xml</id>
- <updated>2014-07-14T17:17:13</updated>
+ <updated>2014-07-21T13:54:30</updated>
<dc:language>pa-IN</dc:language>
<content type="text"></content>
<link type="application/atom+xml" href="opds-Fedora.xml"/>
@@ -31,7 +31,7 @@
<entry>
<title>Fedora Contributor Documentation</title>
<id>http://docs.fedoraproject.org/pa-IN/Fedora_Contributor_Documentation/opds-Fedora_Contributor_Documentation.xml</id>
- <updated>2014-07-14T17:17:13</updated>
+ <updated>2014-07-21T13:54:30</updated>
<dc:language>pa-IN</dc:language>
<content type="text"></content>
<link type="application/atom+xml" href="opds-Fedora_Contributor_Documentation.xml"/>
@@ -39,7 +39,7 @@
<entry>
<title>Fedora Core</title>
<id>http://docs.fedoraproject.org/pa-IN/Fedora_Core/opds-Fedora_Core.xml</id>
- <updated>2014-07-14T17:17:13</updated>
+ <updated>2014-07-21T13:54:30</updated>
<dc:language>pa-IN</dc:language>
<content type="text"></content>
<link type="application/atom+xml" href="opds-Fedora_Core.xml"/>
@@ -47,7 +47,7 @@
<entry>
<title>Fedora Documentation</title>
<id>http://docs.fedoraproject.org/pa-IN/Fedora_Documentation/opds-Fedora_Documentation.xml</id>
- <updated>2014-07-14T17:17:13</updated>
+ <updated>2014-07-21T13:54:30</updated>
<dc:language>pa-IN</dc:language>
<content type="text"></content>
<link type="application/atom+xml" href="opds-Fedora_Documentation.xml"/>
@@ -55,7 +55,7 @@
<entry>
<title>Fedora Draft Documentation</title>
<id>http://docs.fedoraproject.org/pa-IN/Fedora_Draft_Documentation/opds-Fedora_Draft_Documentation.xml</id>
- <updated>2014-07-14T17:17:13</updated>
+ <updated>2014-07-21T13:54:30</updated>
<dc:language>pa-IN</dc:language>
<content type="text"></content>
<link type="application/atom+xml" href="opds-Fedora_Draft_Documentation.xml"/>
@@ -63,7 +63,7 @@
<entry>
<title>Fedora Security Team</title>
<id>http://docs.fedoraproject.org/pa-IN/Fedora_Security_Team/opds-Fedora_Security_Team.xml</id>
- <updated>2014-07-14T17:17:13</updated>
+ <updated>2014-07-21T13:54:30</updated>
<dc:language>pa-IN</dc:language>
<content type="text"></content>
<link type="application/atom+xml" href="opds-Fedora_Security_Team.xml"/>
diff --git a/public_html/pa-IN/toc.html b/public_html/pa-IN/toc.html
index d9c5611..3dcc5e0 100644
--- a/public_html/pa-IN/toc.html
+++ b/public_html/pa-IN/toc.html
@@ -1800,12 +1800,19 @@
<div class="product collapsed" onclick="toggle(event, 'Fedora_Security_Team');work=1;">
<span class="product">Fedora Security Team</span>
<div id='Fedora_Security_Team' class="versions hidden">
- <div id='Fedora_Security_Team.1' class="version collapsed" onclick="toggle(event, 'Fedora_Security_Team.1.books');">
- <span class="version">1</span>
- <div id='Fedora_Security_Team.1.books' class="books hidden">
+ <div id='Fedora_Security_Team.1' class="version collapsed" onclick="toggle(event, 'Fedora_Security_Team.1.books');"> <div id='Fedora_Security_Team.1.books' class="books">
<div id='Fedora_Security_Team.1' class="version collapsed untranslated" onclick="toggle(event, 'Fedora_Security_Team.1.untrans_books');">
<span class="version">Untranslated</span>
<div id='Fedora_Security_Team.1.untrans_books' class="books hidden">
+ <div id='Fedora_Security_Team.1.Defensive_Coding' class="book collapsed" onclick="toggle(event, 'Fedora_Security_Team.1.Defensive_Coding.types');">
+ <a class="type" href="../en-US/Fedora_Security_Team/1/html/Defensive_Coding/index.html" onclick="window.top.location='../en-US/Fedora_Security_Team/1/html/Defensive_Coding/index.html'"><span class="book">Defensive Coding</span></a>
+ <div id='Fedora_Security_Team.1.Defensive_Coding.types' class="types hidden" onclick="work=0;">
+ <a class="type" href="../en-US/./Fedora_Security_Team/1/epub/Defensive_Coding/Fedora_Security_Team-1-Defensive_Coding-en-US.epub" >epub</a>
+ <a class="type" href="../en-US/./Fedora_Security_Team/1/html/Defensive_Coding/index.html" onclick="window.top.location='../en-US/./Fedora_Security_Team/1/html/Defensive_Coding/index.html';return false;">html</a>
+ <a class="type" href="../en-US/./Fedora_Security_Team/1/html-single/Defensive_Coding/index.html" onclick="window.top.location='../en-US/./Fedora_Security_Team/1/html-single/Defensive_Coding/index.html';return false;">html-single</a>
+ <a class="type" href="../en-US/./Fedora_Security_Team/1/pdf/Defensive_Coding/Fedora_Security_Team-1-Defensive_Coding-en-US.pdf" onclick="window.top.location='../en-US/./Fedora_Security_Team/1/pdf/Defensive_Coding/Fedora_Security_Team-1-Defensive_Coding-en-US.pdf';return false;">pdf</a>
+ </div>
+ </div>
<div id='Fedora_Security_Team.1.Secure_Ruby_Development_Guide' class="book collapsed" onclick="toggle(event, 'Fedora_Security_Team.1.Secure_Ruby_Development_Guide.types');">
<a class="type" href="../en-US/Fedora_Security_Team/1/html/Secure_Ruby_Development_Guide/index.html" onclick="window.top.location='../en-US/Fedora_Security_Team/1/html/Secure_Ruby_Development_Guide/index.html'"><span class="book">Secure Ruby Development Guide</span></a>
<div id='Fedora_Security_Team.1.Secure_Ruby_Development_Guide.types' class="types hidden" onclick="work=0;">
diff --git a/public_html/pl-PL/Site_Statistics.html b/public_html/pl-PL/Site_Statistics.html
index d9cf964..51a67c0 100644
--- a/public_html/pl-PL/Site_Statistics.html
+++ b/public_html/pl-PL/Site_Statistics.html
@@ -28,7 +28,7 @@
<td>7</td>
<td>45</td>
<td>22</td>
- <td>166</td>
+ <td>167</td>
</tr>
<tr>
@@ -430,7 +430,7 @@
</table>
<div class="totals">
<b>Razem języków: </b>45<br />
- <b>Razem pakietów: </b>906
+ <b>Razem pakietów: </b>907
</div>
</body>
</html>
diff --git a/public_html/pl-PL/opds-Community_Services_Infrastructure.xml b/public_html/pl-PL/opds-Community_Services_Infrastructure.xml
index 146529f..3ec1c70 100644
--- a/public_html/pl-PL/opds-Community_Services_Infrastructure.xml
+++ b/public_html/pl-PL/opds-Community_Services_Infrastructure.xml
@@ -6,7 +6,7 @@
<id>http://docs.fedoraproject.org/pl-PL/opds-Community_Services_Infrastructure.xml</id>
<title>Community Services Infrastructure</title>
<subtitle>Community Services Infrastructure</subtitle>
- <updated>2014-07-14T17:17:13</updated>
+ <updated>2014-07-21T13:54:30</updated>
<!--author>
<name></name>
<uri></uri>
diff --git a/public_html/pl-PL/opds-Fedora.xml b/public_html/pl-PL/opds-Fedora.xml
index 7c292e7..219712e 100644
--- a/public_html/pl-PL/opds-Fedora.xml
+++ b/public_html/pl-PL/opds-Fedora.xml
@@ -6,7 +6,7 @@
<id>http://docs.fedoraproject.org/pl-PL/opds-Fedora.xml</id>
<title>Fedora</title>
<subtitle>Fedora</subtitle>
- <updated>2014-07-14T17:17:14</updated>
+ <updated>2014-07-21T13:54:30</updated>
<!--author>
<name></name>
<uri></uri>
diff --git a/public_html/pl-PL/opds-Fedora_Contributor_Documentation.xml b/public_html/pl-PL/opds-Fedora_Contributor_Documentation.xml
index a821b13..c901c9a 100644
--- a/public_html/pl-PL/opds-Fedora_Contributor_Documentation.xml
+++ b/public_html/pl-PL/opds-Fedora_Contributor_Documentation.xml
@@ -6,7 +6,7 @@
<id>http://docs.fedoraproject.org/pl-PL/opds-Fedora_Contributor_Documentation.xml</id>
<title>Dokumentacja dla współtwórców Fedory</title>
<subtitle>Dokumentacja dla współtwórców Fedory</subtitle>
- <updated>2014-07-14T17:17:14</updated>
+ <updated>2014-07-21T13:54:30</updated>
<!--author>
<name></name>
<uri></uri>
diff --git a/public_html/pl-PL/opds-Fedora_Core.xml b/public_html/pl-PL/opds-Fedora_Core.xml
index e182b2c..1f18618 100644
--- a/public_html/pl-PL/opds-Fedora_Core.xml
+++ b/public_html/pl-PL/opds-Fedora_Core.xml
@@ -6,7 +6,7 @@
<id>http://docs.fedoraproject.org/pl-PL/opds-Fedora_Core.xml</id>
<title>Fedora Core</title>
<subtitle>Fedora Core</subtitle>
- <updated>2014-07-14T17:17:14</updated>
+ <updated>2014-07-21T13:54:30</updated>
<!--author>
<name></name>
<uri></uri>
diff --git a/public_html/pl-PL/opds-Fedora_Documentation.xml b/public_html/pl-PL/opds-Fedora_Documentation.xml
index 5e730b2..602472e 100644
--- a/public_html/pl-PL/opds-Fedora_Documentation.xml
+++ b/public_html/pl-PL/opds-Fedora_Documentation.xml
@@ -6,7 +6,7 @@
<id>http://docs.fedoraproject.org/pl-PL/opds-Fedora_Documentation.xml</id>
<title>Fedora Documentation</title>
<subtitle>Fedora Documentation</subtitle>
- <updated>2014-07-14T17:17:14</updated>
+ <updated>2014-07-21T13:54:30</updated>
<!--author>
<name></name>
<uri></uri>
diff --git a/public_html/pl-PL/opds-Fedora_Draft_Documentation.xml b/public_html/pl-PL/opds-Fedora_Draft_Documentation.xml
index ad51679..02f5aea 100644
--- a/public_html/pl-PL/opds-Fedora_Draft_Documentation.xml
+++ b/public_html/pl-PL/opds-Fedora_Draft_Documentation.xml
@@ -6,7 +6,7 @@
<id>http://docs.fedoraproject.org/pl-PL/opds-Fedora_Draft_Documentation.xml</id>
<title>Fedora Draft Documentation</title>
<subtitle>Fedora Draft Documentation</subtitle>
- <updated>2014-07-14T17:17:14</updated>
+ <updated>2014-07-21T13:54:30</updated>
<!--author>
<name></name>
<uri></uri>
diff --git a/public_html/pl-PL/opds-Fedora_Security_Team.xml b/public_html/pl-PL/opds-Fedora_Security_Team.xml
index fa6b688..acfe3a8 100644
--- a/public_html/pl-PL/opds-Fedora_Security_Team.xml
+++ b/public_html/pl-PL/opds-Fedora_Security_Team.xml
@@ -6,13 +6,31 @@
<id>http://docs.fedoraproject.org/pl-PL/opds-Fedora_Security_Team.xml</id>
<title>Fedora Security Team</title>
<subtitle>Fedora Security Team</subtitle>
- <updated>2014-07-14T17:17:14</updated>
+ <updated>2014-07-21T13:54:30</updated>
<!--author>
<name></name>
<uri></uri>
</author-->
<entry>
+ <title>Defensive Coding</title>
+ <id>http://docs.fedoraproject.org/en-US/Fedora_Security_Team/1/epub/Defensive_Coding/Fedora_Security_Team-1-Defensive_Coding-en-US.epub</id>
+ <!--author>
+ <name></name>
+ <uri></uri>
+ </author-->
+ <updated>2014-07-21</updated>
+ <dc:language>pl-PL</dc:language>
+ <category label="1" scheme="http://lexcycle.com/stanza/header" term="free"/>
+ <!--dc:issued></dc:issued-->
+ <summary>A Guide to Improving Software Security</summary>
+ <content type="text">This document provides guidelines for improving software security through secure coding. It covers common programming languages and libraries, and focuses on concrete recommendations.</content>
+ <link type="application/epub+zip" rel="http://opds-spec.org/acquisition" href="http://docs.fedoraproject.org/en-US/Fedora_Security_Team/1/epub/Defensive_Coding/Fedora_Security_Team-1-Defensive_Coding-en-US.epub">
+ <dc:format>application/epub+zip</dc:format>
+ </link>
+ <!--link type="application/atom+xml;type=entry" href="" rel="alternate" title="Full entry"/-->
+ </entry>
+ <entry>
<title>Secure Ruby Development Guide</title>
<id>http://docs.fedoraproject.org/en-US/Fedora_Security_Team/1/epub/Secure_Ruby_Development_Guide/Fedora_Security_Team-1-Secure_Ruby_Development_Guide-en-US.epub</id>
<!--author>
@@ -21,7 +39,7 @@
</author-->
<updated>2014-07-14</updated>
<dc:language>pl-PL</dc:language>
- <category label="1" scheme="http://lexcycle.com/stanza/header" term="free"/>
+ <category label="" scheme="http://lexcycle.com/stanza/header" term="free"/>
<!--dc:issued></dc:issued-->
<summary>Guide to secure software development in Ruby</summary>
<content type="text">This guide covers security aspects of software development in Ruby.</content>
diff --git a/public_html/pl-PL/opds.xml b/public_html/pl-PL/opds.xml
index 53f8eb9..95fbad1 100644
--- a/public_html/pl-PL/opds.xml
+++ b/public_html/pl-PL/opds.xml
@@ -6,7 +6,7 @@
<link rel="http://opds-spec.org/crawlable" type="application/atom+xml" href="http://bookserver.archive.org/catalog/crawlable" title="Crawlable feed"/>
<id>http://docs.fedoraproject.org/pl-PL/opds.xml</id>
<title>Product List</title>
- <updated>2014-07-14T17:17:14</updated>
+ <updated>2014-07-21T13:54:30</updated>
<!--author>
<name></name>
<uri></uri>
@@ -15,7 +15,7 @@
<entry>
<title>Community Services Infrastructure</title>
<id>http://docs.fedoraproject.org/pl-PL/Community_Services_Infrastructure/opds-Community_Services_Infrastructure.xml</id>
- <updated>2014-07-14T17:17:13</updated>
+ <updated>2014-07-21T13:54:30</updated>
<dc:language>pl-PL</dc:language>
<content type="text"></content>
<link type="application/atom+xml" href="opds-Community_Services_Infrastructure.xml"/>
@@ -23,7 +23,7 @@
<entry>
<title>Fedora</title>
<id>http://docs.fedoraproject.org/pl-PL/Fedora/opds-Fedora.xml</id>
- <updated>2014-07-14T17:17:14</updated>
+ <updated>2014-07-21T13:54:30</updated>
<dc:language>pl-PL</dc:language>
<content type="text"></content>
<link type="application/atom+xml" href="opds-Fedora.xml"/>
@@ -31,7 +31,7 @@
<entry>
<title>Dokumentacja dla współtwórców Fedory</title>
<id>http://docs.fedoraproject.org/pl-PL/Fedora_Contributor_Documentation/opds-Fedora_Contributor_Documentation.xml</id>
- <updated>2014-07-14T17:17:14</updated>
+ <updated>2014-07-21T13:54:30</updated>
<dc:language>pl-PL</dc:language>
<content type="text"></content>
<link type="application/atom+xml" href="opds-Fedora_Contributor_Documentation.xml"/>
@@ -39,7 +39,7 @@
<entry>
<title>Fedora Core</title>
<id>http://docs.fedoraproject.org/pl-PL/Fedora_Core/opds-Fedora_Core.xml</id>
- <updated>2014-07-14T17:17:14</updated>
+ <updated>2014-07-21T13:54:30</updated>
<dc:language>pl-PL</dc:language>
<content type="text"></content>
<link type="application/atom+xml" href="opds-Fedora_Core.xml"/>
@@ -47,7 +47,7 @@
<entry>
<title>Fedora Documentation</title>
<id>http://docs.fedoraproject.org/pl-PL/Fedora_Documentation/opds-Fedora_Documentation.xml</id>
- <updated>2014-07-14T17:17:14</updated>
+ <updated>2014-07-21T13:54:30</updated>
<dc:language>pl-PL</dc:language>
<content type="text"></content>
<link type="application/atom+xml" href="opds-Fedora_Documentation.xml"/>
@@ -55,7 +55,7 @@
<entry>
<title>Fedora Draft Documentation</title>
<id>http://docs.fedoraproject.org/pl-PL/Fedora_Draft_Documentation/opds-Fedora_Draft_Documentation.xml</id>
- <updated>2014-07-14T17:17:14</updated>
+ <updated>2014-07-21T13:54:30</updated>
<dc:language>pl-PL</dc:language>
<content type="text"></content>
<link type="application/atom+xml" href="opds-Fedora_Draft_Documentation.xml"/>
@@ -63,7 +63,7 @@
<entry>
<title>Fedora Security Team</title>
<id>http://docs.fedoraproject.org/pl-PL/Fedora_Security_Team/opds-Fedora_Security_Team.xml</id>
- <updated>2014-07-14T17:17:14</updated>
+ <updated>2014-07-21T13:54:30</updated>
<dc:language>pl-PL</dc:language>
<content type="text"></content>
<link type="application/atom+xml" href="opds-Fedora_Security_Team.xml"/>
diff --git a/public_html/pl-PL/toc.html b/public_html/pl-PL/toc.html
index d669f5b..2d1f7ed 100644
--- a/public_html/pl-PL/toc.html
+++ b/public_html/pl-PL/toc.html
@@ -1872,12 +1872,19 @@
<div class="product collapsed" onclick="toggle(event, 'Fedora_Security_Team');work=1;">
<span class="product">Fedora Security Team</span>
<div id='Fedora_Security_Team' class="versions hidden">
- <div id='Fedora_Security_Team.1' class="version collapsed" onclick="toggle(event, 'Fedora_Security_Team.1.books');">
- <span class="version">1</span>
- <div id='Fedora_Security_Team.1.books' class="books hidden">
+ <div id='Fedora_Security_Team.1' class="version collapsed" onclick="toggle(event, 'Fedora_Security_Team.1.books');"> <div id='Fedora_Security_Team.1.books' class="books">
<div id='Fedora_Security_Team.1' class="version collapsed untranslated" onclick="toggle(event, 'Fedora_Security_Team.1.untrans_books');">
<span class="version">Nieprzetłumaczone</span>
<div id='Fedora_Security_Team.1.untrans_books' class="books hidden">
+ <div id='Fedora_Security_Team.1.Defensive_Coding' class="book collapsed" onclick="toggle(event, 'Fedora_Security_Team.1.Defensive_Coding.types');">
+ <a class="type" href="../en-US/Fedora_Security_Team/1/html/Defensive_Coding/index.html" onclick="window.top.location='../en-US/Fedora_Security_Team/1/html/Defensive_Coding/index.html'"><span class="book">Defensive Coding</span></a>
+ <div id='Fedora_Security_Team.1.Defensive_Coding.types' class="types hidden" onclick="work=0;">
+ <a class="type" href="../en-US/./Fedora_Security_Team/1/epub/Defensive_Coding/Fedora_Security_Team-1-Defensive_Coding-en-US.epub" >epub</a>
+ <a class="type" href="../en-US/./Fedora_Security_Team/1/html/Defensive_Coding/index.html" onclick="window.top.location='../en-US/./Fedora_Security_Team/1/html/Defensive_Coding/index.html';return false;">html</a>
+ <a class="type" href="../en-US/./Fedora_Security_Team/1/html-single/Defensive_Coding/index.html" onclick="window.top.location='../en-US/./Fedora_Security_Team/1/html-single/Defensive_Coding/index.html';return false;">html-single</a>
+ <a class="type" href="../en-US/./Fedora_Security_Team/1/pdf/Defensive_Coding/Fedora_Security_Team-1-Defensive_Coding-en-US.pdf" onclick="window.top.location='../en-US/./Fedora_Security_Team/1/pdf/Defensive_Coding/Fedora_Security_Team-1-Defensive_Coding-en-US.pdf';return false;">pdf</a>
+ </div>
+ </div>
<div id='Fedora_Security_Team.1.Secure_Ruby_Development_Guide' class="book collapsed" onclick="toggle(event, 'Fedora_Security_Team.1.Secure_Ruby_Development_Guide.types');">
<a class="type" href="../en-US/Fedora_Security_Team/1/html/Secure_Ruby_Development_Guide/index.html" onclick="window.top.location='../en-US/Fedora_Security_Team/1/html/Secure_Ruby_Development_Guide/index.html'"><span class="book">Secure Ruby Development Guide</span></a>
<div id='Fedora_Security_Team.1.Secure_Ruby_Development_Guide.types' class="types hidden" onclick="work=0;">
diff --git a/public_html/pt-BR/Site_Statistics.html b/public_html/pt-BR/Site_Statistics.html
index 02caf19..bbbf9bd 100644
--- a/public_html/pt-BR/Site_Statistics.html
+++ b/public_html/pt-BR/Site_Statistics.html
@@ -28,7 +28,7 @@
<td>7</td>
<td>45</td>
<td>22</td>
- <td>166</td>
+ <td>167</td>
</tr>
<tr>
@@ -430,7 +430,7 @@
</table>
<div class="totals">
<b>Total Languages: </b>45<br />
- <b>Total Packages: </b>906
+ <b>Total Packages: </b>907
</div>
</body>
</html>
diff --git a/public_html/pt-BR/opds-Community_Services_Infrastructure.xml b/public_html/pt-BR/opds-Community_Services_Infrastructure.xml
index be2f31d..d5e8e49 100644
--- a/public_html/pt-BR/opds-Community_Services_Infrastructure.xml
+++ b/public_html/pt-BR/opds-Community_Services_Infrastructure.xml
@@ -6,7 +6,7 @@
<id>http://docs.fedoraproject.org/pt-BR/opds-Community_Services_Infrastructure.xml</id>
<title>Community Services Infrastructure</title>
<subtitle>Community Services Infrastructure</subtitle>
- <updated>2014-07-14T17:17:14</updated>
+ <updated>2014-07-21T13:54:30</updated>
<!--author>
<name></name>
<uri></uri>
diff --git a/public_html/pt-BR/opds-Fedora.xml b/public_html/pt-BR/opds-Fedora.xml
index 71e1b35..46a054a 100644
--- a/public_html/pt-BR/opds-Fedora.xml
+++ b/public_html/pt-BR/opds-Fedora.xml
@@ -6,7 +6,7 @@
<id>http://docs.fedoraproject.org/pt-BR/opds-Fedora.xml</id>
<title>Fedora</title>
<subtitle>Fedora</subtitle>
- <updated>2014-07-14T17:17:14</updated>
+ <updated>2014-07-21T13:54:30</updated>
<!--author>
<name></name>
<uri></uri>
diff --git a/public_html/pt-BR/opds-Fedora_Contributor_Documentation.xml b/public_html/pt-BR/opds-Fedora_Contributor_Documentation.xml
index d08cbc0..5ccea79 100644
--- a/public_html/pt-BR/opds-Fedora_Contributor_Documentation.xml
+++ b/public_html/pt-BR/opds-Fedora_Contributor_Documentation.xml
@@ -6,7 +6,7 @@
<id>http://docs.fedoraproject.org/pt-BR/opds-Fedora_Contributor_Documentation.xml</id>
<title>Fedora Contributor Documentation</title>
<subtitle>Fedora Contributor Documentation</subtitle>
- <updated>2014-07-14T17:17:14</updated>
+ <updated>2014-07-21T13:54:30</updated>
<!--author>
<name></name>
<uri></uri>
diff --git a/public_html/pt-BR/opds-Fedora_Core.xml b/public_html/pt-BR/opds-Fedora_Core.xml
index 1819e82..03da623 100644
--- a/public_html/pt-BR/opds-Fedora_Core.xml
+++ b/public_html/pt-BR/opds-Fedora_Core.xml
@@ -6,7 +6,7 @@
<id>http://docs.fedoraproject.org/pt-BR/opds-Fedora_Core.xml</id>
<title>Fedora Core</title>
<subtitle>Fedora Core</subtitle>
- <updated>2014-07-14T17:17:14</updated>
+ <updated>2014-07-21T13:54:30</updated>
<!--author>
<name></name>
<uri></uri>
diff --git a/public_html/pt-BR/opds-Fedora_Documentation.xml b/public_html/pt-BR/opds-Fedora_Documentation.xml
index 9a9ecb0..288486d 100644
--- a/public_html/pt-BR/opds-Fedora_Documentation.xml
+++ b/public_html/pt-BR/opds-Fedora_Documentation.xml
@@ -6,7 +6,7 @@
<id>http://docs.fedoraproject.org/pt-BR/opds-Fedora_Documentation.xml</id>
<title>Fedora Documentation</title>
<subtitle>Fedora Documentation</subtitle>
- <updated>2014-07-14T17:17:14</updated>
+ <updated>2014-07-21T13:54:30</updated>
<!--author>
<name></name>
<uri></uri>
diff --git a/public_html/pt-BR/opds-Fedora_Draft_Documentation.xml b/public_html/pt-BR/opds-Fedora_Draft_Documentation.xml
index c52ea9c..e059c1e 100644
--- a/public_html/pt-BR/opds-Fedora_Draft_Documentation.xml
+++ b/public_html/pt-BR/opds-Fedora_Draft_Documentation.xml
@@ -6,7 +6,7 @@
<id>http://docs.fedoraproject.org/pt-BR/opds-Fedora_Draft_Documentation.xml</id>
<title>Fedora Draft Documentation</title>
<subtitle>Fedora Draft Documentation</subtitle>
- <updated>2014-07-14T17:17:14</updated>
+ <updated>2014-07-21T13:54:30</updated>
<!--author>
<name></name>
<uri></uri>
diff --git a/public_html/pt-BR/opds-Fedora_Security_Team.xml b/public_html/pt-BR/opds-Fedora_Security_Team.xml
index 60080d7..89ff734 100644
--- a/public_html/pt-BR/opds-Fedora_Security_Team.xml
+++ b/public_html/pt-BR/opds-Fedora_Security_Team.xml
@@ -6,13 +6,31 @@
<id>http://docs.fedoraproject.org/pt-BR/opds-Fedora_Security_Team.xml</id>
<title>Fedora Security Team</title>
<subtitle>Fedora Security Team</subtitle>
- <updated>2014-07-14T17:17:14</updated>
+ <updated>2014-07-21T13:54:30</updated>
<!--author>
<name></name>
<uri></uri>
</author-->
<entry>
+ <title>Defensive Coding</title>
+ <id>http://docs.fedoraproject.org/en-US/Fedora_Security_Team/1/epub/Defensive_Coding/Fedora_Security_Team-1-Defensive_Coding-en-US.epub</id>
+ <!--author>
+ <name></name>
+ <uri></uri>
+ </author-->
+ <updated>2014-07-21</updated>
+ <dc:language>pt-BR</dc:language>
+ <category label="1" scheme="http://lexcycle.com/stanza/header" term="free"/>
+ <!--dc:issued></dc:issued-->
+ <summary>A Guide to Improving Software Security</summary>
+ <content type="text">This document provides guidelines for improving software security through secure coding. It covers common programming languages and libraries, and focuses on concrete recommendations.</content>
+ <link type="application/epub+zip" rel="http://opds-spec.org/acquisition" href="http://docs.fedoraproject.org/en-US/Fedora_Security_Team/1/epub/Defensive_Coding/Fedora_Security_Team-1-Defensive_Coding-en-US.epub">
+ <dc:format>application/epub+zip</dc:format>
+ </link>
+ <!--link type="application/atom+xml;type=entry" href="" rel="alternate" title="Full entry"/-->
+ </entry>
+ <entry>
<title>Secure Ruby Development Guide</title>
<id>http://docs.fedoraproject.org/en-US/Fedora_Security_Team/1/epub/Secure_Ruby_Development_Guide/Fedora_Security_Team-1-Secure_Ruby_Development_Guide-en-US.epub</id>
<!--author>
@@ -21,7 +39,7 @@
</author-->
<updated>2014-07-14</updated>
<dc:language>pt-BR</dc:language>
- <category label="1" scheme="http://lexcycle.com/stanza/header" term="free"/>
+ <category label="" scheme="http://lexcycle.com/stanza/header" term="free"/>
<!--dc:issued></dc:issued-->
<summary>Guide to secure software development in Ruby</summary>
<content type="text">This guide covers security aspects of software development in Ruby.</content>
diff --git a/public_html/pt-BR/opds.xml b/public_html/pt-BR/opds.xml
index 651ba37..b3c0831 100644
--- a/public_html/pt-BR/opds.xml
+++ b/public_html/pt-BR/opds.xml
@@ -6,7 +6,7 @@
<link rel="http://opds-spec.org/crawlable" type="application/atom+xml" href="http://bookserver.archive.org/catalog/crawlable" title="Crawlable feed"/>
<id>http://docs.fedoraproject.org/pt-BR/opds.xml</id>
<title>Product List</title>
- <updated>2014-07-14T17:17:14</updated>
+ <updated>2014-07-21T13:54:30</updated>
<!--author>
<name></name>
<uri></uri>
@@ -15,7 +15,7 @@
<entry>
<title>Community Services Infrastructure</title>
<id>http://docs.fedoraproject.org/pt-BR/Community_Services_Infrastructure/opds-Community_Services_Infrastructure.xml</id>
- <updated>2014-07-14T17:17:14</updated>
+ <updated>2014-07-21T13:54:30</updated>
<dc:language>pt-BR</dc:language>
<content type="text"></content>
<link type="application/atom+xml" href="opds-Community_Services_Infrastructure.xml"/>
@@ -23,7 +23,7 @@
<entry>
<title>Fedora</title>
<id>http://docs.fedoraproject.org/pt-BR/Fedora/opds-Fedora.xml</id>
- <updated>2014-07-14T17:17:14</updated>
+ <updated>2014-07-21T13:54:30</updated>
<dc:language>pt-BR</dc:language>
<content type="text"></content>
<link type="application/atom+xml" href="opds-Fedora.xml"/>
@@ -31,7 +31,7 @@
<entry>
<title>Fedora Contributor Documentation</title>
<id>http://docs.fedoraproject.org/pt-BR/Fedora_Contributor_Documentation/opds-Fedora_Contributor_Documentation.xml</id>
- <updated>2014-07-14T17:17:14</updated>
+ <updated>2014-07-21T13:54:30</updated>
<dc:language>pt-BR</dc:language>
<content type="text"></content>
<link type="application/atom+xml" href="opds-Fedora_Contributor_Documentation.xml"/>
@@ -39,7 +39,7 @@
<entry>
<title>Fedora Core</title>
<id>http://docs.fedoraproject.org/pt-BR/Fedora_Core/opds-Fedora_Core.xml</id>
- <updated>2014-07-14T17:17:14</updated>
+ <updated>2014-07-21T13:54:30</updated>
<dc:language>pt-BR</dc:language>
<content type="text"></content>
<link type="application/atom+xml" href="opds-Fedora_Core.xml"/>
@@ -47,7 +47,7 @@
<entry>
<title>Fedora Documentation</title>
<id>http://docs.fedoraproject.org/pt-BR/Fedora_Documentation/opds-Fedora_Documentation.xml</id>
- <updated>2014-07-14T17:17:14</updated>
+ <updated>2014-07-21T13:54:30</updated>
<dc:language>pt-BR</dc:language>
<content type="text"></content>
<link type="application/atom+xml" href="opds-Fedora_Documentation.xml"/>
@@ -55,7 +55,7 @@
<entry>
<title>Fedora Draft Documentation</title>
<id>http://docs.fedoraproject.org/pt-BR/Fedora_Draft_Documentation/opds-Fedora_Draft_Documentation.xml</id>
- <updated>2014-07-14T17:17:14</updated>
+ <updated>2014-07-21T13:54:30</updated>
<dc:language>pt-BR</dc:language>
<content type="text"></content>
<link type="application/atom+xml" href="opds-Fedora_Draft_Documentation.xml"/>
@@ -63,7 +63,7 @@
<entry>
<title>Fedora Security Team</title>
<id>http://docs.fedoraproject.org/pt-BR/Fedora_Security_Team/opds-Fedora_Security_Team.xml</id>
- <updated>2014-07-14T17:17:14</updated>
+ <updated>2014-07-21T13:54:30</updated>
<dc:language>pt-BR</dc:language>
<content type="text"></content>
<link type="application/atom+xml" href="opds-Fedora_Security_Team.xml"/>
diff --git a/public_html/pt-BR/toc.html b/public_html/pt-BR/toc.html
index 8d640cc..5ffc433 100644
--- a/public_html/pt-BR/toc.html
+++ b/public_html/pt-BR/toc.html
@@ -1809,12 +1809,19 @@
<div class="product collapsed" onclick="toggle(event, 'Fedora_Security_Team');work=1;">
<span class="product">Fedora Security Team</span>
<div id='Fedora_Security_Team' class="versions hidden">
- <div id='Fedora_Security_Team.1' class="version collapsed" onclick="toggle(event, 'Fedora_Security_Team.1.books');">
- <span class="version">1</span>
- <div id='Fedora_Security_Team.1.books' class="books hidden">
+ <div id='Fedora_Security_Team.1' class="version collapsed" onclick="toggle(event, 'Fedora_Security_Team.1.books');"> <div id='Fedora_Security_Team.1.books' class="books">
<div id='Fedora_Security_Team.1' class="version collapsed untranslated" onclick="toggle(event, 'Fedora_Security_Team.1.untrans_books');">
<span class="version">Untranslated</span>
<div id='Fedora_Security_Team.1.untrans_books' class="books hidden">
+ <div id='Fedora_Security_Team.1.Defensive_Coding' class="book collapsed" onclick="toggle(event, 'Fedora_Security_Team.1.Defensive_Coding.types');">
+ <a class="type" href="../en-US/Fedora_Security_Team/1/html/Defensive_Coding/index.html" onclick="window.top.location='../en-US/Fedora_Security_Team/1/html/Defensive_Coding/index.html'"><span class="book">Defensive Coding</span></a>
+ <div id='Fedora_Security_Team.1.Defensive_Coding.types' class="types hidden" onclick="work=0;">
+ <a class="type" href="../en-US/./Fedora_Security_Team/1/epub/Defensive_Coding/Fedora_Security_Team-1-Defensive_Coding-en-US.epub" >epub</a>
+ <a class="type" href="../en-US/./Fedora_Security_Team/1/html/Defensive_Coding/index.html" onclick="window.top.location='../en-US/./Fedora_Security_Team/1/html/Defensive_Coding/index.html';return false;">html</a>
+ <a class="type" href="../en-US/./Fedora_Security_Team/1/html-single/Defensive_Coding/index.html" onclick="window.top.location='../en-US/./Fedora_Security_Team/1/html-single/Defensive_Coding/index.html';return false;">html-single</a>
+ <a class="type" href="../en-US/./Fedora_Security_Team/1/pdf/Defensive_Coding/Fedora_Security_Team-1-Defensive_Coding-en-US.pdf" onclick="window.top.location='../en-US/./Fedora_Security_Team/1/pdf/Defensive_Coding/Fedora_Security_Team-1-Defensive_Coding-en-US.pdf';return false;">pdf</a>
+ </div>
+ </div>
<div id='Fedora_Security_Team.1.Secure_Ruby_Development_Guide' class="book collapsed" onclick="toggle(event, 'Fedora_Security_Team.1.Secure_Ruby_Development_Guide.types');">
<a class="type" href="../en-US/Fedora_Security_Team/1/html/Secure_Ruby_Development_Guide/index.html" onclick="window.top.location='../en-US/Fedora_Security_Team/1/html/Secure_Ruby_Development_Guide/index.html'"><span class="book">Secure Ruby Development Guide</span></a>
<div id='Fedora_Security_Team.1.Secure_Ruby_Development_Guide.types' class="types hidden" onclick="work=0;">
diff --git a/public_html/pt-PT/Site_Statistics.html b/public_html/pt-PT/Site_Statistics.html
index 02caf19..bbbf9bd 100644
--- a/public_html/pt-PT/Site_Statistics.html
+++ b/public_html/pt-PT/Site_Statistics.html
@@ -28,7 +28,7 @@
<td>7</td>
<td>45</td>
<td>22</td>
- <td>166</td>
+ <td>167</td>
</tr>
<tr>
@@ -430,7 +430,7 @@
</table>
<div class="totals">
<b>Total Languages: </b>45<br />
- <b>Total Packages: </b>906
+ <b>Total Packages: </b>907
</div>
</body>
</html>
diff --git a/public_html/pt-PT/opds-Community_Services_Infrastructure.xml b/public_html/pt-PT/opds-Community_Services_Infrastructure.xml
index 2e21d06..bda9db0 100644
--- a/public_html/pt-PT/opds-Community_Services_Infrastructure.xml
+++ b/public_html/pt-PT/opds-Community_Services_Infrastructure.xml
@@ -6,7 +6,7 @@
<id>http://docs.fedoraproject.org/pt-PT/opds-Community_Services_Infrastructure.xml</id>
<title>Community Services Infrastructure</title>
<subtitle>Community Services Infrastructure</subtitle>
- <updated>2014-07-14T17:17:14</updated>
+ <updated>2014-07-21T13:54:30</updated>
<!--author>
<name></name>
<uri></uri>
diff --git a/public_html/pt-PT/opds-Fedora.xml b/public_html/pt-PT/opds-Fedora.xml
index 06bf816..2b00d44 100644
--- a/public_html/pt-PT/opds-Fedora.xml
+++ b/public_html/pt-PT/opds-Fedora.xml
@@ -6,7 +6,7 @@
<id>http://docs.fedoraproject.org/pt-PT/opds-Fedora.xml</id>
<title>Fedora</title>
<subtitle>Fedora</subtitle>
- <updated>2014-07-14T17:17:14</updated>
+ <updated>2014-07-21T13:54:31</updated>
<!--author>
<name></name>
<uri></uri>
diff --git a/public_html/pt-PT/opds-Fedora_Contributor_Documentation.xml b/public_html/pt-PT/opds-Fedora_Contributor_Documentation.xml
index 7eee6b4..624426f 100644
--- a/public_html/pt-PT/opds-Fedora_Contributor_Documentation.xml
+++ b/public_html/pt-PT/opds-Fedora_Contributor_Documentation.xml
@@ -6,7 +6,7 @@
<id>http://docs.fedoraproject.org/pt-PT/opds-Fedora_Contributor_Documentation.xml</id>
<title>Fedora Contributor Documentation</title>
<subtitle>Fedora Contributor Documentation</subtitle>
- <updated>2014-07-14T17:17:14</updated>
+ <updated>2014-07-21T13:54:31</updated>
<!--author>
<name></name>
<uri></uri>
diff --git a/public_html/pt-PT/opds-Fedora_Core.xml b/public_html/pt-PT/opds-Fedora_Core.xml
index db3f4ba..3bebca5 100644
--- a/public_html/pt-PT/opds-Fedora_Core.xml
+++ b/public_html/pt-PT/opds-Fedora_Core.xml
@@ -6,7 +6,7 @@
<id>http://docs.fedoraproject.org/pt-PT/opds-Fedora_Core.xml</id>
<title>Fedora Core</title>
<subtitle>Fedora Core</subtitle>
- <updated>2014-07-14T17:17:14</updated>
+ <updated>2014-07-21T13:54:31</updated>
<!--author>
<name></name>
<uri></uri>
diff --git a/public_html/pt-PT/opds-Fedora_Documentation.xml b/public_html/pt-PT/opds-Fedora_Documentation.xml
index 452efbe..6bdf67d 100644
--- a/public_html/pt-PT/opds-Fedora_Documentation.xml
+++ b/public_html/pt-PT/opds-Fedora_Documentation.xml
@@ -6,7 +6,7 @@
<id>http://docs.fedoraproject.org/pt-PT/opds-Fedora_Documentation.xml</id>
<title>Fedora Documentation</title>
<subtitle>Fedora Documentation</subtitle>
- <updated>2014-07-14T17:17:14</updated>
+ <updated>2014-07-21T13:54:31</updated>
<!--author>
<name></name>
<uri></uri>
diff --git a/public_html/pt-PT/opds-Fedora_Draft_Documentation.xml b/public_html/pt-PT/opds-Fedora_Draft_Documentation.xml
index 8a97bf8..7e149ff 100644
--- a/public_html/pt-PT/opds-Fedora_Draft_Documentation.xml
+++ b/public_html/pt-PT/opds-Fedora_Draft_Documentation.xml
@@ -6,7 +6,7 @@
<id>http://docs.fedoraproject.org/pt-PT/opds-Fedora_Draft_Documentation.xml</id>
<title>Fedora Draft Documentation</title>
<subtitle>Fedora Draft Documentation</subtitle>
- <updated>2014-07-14T17:17:14</updated>
+ <updated>2014-07-21T13:54:31</updated>
<!--author>
<name></name>
<uri></uri>
diff --git a/public_html/pt-PT/opds-Fedora_Security_Team.xml b/public_html/pt-PT/opds-Fedora_Security_Team.xml
index 8442aa8..8757683 100644
--- a/public_html/pt-PT/opds-Fedora_Security_Team.xml
+++ b/public_html/pt-PT/opds-Fedora_Security_Team.xml
@@ -6,13 +6,31 @@
<id>http://docs.fedoraproject.org/pt-PT/opds-Fedora_Security_Team.xml</id>
<title>Fedora Security Team</title>
<subtitle>Fedora Security Team</subtitle>
- <updated>2014-07-14T17:17:14</updated>
+ <updated>2014-07-21T13:54:31</updated>
<!--author>
<name></name>
<uri></uri>
</author-->
<entry>
+ <title>Defensive Coding</title>
+ <id>http://docs.fedoraproject.org/en-US/Fedora_Security_Team/1/epub/Defensive_Coding/Fedora_Security_Team-1-Defensive_Coding-en-US.epub</id>
+ <!--author>
+ <name></name>
+ <uri></uri>
+ </author-->
+ <updated>2014-07-21</updated>
+ <dc:language>pt-PT</dc:language>
+ <category label="1" scheme="http://lexcycle.com/stanza/header" term="free"/>
+ <!--dc:issued></dc:issued-->
+ <summary>A Guide to Improving Software Security</summary>
+ <content type="text">This document provides guidelines for improving software security through secure coding. It covers common programming languages and libraries, and focuses on concrete recommendations.</content>
+ <link type="application/epub+zip" rel="http://opds-spec.org/acquisition" href="http://docs.fedoraproject.org/en-US/Fedora_Security_Team/1/epub/Defensive_Coding/Fedora_Security_Team-1-Defensive_Coding-en-US.epub">
+ <dc:format>application/epub+zip</dc:format>
+ </link>
+ <!--link type="application/atom+xml;type=entry" href="" rel="alternate" title="Full entry"/-->
+ </entry>
+ <entry>
<title>Secure Ruby Development Guide</title>
<id>http://docs.fedoraproject.org/en-US/Fedora_Security_Team/1/epub/Secure_Ruby_Development_Guide/Fedora_Security_Team-1-Secure_Ruby_Development_Guide-en-US.epub</id>
<!--author>
@@ -21,7 +39,7 @@
</author-->
<updated>2014-07-14</updated>
<dc:language>pt-PT</dc:language>
- <category label="1" scheme="http://lexcycle.com/stanza/header" term="free"/>
+ <category label="" scheme="http://lexcycle.com/stanza/header" term="free"/>
<!--dc:issued></dc:issued-->
<summary>Guide to secure software development in Ruby</summary>
<content type="text">This guide covers security aspects of software development in Ruby.</content>
diff --git a/public_html/pt-PT/opds.xml b/public_html/pt-PT/opds.xml
index f0a8d84..29cc58c 100644
--- a/public_html/pt-PT/opds.xml
+++ b/public_html/pt-PT/opds.xml
@@ -6,7 +6,7 @@
<link rel="http://opds-spec.org/crawlable" type="application/atom+xml" href="http://bookserver.archive.org/catalog/crawlable" title="Crawlable feed"/>
<id>http://docs.fedoraproject.org/pt-PT/opds.xml</id>
<title>Product List</title>
- <updated>2014-07-14T17:17:14</updated>
+ <updated>2014-07-21T13:54:31</updated>
<!--author>
<name></name>
<uri></uri>
@@ -15,7 +15,7 @@
<entry>
<title>Community Services Infrastructure</title>
<id>http://docs.fedoraproject.org/pt-PT/Community_Services_Infrastructure/opds-Community_Services_Infrastructure.xml</id>
- <updated>2014-07-14T17:17:14</updated>
+ <updated>2014-07-21T13:54:30</updated>
<dc:language>pt-PT</dc:language>
<content type="text"></content>
<link type="application/atom+xml" href="opds-Community_Services_Infrastructure.xml"/>
@@ -23,7 +23,7 @@
<entry>
<title>Fedora</title>
<id>http://docs.fedoraproject.org/pt-PT/Fedora/opds-Fedora.xml</id>
- <updated>2014-07-14T17:17:14</updated>
+ <updated>2014-07-21T13:54:31</updated>
<dc:language>pt-PT</dc:language>
<content type="text"></content>
<link type="application/atom+xml" href="opds-Fedora.xml"/>
@@ -31,7 +31,7 @@
<entry>
<title>Fedora Contributor Documentation</title>
<id>http://docs.fedoraproject.org/pt-PT/Fedora_Contributor_Documentation/opds-Fedora_Contributor_Documentation.xml</id>
- <updated>2014-07-14T17:17:14</updated>
+ <updated>2014-07-21T13:54:31</updated>
<dc:language>pt-PT</dc:language>
<content type="text"></content>
<link type="application/atom+xml" href="opds-Fedora_Contributor_Documentation.xml"/>
@@ -39,7 +39,7 @@
<entry>
<title>Fedora Core</title>
<id>http://docs.fedoraproject.org/pt-PT/Fedora_Core/opds-Fedora_Core.xml</id>
- <updated>2014-07-14T17:17:14</updated>
+ <updated>2014-07-21T13:54:31</updated>
<dc:language>pt-PT</dc:language>
<content type="text"></content>
<link type="application/atom+xml" href="opds-Fedora_Core.xml"/>
@@ -47,7 +47,7 @@
<entry>
<title>Fedora Documentation</title>
<id>http://docs.fedoraproject.org/pt-PT/Fedora_Documentation/opds-Fedora_Documentation.xml</id>
- <updated>2014-07-14T17:17:14</updated>
+ <updated>2014-07-21T13:54:31</updated>
<dc:language>pt-PT</dc:language>
<content type="text"></content>
<link type="application/atom+xml" href="opds-Fedora_Documentation.xml"/>
@@ -55,7 +55,7 @@
<entry>
<title>Fedora Draft Documentation</title>
<id>http://docs.fedoraproject.org/pt-PT/Fedora_Draft_Documentation/opds-Fedora_Draft_Documentation.xml</id>
- <updated>2014-07-14T17:17:14</updated>
+ <updated>2014-07-21T13:54:31</updated>
<dc:language>pt-PT</dc:language>
<content type="text"></content>
<link type="application/atom+xml" href="opds-Fedora_Draft_Documentation.xml"/>
@@ -63,7 +63,7 @@
<entry>
<title>Fedora Security Team</title>
<id>http://docs.fedoraproject.org/pt-PT/Fedora_Security_Team/opds-Fedora_Security_Team.xml</id>
- <updated>2014-07-14T17:17:14</updated>
+ <updated>2014-07-21T13:54:31</updated>
<dc:language>pt-PT</dc:language>
<content type="text"></content>
<link type="application/atom+xml" href="opds-Fedora_Security_Team.xml"/>
diff --git a/public_html/pt-PT/toc.html b/public_html/pt-PT/toc.html
index 6e16e99..f6cd7b6 100644
--- a/public_html/pt-PT/toc.html
+++ b/public_html/pt-PT/toc.html
@@ -1799,12 +1799,19 @@
<div class="product collapsed" onclick="toggle(event, 'Fedora_Security_Team');work=1;">
<span class="product">Fedora Security Team</span>
<div id='Fedora_Security_Team' class="versions hidden">
- <div id='Fedora_Security_Team.1' class="version collapsed" onclick="toggle(event, 'Fedora_Security_Team.1.books');">
- <span class="version">1</span>
- <div id='Fedora_Security_Team.1.books' class="books hidden">
+ <div id='Fedora_Security_Team.1' class="version collapsed" onclick="toggle(event, 'Fedora_Security_Team.1.books');"> <div id='Fedora_Security_Team.1.books' class="books">
<div id='Fedora_Security_Team.1' class="version collapsed untranslated" onclick="toggle(event, 'Fedora_Security_Team.1.untrans_books');">
<span class="version">Untranslated</span>
<div id='Fedora_Security_Team.1.untrans_books' class="books hidden">
+ <div id='Fedora_Security_Team.1.Defensive_Coding' class="book collapsed" onclick="toggle(event, 'Fedora_Security_Team.1.Defensive_Coding.types');">
+ <a class="type" href="../en-US/Fedora_Security_Team/1/html/Defensive_Coding/index.html" onclick="window.top.location='../en-US/Fedora_Security_Team/1/html/Defensive_Coding/index.html'"><span class="book">Defensive Coding</span></a>
+ <div id='Fedora_Security_Team.1.Defensive_Coding.types' class="types hidden" onclick="work=0;">
+ <a class="type" href="../en-US/./Fedora_Security_Team/1/epub/Defensive_Coding/Fedora_Security_Team-1-Defensive_Coding-en-US.epub" >epub</a>
+ <a class="type" href="../en-US/./Fedora_Security_Team/1/html/Defensive_Coding/index.html" onclick="window.top.location='../en-US/./Fedora_Security_Team/1/html/Defensive_Coding/index.html';return false;">html</a>
+ <a class="type" href="../en-US/./Fedora_Security_Team/1/html-single/Defensive_Coding/index.html" onclick="window.top.location='../en-US/./Fedora_Security_Team/1/html-single/Defensive_Coding/index.html';return false;">html-single</a>
+ <a class="type" href="../en-US/./Fedora_Security_Team/1/pdf/Defensive_Coding/Fedora_Security_Team-1-Defensive_Coding-en-US.pdf" onclick="window.top.location='../en-US/./Fedora_Security_Team/1/pdf/Defensive_Coding/Fedora_Security_Team-1-Defensive_Coding-en-US.pdf';return false;">pdf</a>
+ </div>
+ </div>
<div id='Fedora_Security_Team.1.Secure_Ruby_Development_Guide' class="book collapsed" onclick="toggle(event, 'Fedora_Security_Team.1.Secure_Ruby_Development_Guide.types');">
<a class="type" href="../en-US/Fedora_Security_Team/1/html/Secure_Ruby_Development_Guide/index.html" onclick="window.top.location='../en-US/Fedora_Security_Team/1/html/Secure_Ruby_Development_Guide/index.html'"><span class="book">Secure Ruby Development Guide</span></a>
<div id='Fedora_Security_Team.1.Secure_Ruby_Development_Guide.types' class="types hidden" onclick="work=0;">
diff --git a/public_html/ro/Site_Statistics.html b/public_html/ro/Site_Statistics.html
index 02caf19..bbbf9bd 100644
--- a/public_html/ro/Site_Statistics.html
+++ b/public_html/ro/Site_Statistics.html
@@ -28,7 +28,7 @@
<td>7</td>
<td>45</td>
<td>22</td>
- <td>166</td>
+ <td>167</td>
</tr>
<tr>
@@ -430,7 +430,7 @@
</table>
<div class="totals">
<b>Total Languages: </b>45<br />
- <b>Total Packages: </b>906
+ <b>Total Packages: </b>907
</div>
</body>
</html>
diff --git a/public_html/ro/opds-Community_Services_Infrastructure.xml b/public_html/ro/opds-Community_Services_Infrastructure.xml
index 274afbd..36f1fcc 100644
--- a/public_html/ro/opds-Community_Services_Infrastructure.xml
+++ b/public_html/ro/opds-Community_Services_Infrastructure.xml
@@ -6,7 +6,7 @@
<id>http://docs.fedoraproject.org/ro/opds-Community_Services_Infrastructure.xml</id>
<title>Community Services Infrastructure</title>
<subtitle>Community Services Infrastructure</subtitle>
- <updated>2014-07-14T17:17:14</updated>
+ <updated>2014-07-21T13:54:31</updated>
<!--author>
<name></name>
<uri></uri>
diff --git a/public_html/ro/opds-Fedora.xml b/public_html/ro/opds-Fedora.xml
index e49373e..b4705c1 100644
--- a/public_html/ro/opds-Fedora.xml
+++ b/public_html/ro/opds-Fedora.xml
@@ -6,7 +6,7 @@
<id>http://docs.fedoraproject.org/ro/opds-Fedora.xml</id>
<title>Fedora</title>
<subtitle>Fedora</subtitle>
- <updated>2014-07-14T17:17:14</updated>
+ <updated>2014-07-21T13:54:31</updated>
<!--author>
<name></name>
<uri></uri>
diff --git a/public_html/ro/opds-Fedora_Contributor_Documentation.xml b/public_html/ro/opds-Fedora_Contributor_Documentation.xml
index 3f8b308..786f907 100644
--- a/public_html/ro/opds-Fedora_Contributor_Documentation.xml
+++ b/public_html/ro/opds-Fedora_Contributor_Documentation.xml
@@ -6,7 +6,7 @@
<id>http://docs.fedoraproject.org/ro/opds-Fedora_Contributor_Documentation.xml</id>
<title>Fedora Contributor Documentation</title>
<subtitle>Fedora Contributor Documentation</subtitle>
- <updated>2014-07-14T17:17:14</updated>
+ <updated>2014-07-21T13:54:31</updated>
<!--author>
<name></name>
<uri></uri>
diff --git a/public_html/ro/opds-Fedora_Core.xml b/public_html/ro/opds-Fedora_Core.xml
index b29eaa0..c692e75 100644
--- a/public_html/ro/opds-Fedora_Core.xml
+++ b/public_html/ro/opds-Fedora_Core.xml
@@ -6,7 +6,7 @@
<id>http://docs.fedoraproject.org/ro/opds-Fedora_Core.xml</id>
<title>Fedora Core</title>
<subtitle>Fedora Core</subtitle>
- <updated>2014-07-14T17:17:14</updated>
+ <updated>2014-07-21T13:54:31</updated>
<!--author>
<name></name>
<uri></uri>
diff --git a/public_html/ro/opds-Fedora_Documentation.xml b/public_html/ro/opds-Fedora_Documentation.xml
index c1f12f3..0d6f4a6 100644
--- a/public_html/ro/opds-Fedora_Documentation.xml
+++ b/public_html/ro/opds-Fedora_Documentation.xml
@@ -6,7 +6,7 @@
<id>http://docs.fedoraproject.org/ro/opds-Fedora_Documentation.xml</id>
<title>Fedora Documentation</title>
<subtitle>Fedora Documentation</subtitle>
- <updated>2014-07-14T17:17:14</updated>
+ <updated>2014-07-21T13:54:31</updated>
<!--author>
<name></name>
<uri></uri>
diff --git a/public_html/ro/opds-Fedora_Draft_Documentation.xml b/public_html/ro/opds-Fedora_Draft_Documentation.xml
index a150421..faaff9d 100644
--- a/public_html/ro/opds-Fedora_Draft_Documentation.xml
+++ b/public_html/ro/opds-Fedora_Draft_Documentation.xml
@@ -6,7 +6,7 @@
<id>http://docs.fedoraproject.org/ro/opds-Fedora_Draft_Documentation.xml</id>
<title>Schiță Documentație Fedora</title>
<subtitle>Schiță Documentație Fedora</subtitle>
- <updated>2014-07-14T17:17:14</updated>
+ <updated>2014-07-21T13:54:31</updated>
<!--author>
<name></name>
<uri></uri>
diff --git a/public_html/ro/opds-Fedora_Security_Team.xml b/public_html/ro/opds-Fedora_Security_Team.xml
index e29a43c..1ff6d9d 100644
--- a/public_html/ro/opds-Fedora_Security_Team.xml
+++ b/public_html/ro/opds-Fedora_Security_Team.xml
@@ -6,13 +6,31 @@
<id>http://docs.fedoraproject.org/ro/opds-Fedora_Security_Team.xml</id>
<title>Fedora Security Team</title>
<subtitle>Fedora Security Team</subtitle>
- <updated>2014-07-14T17:17:14</updated>
+ <updated>2014-07-21T13:54:31</updated>
<!--author>
<name></name>
<uri></uri>
</author-->
<entry>
+ <title>Defensive Coding</title>
+ <id>http://docs.fedoraproject.org/en-US/Fedora_Security_Team/1/epub/Defensive_Coding/Fedora_Security_Team-1-Defensive_Coding-en-US.epub</id>
+ <!--author>
+ <name></name>
+ <uri></uri>
+ </author-->
+ <updated>2014-07-21</updated>
+ <dc:language>ro</dc:language>
+ <category label="1" scheme="http://lexcycle.com/stanza/header" term="free"/>
+ <!--dc:issued></dc:issued-->
+ <summary>A Guide to Improving Software Security</summary>
+ <content type="text">This document provides guidelines for improving software security through secure coding. It covers common programming languages and libraries, and focuses on concrete recommendations.</content>
+ <link type="application/epub+zip" rel="http://opds-spec.org/acquisition" href="http://docs.fedoraproject.org/en-US/Fedora_Security_Team/1/epub/Defensive_Coding/Fedora_Security_Team-1-Defensive_Coding-en-US.epub">
+ <dc:format>application/epub+zip</dc:format>
+ </link>
+ <!--link type="application/atom+xml;type=entry" href="" rel="alternate" title="Full entry"/-->
+ </entry>
+ <entry>
<title>Secure Ruby Development Guide</title>
<id>http://docs.fedoraproject.org/en-US/Fedora_Security_Team/1/epub/Secure_Ruby_Development_Guide/Fedora_Security_Team-1-Secure_Ruby_Development_Guide-en-US.epub</id>
<!--author>
@@ -21,7 +39,7 @@
</author-->
<updated>2014-07-14</updated>
<dc:language>ro</dc:language>
- <category label="1" scheme="http://lexcycle.com/stanza/header" term="free"/>
+ <category label="" scheme="http://lexcycle.com/stanza/header" term="free"/>
<!--dc:issued></dc:issued-->
<summary>Guide to secure software development in Ruby</summary>
<content type="text">This guide covers security aspects of software development in Ruby.</content>
diff --git a/public_html/ro/opds.xml b/public_html/ro/opds.xml
index 1740db0..5781814 100644
--- a/public_html/ro/opds.xml
+++ b/public_html/ro/opds.xml
@@ -6,7 +6,7 @@
<link rel="http://opds-spec.org/crawlable" type="application/atom+xml" href="http://bookserver.archive.org/catalog/crawlable" title="Crawlable feed"/>
<id>http://docs.fedoraproject.org/ro/opds.xml</id>
<title>Product List</title>
- <updated>2014-07-14T17:17:14</updated>
+ <updated>2014-07-21T13:54:31</updated>
<!--author>
<name></name>
<uri></uri>
@@ -15,7 +15,7 @@
<entry>
<title>Community Services Infrastructure</title>
<id>http://docs.fedoraproject.org/ro/Community_Services_Infrastructure/opds-Community_Services_Infrastructure.xml</id>
- <updated>2014-07-14T17:17:14</updated>
+ <updated>2014-07-21T13:54:31</updated>
<dc:language>ro</dc:language>
<content type="text"></content>
<link type="application/atom+xml" href="opds-Community_Services_Infrastructure.xml"/>
@@ -23,7 +23,7 @@
<entry>
<title>Fedora</title>
<id>http://docs.fedoraproject.org/ro/Fedora/opds-Fedora.xml</id>
- <updated>2014-07-14T17:17:14</updated>
+ <updated>2014-07-21T13:54:31</updated>
<dc:language>ro</dc:language>
<content type="text"></content>
<link type="application/atom+xml" href="opds-Fedora.xml"/>
@@ -31,7 +31,7 @@
<entry>
<title>Fedora Contributor Documentation</title>
<id>http://docs.fedoraproject.org/ro/Fedora_Contributor_Documentation/opds-Fedora_Contributor_Documentation.xml</id>
- <updated>2014-07-14T17:17:14</updated>
+ <updated>2014-07-21T13:54:31</updated>
<dc:language>ro</dc:language>
<content type="text"></content>
<link type="application/atom+xml" href="opds-Fedora_Contributor_Documentation.xml"/>
@@ -39,7 +39,7 @@
<entry>
<title>Fedora Core</title>
<id>http://docs.fedoraproject.org/ro/Fedora_Core/opds-Fedora_Core.xml</id>
- <updated>2014-07-14T17:17:14</updated>
+ <updated>2014-07-21T13:54:31</updated>
<dc:language>ro</dc:language>
<content type="text"></content>
<link type="application/atom+xml" href="opds-Fedora_Core.xml"/>
@@ -47,7 +47,7 @@
<entry>
<title>Fedora Documentation</title>
<id>http://docs.fedoraproject.org/ro/Fedora_Documentation/opds-Fedora_Documentation.xml</id>
- <updated>2014-07-14T17:17:14</updated>
+ <updated>2014-07-21T13:54:31</updated>
<dc:language>ro</dc:language>
<content type="text"></content>
<link type="application/atom+xml" href="opds-Fedora_Documentation.xml"/>
@@ -55,7 +55,7 @@
<entry>
<title>Schiță Documentație Fedora</title>
<id>http://docs.fedoraproject.org/ro/Fedora_Draft_Documentation/opds-Fedora_Draft_Documentation.xml</id>
- <updated>2014-07-14T17:17:14</updated>
+ <updated>2014-07-21T13:54:31</updated>
<dc:language>ro</dc:language>
<content type="text"></content>
<link type="application/atom+xml" href="opds-Fedora_Draft_Documentation.xml"/>
@@ -63,7 +63,7 @@
<entry>
<title>Fedora Security Team</title>
<id>http://docs.fedoraproject.org/ro/Fedora_Security_Team/opds-Fedora_Security_Team.xml</id>
- <updated>2014-07-14T17:17:14</updated>
+ <updated>2014-07-21T13:54:31</updated>
<dc:language>ro</dc:language>
<content type="text"></content>
<link type="application/atom+xml" href="opds-Fedora_Security_Team.xml"/>
diff --git a/public_html/ro/toc.html b/public_html/ro/toc.html
index 882edba..74c5e04 100644
--- a/public_html/ro/toc.html
+++ b/public_html/ro/toc.html
@@ -1800,12 +1800,19 @@
<div class="product collapsed" onclick="toggle(event, 'Fedora_Security_Team');work=1;">
<span class="product">Fedora Security Team</span>
<div id='Fedora_Security_Team' class="versions hidden">
- <div id='Fedora_Security_Team.1' class="version collapsed" onclick="toggle(event, 'Fedora_Security_Team.1.books');">
- <span class="version">1</span>
- <div id='Fedora_Security_Team.1.books' class="books hidden">
+ <div id='Fedora_Security_Team.1' class="version collapsed" onclick="toggle(event, 'Fedora_Security_Team.1.books');"> <div id='Fedora_Security_Team.1.books' class="books">
<div id='Fedora_Security_Team.1' class="version collapsed untranslated" onclick="toggle(event, 'Fedora_Security_Team.1.untrans_books');">
<span class="version">Untranslated</span>
<div id='Fedora_Security_Team.1.untrans_books' class="books hidden">
+ <div id='Fedora_Security_Team.1.Defensive_Coding' class="book collapsed" onclick="toggle(event, 'Fedora_Security_Team.1.Defensive_Coding.types');">
+ <a class="type" href="../en-US/Fedora_Security_Team/1/html/Defensive_Coding/index.html" onclick="window.top.location='../en-US/Fedora_Security_Team/1/html/Defensive_Coding/index.html'"><span class="book">Defensive Coding</span></a>
+ <div id='Fedora_Security_Team.1.Defensive_Coding.types' class="types hidden" onclick="work=0;">
+ <a class="type" href="../en-US/./Fedora_Security_Team/1/epub/Defensive_Coding/Fedora_Security_Team-1-Defensive_Coding-en-US.epub" >epub</a>
+ <a class="type" href="../en-US/./Fedora_Security_Team/1/html/Defensive_Coding/index.html" onclick="window.top.location='../en-US/./Fedora_Security_Team/1/html/Defensive_Coding/index.html';return false;">html</a>
+ <a class="type" href="../en-US/./Fedora_Security_Team/1/html-single/Defensive_Coding/index.html" onclick="window.top.location='../en-US/./Fedora_Security_Team/1/html-single/Defensive_Coding/index.html';return false;">html-single</a>
+ <a class="type" href="../en-US/./Fedora_Security_Team/1/pdf/Defensive_Coding/Fedora_Security_Team-1-Defensive_Coding-en-US.pdf" onclick="window.top.location='../en-US/./Fedora_Security_Team/1/pdf/Defensive_Coding/Fedora_Security_Team-1-Defensive_Coding-en-US.pdf';return false;">pdf</a>
+ </div>
+ </div>
<div id='Fedora_Security_Team.1.Secure_Ruby_Development_Guide' class="book collapsed" onclick="toggle(event, 'Fedora_Security_Team.1.Secure_Ruby_Development_Guide.types');">
<a class="type" href="../en-US/Fedora_Security_Team/1/html/Secure_Ruby_Development_Guide/index.html" onclick="window.top.location='../en-US/Fedora_Security_Team/1/html/Secure_Ruby_Development_Guide/index.html'"><span class="book">Secure Ruby Development Guide</span></a>
<div id='Fedora_Security_Team.1.Secure_Ruby_Development_Guide.types' class="types hidden" onclick="work=0;">
diff --git a/public_html/ru-RU/Site_Statistics.html b/public_html/ru-RU/Site_Statistics.html
index bb5f110..0de478b 100644
--- a/public_html/ru-RU/Site_Statistics.html
+++ b/public_html/ru-RU/Site_Statistics.html
@@ -28,7 +28,7 @@
<td>7</td>
<td>45</td>
<td>22</td>
- <td>166</td>
+ <td>167</td>
</tr>
<tr>
@@ -430,7 +430,7 @@
</table>
<div class="totals">
<b>Всего языков: </b>45<br />
- <b>Всего пакетов: </b>906
+ <b>Всего пакетов: </b>907
</div>
</body>
</html>
diff --git a/public_html/ru-RU/opds-Community_Services_Infrastructure.xml b/public_html/ru-RU/opds-Community_Services_Infrastructure.xml
index 30ae0d6..96e8e12 100644
--- a/public_html/ru-RU/opds-Community_Services_Infrastructure.xml
+++ b/public_html/ru-RU/opds-Community_Services_Infrastructure.xml
@@ -6,7 +6,7 @@
<id>http://docs.fedoraproject.org/ru-RU/opds-Community_Services_Infrastructure.xml</id>
<title>Community Services Infrastructure</title>
<subtitle>Community Services Infrastructure</subtitle>
- <updated>2014-07-14T17:17:14</updated>
+ <updated>2014-07-21T13:54:31</updated>
<!--author>
<name></name>
<uri></uri>
diff --git a/public_html/ru-RU/opds-Fedora.xml b/public_html/ru-RU/opds-Fedora.xml
index 71b6a5e..43392e6 100644
--- a/public_html/ru-RU/opds-Fedora.xml
+++ b/public_html/ru-RU/opds-Fedora.xml
@@ -6,7 +6,7 @@
<id>http://docs.fedoraproject.org/ru-RU/opds-Fedora.xml</id>
<title>Fedora</title>
<subtitle>Fedora</subtitle>
- <updated>2014-07-14T17:17:14</updated>
+ <updated>2014-07-21T13:54:31</updated>
<!--author>
<name></name>
<uri></uri>
diff --git a/public_html/ru-RU/opds-Fedora_Contributor_Documentation.xml b/public_html/ru-RU/opds-Fedora_Contributor_Documentation.xml
index 14ef145..322e85f 100644
--- a/public_html/ru-RU/opds-Fedora_Contributor_Documentation.xml
+++ b/public_html/ru-RU/opds-Fedora_Contributor_Documentation.xml
@@ -6,7 +6,7 @@
<id>http://docs.fedoraproject.org/ru-RU/opds-Fedora_Contributor_Documentation.xml</id>
<title>Документация участника Fedora</title>
<subtitle>Документация участника Fedora</subtitle>
- <updated>2014-07-14T17:17:14</updated>
+ <updated>2014-07-21T13:54:31</updated>
<!--author>
<name></name>
<uri></uri>
diff --git a/public_html/ru-RU/opds-Fedora_Core.xml b/public_html/ru-RU/opds-Fedora_Core.xml
index 2e2427c..fc91b6c 100644
--- a/public_html/ru-RU/opds-Fedora_Core.xml
+++ b/public_html/ru-RU/opds-Fedora_Core.xml
@@ -6,7 +6,7 @@
<id>http://docs.fedoraproject.org/ru-RU/opds-Fedora_Core.xml</id>
<title>Fedora Core</title>
<subtitle>Fedora Core</subtitle>
- <updated>2014-07-14T17:17:14</updated>
+ <updated>2014-07-21T13:54:31</updated>
<!--author>
<name></name>
<uri></uri>
diff --git a/public_html/ru-RU/opds-Fedora_Documentation.xml b/public_html/ru-RU/opds-Fedora_Documentation.xml
index be3e4a7..62c7646 100644
--- a/public_html/ru-RU/opds-Fedora_Documentation.xml
+++ b/public_html/ru-RU/opds-Fedora_Documentation.xml
@@ -6,7 +6,7 @@
<id>http://docs.fedoraproject.org/ru-RU/opds-Fedora_Documentation.xml</id>
<title>Fedora Documentation</title>
<subtitle>Fedora Documentation</subtitle>
- <updated>2014-07-14T17:17:14</updated>
+ <updated>2014-07-21T13:54:31</updated>
<!--author>
<name></name>
<uri></uri>
diff --git a/public_html/ru-RU/opds-Fedora_Draft_Documentation.xml b/public_html/ru-RU/opds-Fedora_Draft_Documentation.xml
index 8016e65..6037dda 100644
--- a/public_html/ru-RU/opds-Fedora_Draft_Documentation.xml
+++ b/public_html/ru-RU/opds-Fedora_Draft_Documentation.xml
@@ -6,7 +6,7 @@
<id>http://docs.fedoraproject.org/ru-RU/opds-Fedora_Draft_Documentation.xml</id>
<title>Fedora Draft Documentation</title>
<subtitle>Fedora Draft Documentation</subtitle>
- <updated>2014-07-14T17:17:14</updated>
+ <updated>2014-07-21T13:54:31</updated>
<!--author>
<name></name>
<uri></uri>
diff --git a/public_html/ru-RU/opds-Fedora_Security_Team.xml b/public_html/ru-RU/opds-Fedora_Security_Team.xml
index e3a5700..508447a 100644
--- a/public_html/ru-RU/opds-Fedora_Security_Team.xml
+++ b/public_html/ru-RU/opds-Fedora_Security_Team.xml
@@ -6,13 +6,31 @@
<id>http://docs.fedoraproject.org/ru-RU/opds-Fedora_Security_Team.xml</id>
<title>Fedora Security Team</title>
<subtitle>Fedora Security Team</subtitle>
- <updated>2014-07-14T17:17:14</updated>
+ <updated>2014-07-21T13:54:31</updated>
<!--author>
<name></name>
<uri></uri>
</author-->
<entry>
+ <title>Defensive Coding</title>
+ <id>http://docs.fedoraproject.org/en-US/Fedora_Security_Team/1/epub/Defensive_Coding/Fedora_Security_Team-1-Defensive_Coding-en-US.epub</id>
+ <!--author>
+ <name></name>
+ <uri></uri>
+ </author-->
+ <updated>2014-07-21</updated>
+ <dc:language>ru-RU</dc:language>
+ <category label="1" scheme="http://lexcycle.com/stanza/header" term="free"/>
+ <!--dc:issued></dc:issued-->
+ <summary>A Guide to Improving Software Security</summary>
+ <content type="text">This document provides guidelines for improving software security through secure coding. It covers common programming languages and libraries, and focuses on concrete recommendations.</content>
+ <link type="application/epub+zip" rel="http://opds-spec.org/acquisition" href="http://docs.fedoraproject.org/en-US/Fedora_Security_Team/1/epub/Defensive_Coding/Fedora_Security_Team-1-Defensive_Coding-en-US.epub">
+ <dc:format>application/epub+zip</dc:format>
+ </link>
+ <!--link type="application/atom+xml;type=entry" href="" rel="alternate" title="Full entry"/-->
+ </entry>
+ <entry>
<title>Secure Ruby Development Guide</title>
<id>http://docs.fedoraproject.org/en-US/Fedora_Security_Team/1/epub/Secure_Ruby_Development_Guide/Fedora_Security_Team-1-Secure_Ruby_Development_Guide-en-US.epub</id>
<!--author>
@@ -21,7 +39,7 @@
</author-->
<updated>2014-07-14</updated>
<dc:language>ru-RU</dc:language>
- <category label="1" scheme="http://lexcycle.com/stanza/header" term="free"/>
+ <category label="" scheme="http://lexcycle.com/stanza/header" term="free"/>
<!--dc:issued></dc:issued-->
<summary>Guide to secure software development in Ruby</summary>
<content type="text">This guide covers security aspects of software development in Ruby.</content>
diff --git a/public_html/ru-RU/opds.xml b/public_html/ru-RU/opds.xml
index 01bfb00..b7169ae 100644
--- a/public_html/ru-RU/opds.xml
+++ b/public_html/ru-RU/opds.xml
@@ -6,7 +6,7 @@
<link rel="http://opds-spec.org/crawlable" type="application/atom+xml" href="http://bookserver.archive.org/catalog/crawlable" title="Crawlable feed"/>
<id>http://docs.fedoraproject.org/ru-RU/opds.xml</id>
<title>Product List</title>
- <updated>2014-07-14T17:17:14</updated>
+ <updated>2014-07-21T13:54:31</updated>
<!--author>
<name></name>
<uri></uri>
@@ -15,7 +15,7 @@
<entry>
<title>Community Services Infrastructure</title>
<id>http://docs.fedoraproject.org/ru-RU/Community_Services_Infrastructure/opds-Community_Services_Infrastructure.xml</id>
- <updated>2014-07-14T17:17:14</updated>
+ <updated>2014-07-21T13:54:31</updated>
<dc:language>ru-RU</dc:language>
<content type="text"></content>
<link type="application/atom+xml" href="opds-Community_Services_Infrastructure.xml"/>
@@ -23,7 +23,7 @@
<entry>
<title>Fedora</title>
<id>http://docs.fedoraproject.org/ru-RU/Fedora/opds-Fedora.xml</id>
- <updated>2014-07-14T17:17:14</updated>
+ <updated>2014-07-21T13:54:31</updated>
<dc:language>ru-RU</dc:language>
<content type="text"></content>
<link type="application/atom+xml" href="opds-Fedora.xml"/>
@@ -31,7 +31,7 @@
<entry>
<title>Документация участника Fedora</title>
<id>http://docs.fedoraproject.org/ru-RU/Fedora_Contributor_Documentation/opds-Fedora_Contributor_Documentation.xml</id>
- <updated>2014-07-14T17:17:14</updated>
+ <updated>2014-07-21T13:54:31</updated>
<dc:language>ru-RU</dc:language>
<content type="text"></content>
<link type="application/atom+xml" href="opds-Fedora_Contributor_Documentation.xml"/>
@@ -39,7 +39,7 @@
<entry>
<title>Fedora Core</title>
<id>http://docs.fedoraproject.org/ru-RU/Fedora_Core/opds-Fedora_Core.xml</id>
- <updated>2014-07-14T17:17:14</updated>
+ <updated>2014-07-21T13:54:31</updated>
<dc:language>ru-RU</dc:language>
<content type="text"></content>
<link type="application/atom+xml" href="opds-Fedora_Core.xml"/>
@@ -47,7 +47,7 @@
<entry>
<title>Fedora Documentation</title>
<id>http://docs.fedoraproject.org/ru-RU/Fedora_Documentation/opds-Fedora_Documentation.xml</id>
- <updated>2014-07-14T17:17:14</updated>
+ <updated>2014-07-21T13:54:31</updated>
<dc:language>ru-RU</dc:language>
<content type="text"></content>
<link type="application/atom+xml" href="opds-Fedora_Documentation.xml"/>
@@ -55,7 +55,7 @@
<entry>
<title>Fedora Draft Documentation</title>
<id>http://docs.fedoraproject.org/ru-RU/Fedora_Draft_Documentation/opds-Fedora_Draft_Documentation.xml</id>
- <updated>2014-07-14T17:17:14</updated>
+ <updated>2014-07-21T13:54:31</updated>
<dc:language>ru-RU</dc:language>
<content type="text"></content>
<link type="application/atom+xml" href="opds-Fedora_Draft_Documentation.xml"/>
@@ -63,7 +63,7 @@
<entry>
<title>Fedora Security Team</title>
<id>http://docs.fedoraproject.org/ru-RU/Fedora_Security_Team/opds-Fedora_Security_Team.xml</id>
- <updated>2014-07-14T17:17:14</updated>
+ <updated>2014-07-21T13:54:31</updated>
<dc:language>ru-RU</dc:language>
<content type="text"></content>
<link type="application/atom+xml" href="opds-Fedora_Security_Team.xml"/>
diff --git a/public_html/ru-RU/toc.html b/public_html/ru-RU/toc.html
index dc5b4a1..4a585b7 100644
--- a/public_html/ru-RU/toc.html
+++ b/public_html/ru-RU/toc.html
@@ -1800,12 +1800,19 @@
<div class="product collapsed" onclick="toggle(event, 'Fedora_Security_Team');work=1;">
<span class="product">Fedora Security Team</span>
<div id='Fedora_Security_Team' class="versions hidden">
- <div id='Fedora_Security_Team.1' class="version collapsed" onclick="toggle(event, 'Fedora_Security_Team.1.books');">
- <span class="version">1</span>
- <div id='Fedora_Security_Team.1.books' class="books hidden">
+ <div id='Fedora_Security_Team.1' class="version collapsed" onclick="toggle(event, 'Fedora_Security_Team.1.books');"> <div id='Fedora_Security_Team.1.books' class="books">
<div id='Fedora_Security_Team.1' class="version collapsed untranslated" onclick="toggle(event, 'Fedora_Security_Team.1.untrans_books');">
<span class="version">Не переведено</span>
<div id='Fedora_Security_Team.1.untrans_books' class="books hidden">
+ <div id='Fedora_Security_Team.1.Defensive_Coding' class="book collapsed" onclick="toggle(event, 'Fedora_Security_Team.1.Defensive_Coding.types');">
+ <a class="type" href="../en-US/Fedora_Security_Team/1/html/Defensive_Coding/index.html" onclick="window.top.location='../en-US/Fedora_Security_Team/1/html/Defensive_Coding/index.html'"><span class="book">Defensive Coding</span></a>
+ <div id='Fedora_Security_Team.1.Defensive_Coding.types' class="types hidden" onclick="work=0;">
+ <a class="type" href="../en-US/./Fedora_Security_Team/1/epub/Defensive_Coding/Fedora_Security_Team-1-Defensive_Coding-en-US.epub" >epub</a>
+ <a class="type" href="../en-US/./Fedora_Security_Team/1/html/Defensive_Coding/index.html" onclick="window.top.location='../en-US/./Fedora_Security_Team/1/html/Defensive_Coding/index.html';return false;">html</a>
+ <a class="type" href="../en-US/./Fedora_Security_Team/1/html-single/Defensive_Coding/index.html" onclick="window.top.location='../en-US/./Fedora_Security_Team/1/html-single/Defensive_Coding/index.html';return false;">html-single</a>
+ <a class="type" href="../en-US/./Fedora_Security_Team/1/pdf/Defensive_Coding/Fedora_Security_Team-1-Defensive_Coding-en-US.pdf" onclick="window.top.location='../en-US/./Fedora_Security_Team/1/pdf/Defensive_Coding/Fedora_Security_Team-1-Defensive_Coding-en-US.pdf';return false;">pdf</a>
+ </div>
+ </div>
<div id='Fedora_Security_Team.1.Secure_Ruby_Development_Guide' class="book collapsed" onclick="toggle(event, 'Fedora_Security_Team.1.Secure_Ruby_Development_Guide.types');">
<a class="type" href="../en-US/Fedora_Security_Team/1/html/Secure_Ruby_Development_Guide/index.html" onclick="window.top.location='../en-US/Fedora_Security_Team/1/html/Secure_Ruby_Development_Guide/index.html'"><span class="book">Secure Ruby Development Guide</span></a>
<div id='Fedora_Security_Team.1.Secure_Ruby_Development_Guide.types' class="types hidden" onclick="work=0;">
diff --git a/public_html/sk-SK/Site_Statistics.html b/public_html/sk-SK/Site_Statistics.html
index 02caf19..bbbf9bd 100644
--- a/public_html/sk-SK/Site_Statistics.html
+++ b/public_html/sk-SK/Site_Statistics.html
@@ -28,7 +28,7 @@
<td>7</td>
<td>45</td>
<td>22</td>
- <td>166</td>
+ <td>167</td>
</tr>
<tr>
@@ -430,7 +430,7 @@
</table>
<div class="totals">
<b>Total Languages: </b>45<br />
- <b>Total Packages: </b>906
+ <b>Total Packages: </b>907
</div>
</body>
</html>
diff --git a/public_html/sk-SK/opds-Community_Services_Infrastructure.xml b/public_html/sk-SK/opds-Community_Services_Infrastructure.xml
index bd5a72d..b233bae 100644
--- a/public_html/sk-SK/opds-Community_Services_Infrastructure.xml
+++ b/public_html/sk-SK/opds-Community_Services_Infrastructure.xml
@@ -6,7 +6,7 @@
<id>http://docs.fedoraproject.org/sk-SK/opds-Community_Services_Infrastructure.xml</id>
<title>Community Services Infrastructure</title>
<subtitle>Community Services Infrastructure</subtitle>
- <updated>2014-07-14T17:17:14</updated>
+ <updated>2014-07-21T13:54:31</updated>
<!--author>
<name></name>
<uri></uri>
diff --git a/public_html/sk-SK/opds-Fedora.xml b/public_html/sk-SK/opds-Fedora.xml
index 4885556..34ba60c 100644
--- a/public_html/sk-SK/opds-Fedora.xml
+++ b/public_html/sk-SK/opds-Fedora.xml
@@ -6,7 +6,7 @@
<id>http://docs.fedoraproject.org/sk-SK/opds-Fedora.xml</id>
<title>Fedora</title>
<subtitle>Fedora</subtitle>
- <updated>2014-07-14T17:17:14</updated>
+ <updated>2014-07-21T13:54:31</updated>
<!--author>
<name></name>
<uri></uri>
diff --git a/public_html/sk-SK/opds-Fedora_Contributor_Documentation.xml b/public_html/sk-SK/opds-Fedora_Contributor_Documentation.xml
index 74f506f..d50445f 100644
--- a/public_html/sk-SK/opds-Fedora_Contributor_Documentation.xml
+++ b/public_html/sk-SK/opds-Fedora_Contributor_Documentation.xml
@@ -6,7 +6,7 @@
<id>http://docs.fedoraproject.org/sk-SK/opds-Fedora_Contributor_Documentation.xml</id>
<title>Fedora Contributor Documentation</title>
<subtitle>Fedora Contributor Documentation</subtitle>
- <updated>2014-07-14T17:17:14</updated>
+ <updated>2014-07-21T13:54:31</updated>
<!--author>
<name></name>
<uri></uri>
diff --git a/public_html/sk-SK/opds-Fedora_Core.xml b/public_html/sk-SK/opds-Fedora_Core.xml
index 8cd2f72..6cff58d 100644
--- a/public_html/sk-SK/opds-Fedora_Core.xml
+++ b/public_html/sk-SK/opds-Fedora_Core.xml
@@ -6,7 +6,7 @@
<id>http://docs.fedoraproject.org/sk-SK/opds-Fedora_Core.xml</id>
<title>Fedora Core</title>
<subtitle>Fedora Core</subtitle>
- <updated>2014-07-14T17:17:14</updated>
+ <updated>2014-07-21T13:54:31</updated>
<!--author>
<name></name>
<uri></uri>
diff --git a/public_html/sk-SK/opds-Fedora_Documentation.xml b/public_html/sk-SK/opds-Fedora_Documentation.xml
index 0d3bdcf..3cd181c 100644
--- a/public_html/sk-SK/opds-Fedora_Documentation.xml
+++ b/public_html/sk-SK/opds-Fedora_Documentation.xml
@@ -6,7 +6,7 @@
<id>http://docs.fedoraproject.org/sk-SK/opds-Fedora_Documentation.xml</id>
<title>Fedora Documentation</title>
<subtitle>Fedora Documentation</subtitle>
- <updated>2014-07-14T17:17:14</updated>
+ <updated>2014-07-21T13:54:31</updated>
<!--author>
<name></name>
<uri></uri>
diff --git a/public_html/sk-SK/opds-Fedora_Draft_Documentation.xml b/public_html/sk-SK/opds-Fedora_Draft_Documentation.xml
index 1afe374..cd3b353 100644
--- a/public_html/sk-SK/opds-Fedora_Draft_Documentation.xml
+++ b/public_html/sk-SK/opds-Fedora_Draft_Documentation.xml
@@ -6,7 +6,7 @@
<id>http://docs.fedoraproject.org/sk-SK/opds-Fedora_Draft_Documentation.xml</id>
<title>Fedora Draft Documentation</title>
<subtitle>Fedora Draft Documentation</subtitle>
- <updated>2014-07-14T17:17:14</updated>
+ <updated>2014-07-21T13:54:31</updated>
<!--author>
<name></name>
<uri></uri>
diff --git a/public_html/sk-SK/opds-Fedora_Security_Team.xml b/public_html/sk-SK/opds-Fedora_Security_Team.xml
index 652f313..c92d6f1 100644
--- a/public_html/sk-SK/opds-Fedora_Security_Team.xml
+++ b/public_html/sk-SK/opds-Fedora_Security_Team.xml
@@ -6,13 +6,31 @@
<id>http://docs.fedoraproject.org/sk-SK/opds-Fedora_Security_Team.xml</id>
<title>Fedora Security Team</title>
<subtitle>Fedora Security Team</subtitle>
- <updated>2014-07-14T17:17:14</updated>
+ <updated>2014-07-21T13:54:31</updated>
<!--author>
<name></name>
<uri></uri>
</author-->
<entry>
+ <title>Defensive Coding</title>
+ <id>http://docs.fedoraproject.org/en-US/Fedora_Security_Team/1/epub/Defensive_Coding/Fedora_Security_Team-1-Defensive_Coding-en-US.epub</id>
+ <!--author>
+ <name></name>
+ <uri></uri>
+ </author-->
+ <updated>2014-07-21</updated>
+ <dc:language>sk-SK</dc:language>
+ <category label="1" scheme="http://lexcycle.com/stanza/header" term="free"/>
+ <!--dc:issued></dc:issued-->
+ <summary>A Guide to Improving Software Security</summary>
+ <content type="text">This document provides guidelines for improving software security through secure coding. It covers common programming languages and libraries, and focuses on concrete recommendations.</content>
+ <link type="application/epub+zip" rel="http://opds-spec.org/acquisition" href="http://docs.fedoraproject.org/en-US/Fedora_Security_Team/1/epub/Defensive_Coding/Fedora_Security_Team-1-Defensive_Coding-en-US.epub">
+ <dc:format>application/epub+zip</dc:format>
+ </link>
+ <!--link type="application/atom+xml;type=entry" href="" rel="alternate" title="Full entry"/-->
+ </entry>
+ <entry>
<title>Secure Ruby Development Guide</title>
<id>http://docs.fedoraproject.org/en-US/Fedora_Security_Team/1/epub/Secure_Ruby_Development_Guide/Fedora_Security_Team-1-Secure_Ruby_Development_Guide-en-US.epub</id>
<!--author>
@@ -21,7 +39,7 @@
</author-->
<updated>2014-07-14</updated>
<dc:language>sk-SK</dc:language>
- <category label="1" scheme="http://lexcycle.com/stanza/header" term="free"/>
+ <category label="" scheme="http://lexcycle.com/stanza/header" term="free"/>
<!--dc:issued></dc:issued-->
<summary>Guide to secure software development in Ruby</summary>
<content type="text">This guide covers security aspects of software development in Ruby.</content>
diff --git a/public_html/sk-SK/opds.xml b/public_html/sk-SK/opds.xml
index b7e641a..4c86b7b 100644
--- a/public_html/sk-SK/opds.xml
+++ b/public_html/sk-SK/opds.xml
@@ -6,7 +6,7 @@
<link rel="http://opds-spec.org/crawlable" type="application/atom+xml" href="http://bookserver.archive.org/catalog/crawlable" title="Crawlable feed"/>
<id>http://docs.fedoraproject.org/sk-SK/opds.xml</id>
<title>Product List</title>
- <updated>2014-07-14T17:17:14</updated>
+ <updated>2014-07-21T13:54:31</updated>
<!--author>
<name></name>
<uri></uri>
@@ -15,7 +15,7 @@
<entry>
<title>Community Services Infrastructure</title>
<id>http://docs.fedoraproject.org/sk-SK/Community_Services_Infrastructure/opds-Community_Services_Infrastructure.xml</id>
- <updated>2014-07-14T17:17:14</updated>
+ <updated>2014-07-21T13:54:31</updated>
<dc:language>sk-SK</dc:language>
<content type="text"></content>
<link type="application/atom+xml" href="opds-Community_Services_Infrastructure.xml"/>
@@ -23,7 +23,7 @@
<entry>
<title>Fedora</title>
<id>http://docs.fedoraproject.org/sk-SK/Fedora/opds-Fedora.xml</id>
- <updated>2014-07-14T17:17:14</updated>
+ <updated>2014-07-21T13:54:31</updated>
<dc:language>sk-SK</dc:language>
<content type="text"></content>
<link type="application/atom+xml" href="opds-Fedora.xml"/>
@@ -31,7 +31,7 @@
<entry>
<title>Fedora Contributor Documentation</title>
<id>http://docs.fedoraproject.org/sk-SK/Fedora_Contributor_Documentation/opds-Fedora_Contributor_Documentation.xml</id>
- <updated>2014-07-14T17:17:14</updated>
+ <updated>2014-07-21T13:54:31</updated>
<dc:language>sk-SK</dc:language>
<content type="text"></content>
<link type="application/atom+xml" href="opds-Fedora_Contributor_Documentation.xml"/>
@@ -39,7 +39,7 @@
<entry>
<title>Fedora Core</title>
<id>http://docs.fedoraproject.org/sk-SK/Fedora_Core/opds-Fedora_Core.xml</id>
- <updated>2014-07-14T17:17:14</updated>
+ <updated>2014-07-21T13:54:31</updated>
<dc:language>sk-SK</dc:language>
<content type="text"></content>
<link type="application/atom+xml" href="opds-Fedora_Core.xml"/>
@@ -47,7 +47,7 @@
<entry>
<title>Fedora Documentation</title>
<id>http://docs.fedoraproject.org/sk-SK/Fedora_Documentation/opds-Fedora_Documentation.xml</id>
- <updated>2014-07-14T17:17:14</updated>
+ <updated>2014-07-21T13:54:31</updated>
<dc:language>sk-SK</dc:language>
<content type="text"></content>
<link type="application/atom+xml" href="opds-Fedora_Documentation.xml"/>
@@ -55,7 +55,7 @@
<entry>
<title>Fedora Draft Documentation</title>
<id>http://docs.fedoraproject.org/sk-SK/Fedora_Draft_Documentation/opds-Fedora_Draft_Documentation.xml</id>
- <updated>2014-07-14T17:17:14</updated>
+ <updated>2014-07-21T13:54:31</updated>
<dc:language>sk-SK</dc:language>
<content type="text"></content>
<link type="application/atom+xml" href="opds-Fedora_Draft_Documentation.xml"/>
@@ -63,7 +63,7 @@
<entry>
<title>Fedora Security Team</title>
<id>http://docs.fedoraproject.org/sk-SK/Fedora_Security_Team/opds-Fedora_Security_Team.xml</id>
- <updated>2014-07-14T17:17:14</updated>
+ <updated>2014-07-21T13:54:31</updated>
<dc:language>sk-SK</dc:language>
<content type="text"></content>
<link type="application/atom+xml" href="opds-Fedora_Security_Team.xml"/>
diff --git a/public_html/sk-SK/toc.html b/public_html/sk-SK/toc.html
index 93ac211..15e49e5 100644
--- a/public_html/sk-SK/toc.html
+++ b/public_html/sk-SK/toc.html
@@ -1800,12 +1800,19 @@
<div class="product collapsed" onclick="toggle(event, 'Fedora_Security_Team');work=1;">
<span class="product">Fedora Security Team</span>
<div id='Fedora_Security_Team' class="versions hidden">
- <div id='Fedora_Security_Team.1' class="version collapsed" onclick="toggle(event, 'Fedora_Security_Team.1.books');">
- <span class="version">1</span>
- <div id='Fedora_Security_Team.1.books' class="books hidden">
+ <div id='Fedora_Security_Team.1' class="version collapsed" onclick="toggle(event, 'Fedora_Security_Team.1.books');"> <div id='Fedora_Security_Team.1.books' class="books">
<div id='Fedora_Security_Team.1' class="version collapsed untranslated" onclick="toggle(event, 'Fedora_Security_Team.1.untrans_books');">
<span class="version">Untranslated</span>
<div id='Fedora_Security_Team.1.untrans_books' class="books hidden">
+ <div id='Fedora_Security_Team.1.Defensive_Coding' class="book collapsed" onclick="toggle(event, 'Fedora_Security_Team.1.Defensive_Coding.types');">
+ <a class="type" href="../en-US/Fedora_Security_Team/1/html/Defensive_Coding/index.html" onclick="window.top.location='../en-US/Fedora_Security_Team/1/html/Defensive_Coding/index.html'"><span class="book">Defensive Coding</span></a>
+ <div id='Fedora_Security_Team.1.Defensive_Coding.types' class="types hidden" onclick="work=0;">
+ <a class="type" href="../en-US/./Fedora_Security_Team/1/epub/Defensive_Coding/Fedora_Security_Team-1-Defensive_Coding-en-US.epub" >epub</a>
+ <a class="type" href="../en-US/./Fedora_Security_Team/1/html/Defensive_Coding/index.html" onclick="window.top.location='../en-US/./Fedora_Security_Team/1/html/Defensive_Coding/index.html';return false;">html</a>
+ <a class="type" href="../en-US/./Fedora_Security_Team/1/html-single/Defensive_Coding/index.html" onclick="window.top.location='../en-US/./Fedora_Security_Team/1/html-single/Defensive_Coding/index.html';return false;">html-single</a>
+ <a class="type" href="../en-US/./Fedora_Security_Team/1/pdf/Defensive_Coding/Fedora_Security_Team-1-Defensive_Coding-en-US.pdf" onclick="window.top.location='../en-US/./Fedora_Security_Team/1/pdf/Defensive_Coding/Fedora_Security_Team-1-Defensive_Coding-en-US.pdf';return false;">pdf</a>
+ </div>
+ </div>
<div id='Fedora_Security_Team.1.Secure_Ruby_Development_Guide' class="book collapsed" onclick="toggle(event, 'Fedora_Security_Team.1.Secure_Ruby_Development_Guide.types');">
<a class="type" href="../en-US/Fedora_Security_Team/1/html/Secure_Ruby_Development_Guide/index.html" onclick="window.top.location='../en-US/Fedora_Security_Team/1/html/Secure_Ruby_Development_Guide/index.html'"><span class="book">Secure Ruby Development Guide</span></a>
<div id='Fedora_Security_Team.1.Secure_Ruby_Development_Guide.types' class="types hidden" onclick="work=0;">
diff --git a/public_html/sr-Latn-RS/Site_Statistics.html b/public_html/sr-Latn-RS/Site_Statistics.html
index 02caf19..bbbf9bd 100644
--- a/public_html/sr-Latn-RS/Site_Statistics.html
+++ b/public_html/sr-Latn-RS/Site_Statistics.html
@@ -28,7 +28,7 @@
<td>7</td>
<td>45</td>
<td>22</td>
- <td>166</td>
+ <td>167</td>
</tr>
<tr>
@@ -430,7 +430,7 @@
</table>
<div class="totals">
<b>Total Languages: </b>45<br />
- <b>Total Packages: </b>906
+ <b>Total Packages: </b>907
</div>
</body>
</html>
diff --git a/public_html/sr-Latn-RS/opds-Community_Services_Infrastructure.xml b/public_html/sr-Latn-RS/opds-Community_Services_Infrastructure.xml
index b809118..26dc321 100644
--- a/public_html/sr-Latn-RS/opds-Community_Services_Infrastructure.xml
+++ b/public_html/sr-Latn-RS/opds-Community_Services_Infrastructure.xml
@@ -6,7 +6,7 @@
<id>http://docs.fedoraproject.org/sr-Latn-RS/opds-Community_Services_Infrastructure.xml</id>
<title>Community Services Infrastructure</title>
<subtitle>Community Services Infrastructure</subtitle>
- <updated>2014-07-14T17:17:14</updated>
+ <updated>2014-07-21T13:54:31</updated>
<!--author>
<name></name>
<uri></uri>
diff --git a/public_html/sr-Latn-RS/opds-Fedora.xml b/public_html/sr-Latn-RS/opds-Fedora.xml
index 1ae6e69..69012e1 100644
--- a/public_html/sr-Latn-RS/opds-Fedora.xml
+++ b/public_html/sr-Latn-RS/opds-Fedora.xml
@@ -6,7 +6,7 @@
<id>http://docs.fedoraproject.org/sr-Latn-RS/opds-Fedora.xml</id>
<title>Fedora</title>
<subtitle>Fedora</subtitle>
- <updated>2014-07-14T17:17:15</updated>
+ <updated>2014-07-21T13:54:31</updated>
<!--author>
<name></name>
<uri></uri>
diff --git a/public_html/sr-Latn-RS/opds-Fedora_Contributor_Documentation.xml b/public_html/sr-Latn-RS/opds-Fedora_Contributor_Documentation.xml
index 9958e0a..1e760c7 100644
--- a/public_html/sr-Latn-RS/opds-Fedora_Contributor_Documentation.xml
+++ b/public_html/sr-Latn-RS/opds-Fedora_Contributor_Documentation.xml
@@ -6,7 +6,7 @@
<id>http://docs.fedoraproject.org/sr-Latn-RS/opds-Fedora_Contributor_Documentation.xml</id>
<title>Fedora Contributor Documentation</title>
<subtitle>Fedora Contributor Documentation</subtitle>
- <updated>2014-07-14T17:17:15</updated>
+ <updated>2014-07-21T13:54:31</updated>
<!--author>
<name></name>
<uri></uri>
diff --git a/public_html/sr-Latn-RS/opds-Fedora_Core.xml b/public_html/sr-Latn-RS/opds-Fedora_Core.xml
index 5f52497..22590f8 100644
--- a/public_html/sr-Latn-RS/opds-Fedora_Core.xml
+++ b/public_html/sr-Latn-RS/opds-Fedora_Core.xml
@@ -6,7 +6,7 @@
<id>http://docs.fedoraproject.org/sr-Latn-RS/opds-Fedora_Core.xml</id>
<title>Fedora Core</title>
<subtitle>Fedora Core</subtitle>
- <updated>2014-07-14T17:17:15</updated>
+ <updated>2014-07-21T13:54:31</updated>
<!--author>
<name></name>
<uri></uri>
diff --git a/public_html/sr-Latn-RS/opds-Fedora_Documentation.xml b/public_html/sr-Latn-RS/opds-Fedora_Documentation.xml
index 96df684..91bdaf9 100644
--- a/public_html/sr-Latn-RS/opds-Fedora_Documentation.xml
+++ b/public_html/sr-Latn-RS/opds-Fedora_Documentation.xml
@@ -6,7 +6,7 @@
<id>http://docs.fedoraproject.org/sr-Latn-RS/opds-Fedora_Documentation.xml</id>
<title>Fedora Documentation</title>
<subtitle>Fedora Documentation</subtitle>
- <updated>2014-07-14T17:17:15</updated>
+ <updated>2014-07-21T13:54:31</updated>
<!--author>
<name></name>
<uri></uri>
diff --git a/public_html/sr-Latn-RS/opds-Fedora_Draft_Documentation.xml b/public_html/sr-Latn-RS/opds-Fedora_Draft_Documentation.xml
index 0e8b32b..ced2f77 100644
--- a/public_html/sr-Latn-RS/opds-Fedora_Draft_Documentation.xml
+++ b/public_html/sr-Latn-RS/opds-Fedora_Draft_Documentation.xml
@@ -6,7 +6,7 @@
<id>http://docs.fedoraproject.org/sr-Latn-RS/opds-Fedora_Draft_Documentation.xml</id>
<title>Fedora Draft Documentation</title>
<subtitle>Fedora Draft Documentation</subtitle>
- <updated>2014-07-14T17:17:15</updated>
+ <updated>2014-07-21T13:54:31</updated>
<!--author>
<name></name>
<uri></uri>
diff --git a/public_html/sr-Latn-RS/opds-Fedora_Security_Team.xml b/public_html/sr-Latn-RS/opds-Fedora_Security_Team.xml
index 885da7f..344981c 100644
--- a/public_html/sr-Latn-RS/opds-Fedora_Security_Team.xml
+++ b/public_html/sr-Latn-RS/opds-Fedora_Security_Team.xml
@@ -6,13 +6,31 @@
<id>http://docs.fedoraproject.org/sr-Latn-RS/opds-Fedora_Security_Team.xml</id>
<title>Fedora Security Team</title>
<subtitle>Fedora Security Team</subtitle>
- <updated>2014-07-14T17:17:15</updated>
+ <updated>2014-07-21T13:54:31</updated>
<!--author>
<name></name>
<uri></uri>
</author-->
<entry>
+ <title>Defensive Coding</title>
+ <id>http://docs.fedoraproject.org/en-US/Fedora_Security_Team/1/epub/Defensive_Coding/Fedora_Security_Team-1-Defensive_Coding-en-US.epub</id>
+ <!--author>
+ <name></name>
+ <uri></uri>
+ </author-->
+ <updated>2014-07-21</updated>
+ <dc:language>sr-Latn-RS</dc:language>
+ <category label="1" scheme="http://lexcycle.com/stanza/header" term="free"/>
+ <!--dc:issued></dc:issued-->
+ <summary>A Guide to Improving Software Security</summary>
+ <content type="text">This document provides guidelines for improving software security through secure coding. It covers common programming languages and libraries, and focuses on concrete recommendations.</content>
+ <link type="application/epub+zip" rel="http://opds-spec.org/acquisition" href="http://docs.fedoraproject.org/en-US/Fedora_Security_Team/1/epub/Defensive_Coding/Fedora_Security_Team-1-Defensive_Coding-en-US.epub">
+ <dc:format>application/epub+zip</dc:format>
+ </link>
+ <!--link type="application/atom+xml;type=entry" href="" rel="alternate" title="Full entry"/-->
+ </entry>
+ <entry>
<title>Secure Ruby Development Guide</title>
<id>http://docs.fedoraproject.org/en-US/Fedora_Security_Team/1/epub/Secure_Ruby_Development_Guide/Fedora_Security_Team-1-Secure_Ruby_Development_Guide-en-US.epub</id>
<!--author>
@@ -21,7 +39,7 @@
</author-->
<updated>2014-07-14</updated>
<dc:language>sr-Latn-RS</dc:language>
- <category label="1" scheme="http://lexcycle.com/stanza/header" term="free"/>
+ <category label="" scheme="http://lexcycle.com/stanza/header" term="free"/>
<!--dc:issued></dc:issued-->
<summary>Guide to secure software development in Ruby</summary>
<content type="text">This guide covers security aspects of software development in Ruby.</content>
diff --git a/public_html/sr-Latn-RS/opds.xml b/public_html/sr-Latn-RS/opds.xml
index e678896..0b2f7d7 100644
--- a/public_html/sr-Latn-RS/opds.xml
+++ b/public_html/sr-Latn-RS/opds.xml
@@ -6,7 +6,7 @@
<link rel="http://opds-spec.org/crawlable" type="application/atom+xml" href="http://bookserver.archive.org/catalog/crawlable" title="Crawlable feed"/>
<id>http://docs.fedoraproject.org/sr-Latn-RS/opds.xml</id>
<title>Product List</title>
- <updated>2014-07-14T17:17:15</updated>
+ <updated>2014-07-21T13:54:31</updated>
<!--author>
<name></name>
<uri></uri>
@@ -15,7 +15,7 @@
<entry>
<title>Community Services Infrastructure</title>
<id>http://docs.fedoraproject.org/sr-Latn-RS/Community_Services_Infrastructure/opds-Community_Services_Infrastructure.xml</id>
- <updated>2014-07-14T17:17:14</updated>
+ <updated>2014-07-21T13:54:31</updated>
<dc:language>sr-Latn-RS</dc:language>
<content type="text"></content>
<link type="application/atom+xml" href="opds-Community_Services_Infrastructure.xml"/>
@@ -23,7 +23,7 @@
<entry>
<title>Fedora</title>
<id>http://docs.fedoraproject.org/sr-Latn-RS/Fedora/opds-Fedora.xml</id>
- <updated>2014-07-14T17:17:15</updated>
+ <updated>2014-07-21T13:54:31</updated>
<dc:language>sr-Latn-RS</dc:language>
<content type="text"></content>
<link type="application/atom+xml" href="opds-Fedora.xml"/>
@@ -31,7 +31,7 @@
<entry>
<title>Fedora Contributor Documentation</title>
<id>http://docs.fedoraproject.org/sr-Latn-RS/Fedora_Contributor_Documentation/opds-Fedora_Contributor_Documentation.xml</id>
- <updated>2014-07-14T17:17:15</updated>
+ <updated>2014-07-21T13:54:31</updated>
<dc:language>sr-Latn-RS</dc:language>
<content type="text"></content>
<link type="application/atom+xml" href="opds-Fedora_Contributor_Documentation.xml"/>
@@ -39,7 +39,7 @@
<entry>
<title>Fedora Core</title>
<id>http://docs.fedoraproject.org/sr-Latn-RS/Fedora_Core/opds-Fedora_Core.xml</id>
- <updated>2014-07-14T17:17:15</updated>
+ <updated>2014-07-21T13:54:31</updated>
<dc:language>sr-Latn-RS</dc:language>
<content type="text"></content>
<link type="application/atom+xml" href="opds-Fedora_Core.xml"/>
@@ -47,7 +47,7 @@
<entry>
<title>Fedora Documentation</title>
<id>http://docs.fedoraproject.org/sr-Latn-RS/Fedora_Documentation/opds-Fedora_Documentation.xml</id>
- <updated>2014-07-14T17:17:15</updated>
+ <updated>2014-07-21T13:54:31</updated>
<dc:language>sr-Latn-RS</dc:language>
<content type="text"></content>
<link type="application/atom+xml" href="opds-Fedora_Documentation.xml"/>
@@ -55,7 +55,7 @@
<entry>
<title>Fedora Draft Documentation</title>
<id>http://docs.fedoraproject.org/sr-Latn-RS/Fedora_Draft_Documentation/opds-Fedora_Draft_Documentation.xml</id>
- <updated>2014-07-14T17:17:15</updated>
+ <updated>2014-07-21T13:54:31</updated>
<dc:language>sr-Latn-RS</dc:language>
<content type="text"></content>
<link type="application/atom+xml" href="opds-Fedora_Draft_Documentation.xml"/>
@@ -63,7 +63,7 @@
<entry>
<title>Fedora Security Team</title>
<id>http://docs.fedoraproject.org/sr-Latn-RS/Fedora_Security_Team/opds-Fedora_Security_Team.xml</id>
- <updated>2014-07-14T17:17:15</updated>
+ <updated>2014-07-21T13:54:31</updated>
<dc:language>sr-Latn-RS</dc:language>
<content type="text"></content>
<link type="application/atom+xml" href="opds-Fedora_Security_Team.xml"/>
diff --git a/public_html/sr-Latn-RS/toc.html b/public_html/sr-Latn-RS/toc.html
index 4dc0553..1252562 100644
--- a/public_html/sr-Latn-RS/toc.html
+++ b/public_html/sr-Latn-RS/toc.html
@@ -1800,12 +1800,19 @@
<div class="product collapsed" onclick="toggle(event, 'Fedora_Security_Team');work=1;">
<span class="product">Fedora Security Team</span>
<div id='Fedora_Security_Team' class="versions hidden">
- <div id='Fedora_Security_Team.1' class="version collapsed" onclick="toggle(event, 'Fedora_Security_Team.1.books');">
- <span class="version">1</span>
- <div id='Fedora_Security_Team.1.books' class="books hidden">
+ <div id='Fedora_Security_Team.1' class="version collapsed" onclick="toggle(event, 'Fedora_Security_Team.1.books');"> <div id='Fedora_Security_Team.1.books' class="books">
<div id='Fedora_Security_Team.1' class="version collapsed untranslated" onclick="toggle(event, 'Fedora_Security_Team.1.untrans_books');">
<span class="version">Untranslated</span>
<div id='Fedora_Security_Team.1.untrans_books' class="books hidden">
+ <div id='Fedora_Security_Team.1.Defensive_Coding' class="book collapsed" onclick="toggle(event, 'Fedora_Security_Team.1.Defensive_Coding.types');">
+ <a class="type" href="../en-US/Fedora_Security_Team/1/html/Defensive_Coding/index.html" onclick="window.top.location='../en-US/Fedora_Security_Team/1/html/Defensive_Coding/index.html'"><span class="book">Defensive Coding</span></a>
+ <div id='Fedora_Security_Team.1.Defensive_Coding.types' class="types hidden" onclick="work=0;">
+ <a class="type" href="../en-US/./Fedora_Security_Team/1/epub/Defensive_Coding/Fedora_Security_Team-1-Defensive_Coding-en-US.epub" >epub</a>
+ <a class="type" href="../en-US/./Fedora_Security_Team/1/html/Defensive_Coding/index.html" onclick="window.top.location='../en-US/./Fedora_Security_Team/1/html/Defensive_Coding/index.html';return false;">html</a>
+ <a class="type" href="../en-US/./Fedora_Security_Team/1/html-single/Defensive_Coding/index.html" onclick="window.top.location='../en-US/./Fedora_Security_Team/1/html-single/Defensive_Coding/index.html';return false;">html-single</a>
+ <a class="type" href="../en-US/./Fedora_Security_Team/1/pdf/Defensive_Coding/Fedora_Security_Team-1-Defensive_Coding-en-US.pdf" onclick="window.top.location='../en-US/./Fedora_Security_Team/1/pdf/Defensive_Coding/Fedora_Security_Team-1-Defensive_Coding-en-US.pdf';return false;">pdf</a>
+ </div>
+ </div>
<div id='Fedora_Security_Team.1.Secure_Ruby_Development_Guide' class="book collapsed" onclick="toggle(event, 'Fedora_Security_Team.1.Secure_Ruby_Development_Guide.types');">
<a class="type" href="../en-US/Fedora_Security_Team/1/html/Secure_Ruby_Development_Guide/index.html" onclick="window.top.location='../en-US/Fedora_Security_Team/1/html/Secure_Ruby_Development_Guide/index.html'"><span class="book">Secure Ruby Development Guide</span></a>
<div id='Fedora_Security_Team.1.Secure_Ruby_Development_Guide.types' class="types hidden" onclick="work=0;">
diff --git a/public_html/sr-RS/Site_Statistics.html b/public_html/sr-RS/Site_Statistics.html
index 02caf19..bbbf9bd 100644
--- a/public_html/sr-RS/Site_Statistics.html
+++ b/public_html/sr-RS/Site_Statistics.html
@@ -28,7 +28,7 @@
<td>7</td>
<td>45</td>
<td>22</td>
- <td>166</td>
+ <td>167</td>
</tr>
<tr>
@@ -430,7 +430,7 @@
</table>
<div class="totals">
<b>Total Languages: </b>45<br />
- <b>Total Packages: </b>906
+ <b>Total Packages: </b>907
</div>
</body>
</html>
diff --git a/public_html/sr-RS/opds-Community_Services_Infrastructure.xml b/public_html/sr-RS/opds-Community_Services_Infrastructure.xml
index 2f01f0e..7e93c78 100644
--- a/public_html/sr-RS/opds-Community_Services_Infrastructure.xml
+++ b/public_html/sr-RS/opds-Community_Services_Infrastructure.xml
@@ -6,7 +6,7 @@
<id>http://docs.fedoraproject.org/sr-RS/opds-Community_Services_Infrastructure.xml</id>
<title>Community Services Infrastructure</title>
<subtitle>Community Services Infrastructure</subtitle>
- <updated>2014-07-14T17:17:15</updated>
+ <updated>2014-07-21T13:54:31</updated>
<!--author>
<name></name>
<uri></uri>
diff --git a/public_html/sr-RS/opds-Fedora.xml b/public_html/sr-RS/opds-Fedora.xml
index 6974d64..2d07437 100644
--- a/public_html/sr-RS/opds-Fedora.xml
+++ b/public_html/sr-RS/opds-Fedora.xml
@@ -6,7 +6,7 @@
<id>http://docs.fedoraproject.org/sr-RS/opds-Fedora.xml</id>
<title>Fedora</title>
<subtitle>Fedora</subtitle>
- <updated>2014-07-14T17:17:15</updated>
+ <updated>2014-07-21T13:54:32</updated>
<!--author>
<name></name>
<uri></uri>
diff --git a/public_html/sr-RS/opds-Fedora_Contributor_Documentation.xml b/public_html/sr-RS/opds-Fedora_Contributor_Documentation.xml
index 342d36b..c23437f 100644
--- a/public_html/sr-RS/opds-Fedora_Contributor_Documentation.xml
+++ b/public_html/sr-RS/opds-Fedora_Contributor_Documentation.xml
@@ -6,7 +6,7 @@
<id>http://docs.fedoraproject.org/sr-RS/opds-Fedora_Contributor_Documentation.xml</id>
<title>Fedora Contributor Documentation</title>
<subtitle>Fedora Contributor Documentation</subtitle>
- <updated>2014-07-14T17:17:15</updated>
+ <updated>2014-07-21T13:54:32</updated>
<!--author>
<name></name>
<uri></uri>
diff --git a/public_html/sr-RS/opds-Fedora_Core.xml b/public_html/sr-RS/opds-Fedora_Core.xml
index c6bcb25..b59212c 100644
--- a/public_html/sr-RS/opds-Fedora_Core.xml
+++ b/public_html/sr-RS/opds-Fedora_Core.xml
@@ -6,7 +6,7 @@
<id>http://docs.fedoraproject.org/sr-RS/opds-Fedora_Core.xml</id>
<title>Fedora Core</title>
<subtitle>Fedora Core</subtitle>
- <updated>2014-07-14T17:17:15</updated>
+ <updated>2014-07-21T13:54:32</updated>
<!--author>
<name></name>
<uri></uri>
diff --git a/public_html/sr-RS/opds-Fedora_Documentation.xml b/public_html/sr-RS/opds-Fedora_Documentation.xml
index ae25033..34b4962 100644
--- a/public_html/sr-RS/opds-Fedora_Documentation.xml
+++ b/public_html/sr-RS/opds-Fedora_Documentation.xml
@@ -6,7 +6,7 @@
<id>http://docs.fedoraproject.org/sr-RS/opds-Fedora_Documentation.xml</id>
<title>Fedora Documentation</title>
<subtitle>Fedora Documentation</subtitle>
- <updated>2014-07-14T17:17:15</updated>
+ <updated>2014-07-21T13:54:32</updated>
<!--author>
<name></name>
<uri></uri>
diff --git a/public_html/sr-RS/opds-Fedora_Draft_Documentation.xml b/public_html/sr-RS/opds-Fedora_Draft_Documentation.xml
index e7ac06b..47a22ee 100644
--- a/public_html/sr-RS/opds-Fedora_Draft_Documentation.xml
+++ b/public_html/sr-RS/opds-Fedora_Draft_Documentation.xml
@@ -6,7 +6,7 @@
<id>http://docs.fedoraproject.org/sr-RS/opds-Fedora_Draft_Documentation.xml</id>
<title>Fedora Draft Documentation</title>
<subtitle>Fedora Draft Documentation</subtitle>
- <updated>2014-07-14T17:17:15</updated>
+ <updated>2014-07-21T13:54:32</updated>
<!--author>
<name></name>
<uri></uri>
diff --git a/public_html/sr-RS/opds-Fedora_Security_Team.xml b/public_html/sr-RS/opds-Fedora_Security_Team.xml
index ac92e58..b949998 100644
--- a/public_html/sr-RS/opds-Fedora_Security_Team.xml
+++ b/public_html/sr-RS/opds-Fedora_Security_Team.xml
@@ -6,13 +6,31 @@
<id>http://docs.fedoraproject.org/sr-RS/opds-Fedora_Security_Team.xml</id>
<title>Fedora Security Team</title>
<subtitle>Fedora Security Team</subtitle>
- <updated>2014-07-14T17:17:15</updated>
+ <updated>2014-07-21T13:54:32</updated>
<!--author>
<name></name>
<uri></uri>
</author-->
<entry>
+ <title>Defensive Coding</title>
+ <id>http://docs.fedoraproject.org/en-US/Fedora_Security_Team/1/epub/Defensive_Coding/Fedora_Security_Team-1-Defensive_Coding-en-US.epub</id>
+ <!--author>
+ <name></name>
+ <uri></uri>
+ </author-->
+ <updated>2014-07-21</updated>
+ <dc:language>sr-RS</dc:language>
+ <category label="1" scheme="http://lexcycle.com/stanza/header" term="free"/>
+ <!--dc:issued></dc:issued-->
+ <summary>A Guide to Improving Software Security</summary>
+ <content type="text">This document provides guidelines for improving software security through secure coding. It covers common programming languages and libraries, and focuses on concrete recommendations.</content>
+ <link type="application/epub+zip" rel="http://opds-spec.org/acquisition" href="http://docs.fedoraproject.org/en-US/Fedora_Security_Team/1/epub/Defensive_Coding/Fedora_Security_Team-1-Defensive_Coding-en-US.epub">
+ <dc:format>application/epub+zip</dc:format>
+ </link>
+ <!--link type="application/atom+xml;type=entry" href="" rel="alternate" title="Full entry"/-->
+ </entry>
+ <entry>
<title>Secure Ruby Development Guide</title>
<id>http://docs.fedoraproject.org/en-US/Fedora_Security_Team/1/epub/Secure_Ruby_Development_Guide/Fedora_Security_Team-1-Secure_Ruby_Development_Guide-en-US.epub</id>
<!--author>
@@ -21,7 +39,7 @@
</author-->
<updated>2014-07-14</updated>
<dc:language>sr-RS</dc:language>
- <category label="1" scheme="http://lexcycle.com/stanza/header" term="free"/>
+ <category label="" scheme="http://lexcycle.com/stanza/header" term="free"/>
<!--dc:issued></dc:issued-->
<summary>Guide to secure software development in Ruby</summary>
<content type="text">This guide covers security aspects of software development in Ruby.</content>
diff --git a/public_html/sr-RS/opds.xml b/public_html/sr-RS/opds.xml
index b23a4cd..6bc7914 100644
--- a/public_html/sr-RS/opds.xml
+++ b/public_html/sr-RS/opds.xml
@@ -6,7 +6,7 @@
<link rel="http://opds-spec.org/crawlable" type="application/atom+xml" href="http://bookserver.archive.org/catalog/crawlable" title="Crawlable feed"/>
<id>http://docs.fedoraproject.org/sr-RS/opds.xml</id>
<title>Product List</title>
- <updated>2014-07-14T17:17:15</updated>
+ <updated>2014-07-21T13:54:32</updated>
<!--author>
<name></name>
<uri></uri>
@@ -15,7 +15,7 @@
<entry>
<title>Community Services Infrastructure</title>
<id>http://docs.fedoraproject.org/sr-RS/Community_Services_Infrastructure/opds-Community_Services_Infrastructure.xml</id>
- <updated>2014-07-14T17:17:15</updated>
+ <updated>2014-07-21T13:54:31</updated>
<dc:language>sr-RS</dc:language>
<content type="text"></content>
<link type="application/atom+xml" href="opds-Community_Services_Infrastructure.xml"/>
@@ -23,7 +23,7 @@
<entry>
<title>Fedora</title>
<id>http://docs.fedoraproject.org/sr-RS/Fedora/opds-Fedora.xml</id>
- <updated>2014-07-14T17:17:15</updated>
+ <updated>2014-07-21T13:54:32</updated>
<dc:language>sr-RS</dc:language>
<content type="text"></content>
<link type="application/atom+xml" href="opds-Fedora.xml"/>
@@ -31,7 +31,7 @@
<entry>
<title>Fedora Contributor Documentation</title>
<id>http://docs.fedoraproject.org/sr-RS/Fedora_Contributor_Documentation/opds-Fedora_Contributor_Documentation.xml</id>
- <updated>2014-07-14T17:17:15</updated>
+ <updated>2014-07-21T13:54:32</updated>
<dc:language>sr-RS</dc:language>
<content type="text"></content>
<link type="application/atom+xml" href="opds-Fedora_Contributor_Documentation.xml"/>
@@ -39,7 +39,7 @@
<entry>
<title>Fedora Core</title>
<id>http://docs.fedoraproject.org/sr-RS/Fedora_Core/opds-Fedora_Core.xml</id>
- <updated>2014-07-14T17:17:15</updated>
+ <updated>2014-07-21T13:54:32</updated>
<dc:language>sr-RS</dc:language>
<content type="text"></content>
<link type="application/atom+xml" href="opds-Fedora_Core.xml"/>
@@ -47,7 +47,7 @@
<entry>
<title>Fedora Documentation</title>
<id>http://docs.fedoraproject.org/sr-RS/Fedora_Documentation/opds-Fedora_Documentation.xml</id>
- <updated>2014-07-14T17:17:15</updated>
+ <updated>2014-07-21T13:54:32</updated>
<dc:language>sr-RS</dc:language>
<content type="text"></content>
<link type="application/atom+xml" href="opds-Fedora_Documentation.xml"/>
@@ -55,7 +55,7 @@
<entry>
<title>Fedora Draft Documentation</title>
<id>http://docs.fedoraproject.org/sr-RS/Fedora_Draft_Documentation/opds-Fedora_Draft_Documentation.xml</id>
- <updated>2014-07-14T17:17:15</updated>
+ <updated>2014-07-21T13:54:32</updated>
<dc:language>sr-RS</dc:language>
<content type="text"></content>
<link type="application/atom+xml" href="opds-Fedora_Draft_Documentation.xml"/>
@@ -63,7 +63,7 @@
<entry>
<title>Fedora Security Team</title>
<id>http://docs.fedoraproject.org/sr-RS/Fedora_Security_Team/opds-Fedora_Security_Team.xml</id>
- <updated>2014-07-14T17:17:15</updated>
+ <updated>2014-07-21T13:54:32</updated>
<dc:language>sr-RS</dc:language>
<content type="text"></content>
<link type="application/atom+xml" href="opds-Fedora_Security_Team.xml"/>
diff --git a/public_html/sr-RS/toc.html b/public_html/sr-RS/toc.html
index 65cef84..372a2d1 100644
--- a/public_html/sr-RS/toc.html
+++ b/public_html/sr-RS/toc.html
@@ -1809,12 +1809,19 @@
<div class="product collapsed" onclick="toggle(event, 'Fedora_Security_Team');work=1;">
<span class="product">Fedora Security Team</span>
<div id='Fedora_Security_Team' class="versions hidden">
- <div id='Fedora_Security_Team.1' class="version collapsed" onclick="toggle(event, 'Fedora_Security_Team.1.books');">
- <span class="version">1</span>
- <div id='Fedora_Security_Team.1.books' class="books hidden">
+ <div id='Fedora_Security_Team.1' class="version collapsed" onclick="toggle(event, 'Fedora_Security_Team.1.books');"> <div id='Fedora_Security_Team.1.books' class="books">
<div id='Fedora_Security_Team.1' class="version collapsed untranslated" onclick="toggle(event, 'Fedora_Security_Team.1.untrans_books');">
<span class="version">Untranslated</span>
<div id='Fedora_Security_Team.1.untrans_books' class="books hidden">
+ <div id='Fedora_Security_Team.1.Defensive_Coding' class="book collapsed" onclick="toggle(event, 'Fedora_Security_Team.1.Defensive_Coding.types');">
+ <a class="type" href="../en-US/Fedora_Security_Team/1/html/Defensive_Coding/index.html" onclick="window.top.location='../en-US/Fedora_Security_Team/1/html/Defensive_Coding/index.html'"><span class="book">Defensive Coding</span></a>
+ <div id='Fedora_Security_Team.1.Defensive_Coding.types' class="types hidden" onclick="work=0;">
+ <a class="type" href="../en-US/./Fedora_Security_Team/1/epub/Defensive_Coding/Fedora_Security_Team-1-Defensive_Coding-en-US.epub" >epub</a>
+ <a class="type" href="../en-US/./Fedora_Security_Team/1/html/Defensive_Coding/index.html" onclick="window.top.location='../en-US/./Fedora_Security_Team/1/html/Defensive_Coding/index.html';return false;">html</a>
+ <a class="type" href="../en-US/./Fedora_Security_Team/1/html-single/Defensive_Coding/index.html" onclick="window.top.location='../en-US/./Fedora_Security_Team/1/html-single/Defensive_Coding/index.html';return false;">html-single</a>
+ <a class="type" href="../en-US/./Fedora_Security_Team/1/pdf/Defensive_Coding/Fedora_Security_Team-1-Defensive_Coding-en-US.pdf" onclick="window.top.location='../en-US/./Fedora_Security_Team/1/pdf/Defensive_Coding/Fedora_Security_Team-1-Defensive_Coding-en-US.pdf';return false;">pdf</a>
+ </div>
+ </div>
<div id='Fedora_Security_Team.1.Secure_Ruby_Development_Guide' class="book collapsed" onclick="toggle(event, 'Fedora_Security_Team.1.Secure_Ruby_Development_Guide.types');">
<a class="type" href="../en-US/Fedora_Security_Team/1/html/Secure_Ruby_Development_Guide/index.html" onclick="window.top.location='../en-US/Fedora_Security_Team/1/html/Secure_Ruby_Development_Guide/index.html'"><span class="book">Secure Ruby Development Guide</span></a>
<div id='Fedora_Security_Team.1.Secure_Ruby_Development_Guide.types' class="types hidden" onclick="work=0;">
diff --git a/public_html/sv-SE/Site_Statistics.html b/public_html/sv-SE/Site_Statistics.html
index 02caf19..bbbf9bd 100644
--- a/public_html/sv-SE/Site_Statistics.html
+++ b/public_html/sv-SE/Site_Statistics.html
@@ -28,7 +28,7 @@
<td>7</td>
<td>45</td>
<td>22</td>
- <td>166</td>
+ <td>167</td>
</tr>
<tr>
@@ -430,7 +430,7 @@
</table>
<div class="totals">
<b>Total Languages: </b>45<br />
- <b>Total Packages: </b>906
+ <b>Total Packages: </b>907
</div>
</body>
</html>
diff --git a/public_html/sv-SE/opds-Community_Services_Infrastructure.xml b/public_html/sv-SE/opds-Community_Services_Infrastructure.xml
index e0edef8..d1436a7 100644
--- a/public_html/sv-SE/opds-Community_Services_Infrastructure.xml
+++ b/public_html/sv-SE/opds-Community_Services_Infrastructure.xml
@@ -6,7 +6,7 @@
<id>http://docs.fedoraproject.org/sv-SE/opds-Community_Services_Infrastructure.xml</id>
<title>Community Services Infrastructure</title>
<subtitle>Community Services Infrastructure</subtitle>
- <updated>2014-07-14T17:17:15</updated>
+ <updated>2014-07-21T13:54:32</updated>
<!--author>
<name></name>
<uri></uri>
diff --git a/public_html/sv-SE/opds-Fedora.xml b/public_html/sv-SE/opds-Fedora.xml
index 99365b2..ed53123 100644
--- a/public_html/sv-SE/opds-Fedora.xml
+++ b/public_html/sv-SE/opds-Fedora.xml
@@ -6,7 +6,7 @@
<id>http://docs.fedoraproject.org/sv-SE/opds-Fedora.xml</id>
<title>Fedora</title>
<subtitle>Fedora</subtitle>
- <updated>2014-07-14T17:17:15</updated>
+ <updated>2014-07-21T13:54:32</updated>
<!--author>
<name></name>
<uri></uri>
diff --git a/public_html/sv-SE/opds-Fedora_Contributor_Documentation.xml b/public_html/sv-SE/opds-Fedora_Contributor_Documentation.xml
index d49749c..e6c02f8 100644
--- a/public_html/sv-SE/opds-Fedora_Contributor_Documentation.xml
+++ b/public_html/sv-SE/opds-Fedora_Contributor_Documentation.xml
@@ -6,7 +6,7 @@
<id>http://docs.fedoraproject.org/sv-SE/opds-Fedora_Contributor_Documentation.xml</id>
<title>Fedora Contributor Documentation</title>
<subtitle>Fedora Contributor Documentation</subtitle>
- <updated>2014-07-14T17:17:15</updated>
+ <updated>2014-07-21T13:54:32</updated>
<!--author>
<name></name>
<uri></uri>
diff --git a/public_html/sv-SE/opds-Fedora_Core.xml b/public_html/sv-SE/opds-Fedora_Core.xml
index 8ad27c4..49c30a5 100644
--- a/public_html/sv-SE/opds-Fedora_Core.xml
+++ b/public_html/sv-SE/opds-Fedora_Core.xml
@@ -6,7 +6,7 @@
<id>http://docs.fedoraproject.org/sv-SE/opds-Fedora_Core.xml</id>
<title>Fedora Core</title>
<subtitle>Fedora Core</subtitle>
- <updated>2014-07-14T17:17:15</updated>
+ <updated>2014-07-21T13:54:32</updated>
<!--author>
<name></name>
<uri></uri>
diff --git a/public_html/sv-SE/opds-Fedora_Documentation.xml b/public_html/sv-SE/opds-Fedora_Documentation.xml
index eaf493c..484847c 100644
--- a/public_html/sv-SE/opds-Fedora_Documentation.xml
+++ b/public_html/sv-SE/opds-Fedora_Documentation.xml
@@ -6,7 +6,7 @@
<id>http://docs.fedoraproject.org/sv-SE/opds-Fedora_Documentation.xml</id>
<title>Fedora Documentation</title>
<subtitle>Fedora Documentation</subtitle>
- <updated>2014-07-14T17:17:15</updated>
+ <updated>2014-07-21T13:54:32</updated>
<!--author>
<name></name>
<uri></uri>
diff --git a/public_html/sv-SE/opds-Fedora_Draft_Documentation.xml b/public_html/sv-SE/opds-Fedora_Draft_Documentation.xml
index ead387e..0f0c305 100644
--- a/public_html/sv-SE/opds-Fedora_Draft_Documentation.xml
+++ b/public_html/sv-SE/opds-Fedora_Draft_Documentation.xml
@@ -6,7 +6,7 @@
<id>http://docs.fedoraproject.org/sv-SE/opds-Fedora_Draft_Documentation.xml</id>
<title>Fedora Draft Documentation</title>
<subtitle>Fedora Draft Documentation</subtitle>
- <updated>2014-07-14T17:17:15</updated>
+ <updated>2014-07-21T13:54:32</updated>
<!--author>
<name></name>
<uri></uri>
diff --git a/public_html/sv-SE/opds-Fedora_Security_Team.xml b/public_html/sv-SE/opds-Fedora_Security_Team.xml
index 3f856ac..6c493c1 100644
--- a/public_html/sv-SE/opds-Fedora_Security_Team.xml
+++ b/public_html/sv-SE/opds-Fedora_Security_Team.xml
@@ -6,13 +6,31 @@
<id>http://docs.fedoraproject.org/sv-SE/opds-Fedora_Security_Team.xml</id>
<title>Fedora Security Team</title>
<subtitle>Fedora Security Team</subtitle>
- <updated>2014-07-14T17:17:15</updated>
+ <updated>2014-07-21T13:54:32</updated>
<!--author>
<name></name>
<uri></uri>
</author-->
<entry>
+ <title>Defensive Coding</title>
+ <id>http://docs.fedoraproject.org/en-US/Fedora_Security_Team/1/epub/Defensive_Coding/Fedora_Security_Team-1-Defensive_Coding-en-US.epub</id>
+ <!--author>
+ <name></name>
+ <uri></uri>
+ </author-->
+ <updated>2014-07-21</updated>
+ <dc:language>sv-SE</dc:language>
+ <category label="1" scheme="http://lexcycle.com/stanza/header" term="free"/>
+ <!--dc:issued></dc:issued-->
+ <summary>A Guide to Improving Software Security</summary>
+ <content type="text">This document provides guidelines for improving software security through secure coding. It covers common programming languages and libraries, and focuses on concrete recommendations.</content>
+ <link type="application/epub+zip" rel="http://opds-spec.org/acquisition" href="http://docs.fedoraproject.org/en-US/Fedora_Security_Team/1/epub/Defensive_Coding/Fedora_Security_Team-1-Defensive_Coding-en-US.epub">
+ <dc:format>application/epub+zip</dc:format>
+ </link>
+ <!--link type="application/atom+xml;type=entry" href="" rel="alternate" title="Full entry"/-->
+ </entry>
+ <entry>
<title>Secure Ruby Development Guide</title>
<id>http://docs.fedoraproject.org/en-US/Fedora_Security_Team/1/epub/Secure_Ruby_Development_Guide/Fedora_Security_Team-1-Secure_Ruby_Development_Guide-en-US.epub</id>
<!--author>
@@ -21,7 +39,7 @@
</author-->
<updated>2014-07-14</updated>
<dc:language>sv-SE</dc:language>
- <category label="1" scheme="http://lexcycle.com/stanza/header" term="free"/>
+ <category label="" scheme="http://lexcycle.com/stanza/header" term="free"/>
<!--dc:issued></dc:issued-->
<summary>Guide to secure software development in Ruby</summary>
<content type="text">This guide covers security aspects of software development in Ruby.</content>
diff --git a/public_html/sv-SE/opds.xml b/public_html/sv-SE/opds.xml
index 87d02d5..6770739 100644
--- a/public_html/sv-SE/opds.xml
+++ b/public_html/sv-SE/opds.xml
@@ -6,7 +6,7 @@
<link rel="http://opds-spec.org/crawlable" type="application/atom+xml" href="http://bookserver.archive.org/catalog/crawlable" title="Crawlable feed"/>
<id>http://docs.fedoraproject.org/sv-SE/opds.xml</id>
<title>Product List</title>
- <updated>2014-07-14T17:17:15</updated>
+ <updated>2014-07-21T13:54:32</updated>
<!--author>
<name></name>
<uri></uri>
@@ -15,7 +15,7 @@
<entry>
<title>Community Services Infrastructure</title>
<id>http://docs.fedoraproject.org/sv-SE/Community_Services_Infrastructure/opds-Community_Services_Infrastructure.xml</id>
- <updated>2014-07-14T17:17:15</updated>
+ <updated>2014-07-21T13:54:32</updated>
<dc:language>sv-SE</dc:language>
<content type="text"></content>
<link type="application/atom+xml" href="opds-Community_Services_Infrastructure.xml"/>
@@ -23,7 +23,7 @@
<entry>
<title>Fedora</title>
<id>http://docs.fedoraproject.org/sv-SE/Fedora/opds-Fedora.xml</id>
- <updated>2014-07-14T17:17:15</updated>
+ <updated>2014-07-21T13:54:32</updated>
<dc:language>sv-SE</dc:language>
<content type="text"></content>
<link type="application/atom+xml" href="opds-Fedora.xml"/>
@@ -31,7 +31,7 @@
<entry>
<title>Fedora Contributor Documentation</title>
<id>http://docs.fedoraproject.org/sv-SE/Fedora_Contributor_Documentation/opds-Fedora_Contributor_Documentation.xml</id>
- <updated>2014-07-14T17:17:15</updated>
+ <updated>2014-07-21T13:54:32</updated>
<dc:language>sv-SE</dc:language>
<content type="text"></content>
<link type="application/atom+xml" href="opds-Fedora_Contributor_Documentation.xml"/>
@@ -39,7 +39,7 @@
<entry>
<title>Fedora Core</title>
<id>http://docs.fedoraproject.org/sv-SE/Fedora_Core/opds-Fedora_Core.xml</id>
- <updated>2014-07-14T17:17:15</updated>
+ <updated>2014-07-21T13:54:32</updated>
<dc:language>sv-SE</dc:language>
<content type="text"></content>
<link type="application/atom+xml" href="opds-Fedora_Core.xml"/>
@@ -47,7 +47,7 @@
<entry>
<title>Fedora Documentation</title>
<id>http://docs.fedoraproject.org/sv-SE/Fedora_Documentation/opds-Fedora_Documentation.xml</id>
- <updated>2014-07-14T17:17:15</updated>
+ <updated>2014-07-21T13:54:32</updated>
<dc:language>sv-SE</dc:language>
<content type="text"></content>
<link type="application/atom+xml" href="opds-Fedora_Documentation.xml"/>
@@ -55,7 +55,7 @@
<entry>
<title>Fedora Draft Documentation</title>
<id>http://docs.fedoraproject.org/sv-SE/Fedora_Draft_Documentation/opds-Fedora_Draft_Documentation.xml</id>
- <updated>2014-07-14T17:17:15</updated>
+ <updated>2014-07-21T13:54:32</updated>
<dc:language>sv-SE</dc:language>
<content type="text"></content>
<link type="application/atom+xml" href="opds-Fedora_Draft_Documentation.xml"/>
@@ -63,7 +63,7 @@
<entry>
<title>Fedora Security Team</title>
<id>http://docs.fedoraproject.org/sv-SE/Fedora_Security_Team/opds-Fedora_Security_Team.xml</id>
- <updated>2014-07-14T17:17:15</updated>
+ <updated>2014-07-21T13:54:32</updated>
<dc:language>sv-SE</dc:language>
<content type="text"></content>
<link type="application/atom+xml" href="opds-Fedora_Security_Team.xml"/>
diff --git a/public_html/sv-SE/toc.html b/public_html/sv-SE/toc.html
index d73f6a0..5acc598 100644
--- a/public_html/sv-SE/toc.html
+++ b/public_html/sv-SE/toc.html
@@ -1845,12 +1845,19 @@
<div class="product collapsed" onclick="toggle(event, 'Fedora_Security_Team');work=1;">
<span class="product">Fedora Security Team</span>
<div id='Fedora_Security_Team' class="versions hidden">
- <div id='Fedora_Security_Team.1' class="version collapsed" onclick="toggle(event, 'Fedora_Security_Team.1.books');">
- <span class="version">1</span>
- <div id='Fedora_Security_Team.1.books' class="books hidden">
+ <div id='Fedora_Security_Team.1' class="version collapsed" onclick="toggle(event, 'Fedora_Security_Team.1.books');"> <div id='Fedora_Security_Team.1.books' class="books">
<div id='Fedora_Security_Team.1' class="version collapsed untranslated" onclick="toggle(event, 'Fedora_Security_Team.1.untrans_books');">
<span class="version">Untranslated</span>
<div id='Fedora_Security_Team.1.untrans_books' class="books hidden">
+ <div id='Fedora_Security_Team.1.Defensive_Coding' class="book collapsed" onclick="toggle(event, 'Fedora_Security_Team.1.Defensive_Coding.types');">
+ <a class="type" href="../en-US/Fedora_Security_Team/1/html/Defensive_Coding/index.html" onclick="window.top.location='../en-US/Fedora_Security_Team/1/html/Defensive_Coding/index.html'"><span class="book">Defensive Coding</span></a>
+ <div id='Fedora_Security_Team.1.Defensive_Coding.types' class="types hidden" onclick="work=0;">
+ <a class="type" href="../en-US/./Fedora_Security_Team/1/epub/Defensive_Coding/Fedora_Security_Team-1-Defensive_Coding-en-US.epub" >epub</a>
+ <a class="type" href="../en-US/./Fedora_Security_Team/1/html/Defensive_Coding/index.html" onclick="window.top.location='../en-US/./Fedora_Security_Team/1/html/Defensive_Coding/index.html';return false;">html</a>
+ <a class="type" href="../en-US/./Fedora_Security_Team/1/html-single/Defensive_Coding/index.html" onclick="window.top.location='../en-US/./Fedora_Security_Team/1/html-single/Defensive_Coding/index.html';return false;">html-single</a>
+ <a class="type" href="../en-US/./Fedora_Security_Team/1/pdf/Defensive_Coding/Fedora_Security_Team-1-Defensive_Coding-en-US.pdf" onclick="window.top.location='../en-US/./Fedora_Security_Team/1/pdf/Defensive_Coding/Fedora_Security_Team-1-Defensive_Coding-en-US.pdf';return false;">pdf</a>
+ </div>
+ </div>
<div id='Fedora_Security_Team.1.Secure_Ruby_Development_Guide' class="book collapsed" onclick="toggle(event, 'Fedora_Security_Team.1.Secure_Ruby_Development_Guide.types');">
<a class="type" href="../en-US/Fedora_Security_Team/1/html/Secure_Ruby_Development_Guide/index.html" onclick="window.top.location='../en-US/Fedora_Security_Team/1/html/Secure_Ruby_Development_Guide/index.html'"><span class="book">Secure Ruby Development Guide</span></a>
<div id='Fedora_Security_Team.1.Secure_Ruby_Development_Guide.types' class="types hidden" onclick="work=0;">
diff --git a/public_html/ta-IN/Site_Statistics.html b/public_html/ta-IN/Site_Statistics.html
index 02caf19..bbbf9bd 100644
--- a/public_html/ta-IN/Site_Statistics.html
+++ b/public_html/ta-IN/Site_Statistics.html
@@ -28,7 +28,7 @@
<td>7</td>
<td>45</td>
<td>22</td>
- <td>166</td>
+ <td>167</td>
</tr>
<tr>
@@ -430,7 +430,7 @@
</table>
<div class="totals">
<b>Total Languages: </b>45<br />
- <b>Total Packages: </b>906
+ <b>Total Packages: </b>907
</div>
</body>
</html>
diff --git a/public_html/ta-IN/opds-Community_Services_Infrastructure.xml b/public_html/ta-IN/opds-Community_Services_Infrastructure.xml
index dd49848..19f9b69 100644
--- a/public_html/ta-IN/opds-Community_Services_Infrastructure.xml
+++ b/public_html/ta-IN/opds-Community_Services_Infrastructure.xml
@@ -6,7 +6,7 @@
<id>http://docs.fedoraproject.org/ta-IN/opds-Community_Services_Infrastructure.xml</id>
<title>Community Services Infrastructure</title>
<subtitle>Community Services Infrastructure</subtitle>
- <updated>2014-07-14T17:17:15</updated>
+ <updated>2014-07-21T13:54:32</updated>
<!--author>
<name></name>
<uri></uri>
diff --git a/public_html/ta-IN/opds-Fedora.xml b/public_html/ta-IN/opds-Fedora.xml
index fe99c2c..69056be 100644
--- a/public_html/ta-IN/opds-Fedora.xml
+++ b/public_html/ta-IN/opds-Fedora.xml
@@ -6,7 +6,7 @@
<id>http://docs.fedoraproject.org/ta-IN/opds-Fedora.xml</id>
<title>Fedora</title>
<subtitle>Fedora</subtitle>
- <updated>2014-07-14T17:17:15</updated>
+ <updated>2014-07-21T13:54:32</updated>
<!--author>
<name></name>
<uri></uri>
diff --git a/public_html/ta-IN/opds-Fedora_Contributor_Documentation.xml b/public_html/ta-IN/opds-Fedora_Contributor_Documentation.xml
index 1ac004e..4658f74 100644
--- a/public_html/ta-IN/opds-Fedora_Contributor_Documentation.xml
+++ b/public_html/ta-IN/opds-Fedora_Contributor_Documentation.xml
@@ -6,7 +6,7 @@
<id>http://docs.fedoraproject.org/ta-IN/opds-Fedora_Contributor_Documentation.xml</id>
<title>Fedora Contributor Documentation</title>
<subtitle>Fedora Contributor Documentation</subtitle>
- <updated>2014-07-14T17:17:15</updated>
+ <updated>2014-07-21T13:54:32</updated>
<!--author>
<name></name>
<uri></uri>
diff --git a/public_html/ta-IN/opds-Fedora_Core.xml b/public_html/ta-IN/opds-Fedora_Core.xml
index 027594c..ed3c3c1 100644
--- a/public_html/ta-IN/opds-Fedora_Core.xml
+++ b/public_html/ta-IN/opds-Fedora_Core.xml
@@ -6,7 +6,7 @@
<id>http://docs.fedoraproject.org/ta-IN/opds-Fedora_Core.xml</id>
<title>Fedora Core</title>
<subtitle>Fedora Core</subtitle>
- <updated>2014-07-14T17:17:15</updated>
+ <updated>2014-07-21T13:54:32</updated>
<!--author>
<name></name>
<uri></uri>
diff --git a/public_html/ta-IN/opds-Fedora_Documentation.xml b/public_html/ta-IN/opds-Fedora_Documentation.xml
index dec2fa7..316c1af 100644
--- a/public_html/ta-IN/opds-Fedora_Documentation.xml
+++ b/public_html/ta-IN/opds-Fedora_Documentation.xml
@@ -6,7 +6,7 @@
<id>http://docs.fedoraproject.org/ta-IN/opds-Fedora_Documentation.xml</id>
<title>Fedora Documentation</title>
<subtitle>Fedora Documentation</subtitle>
- <updated>2014-07-14T17:17:15</updated>
+ <updated>2014-07-21T13:54:32</updated>
<!--author>
<name></name>
<uri></uri>
diff --git a/public_html/ta-IN/opds-Fedora_Draft_Documentation.xml b/public_html/ta-IN/opds-Fedora_Draft_Documentation.xml
index f2d26c1..59eb8ed 100644
--- a/public_html/ta-IN/opds-Fedora_Draft_Documentation.xml
+++ b/public_html/ta-IN/opds-Fedora_Draft_Documentation.xml
@@ -6,7 +6,7 @@
<id>http://docs.fedoraproject.org/ta-IN/opds-Fedora_Draft_Documentation.xml</id>
<title>Fedora Draft Documentation</title>
<subtitle>Fedora Draft Documentation</subtitle>
- <updated>2014-07-14T17:17:15</updated>
+ <updated>2014-07-21T13:54:32</updated>
<!--author>
<name></name>
<uri></uri>
diff --git a/public_html/ta-IN/opds-Fedora_Security_Team.xml b/public_html/ta-IN/opds-Fedora_Security_Team.xml
index 09e4829..c397d9d 100644
--- a/public_html/ta-IN/opds-Fedora_Security_Team.xml
+++ b/public_html/ta-IN/opds-Fedora_Security_Team.xml
@@ -6,13 +6,31 @@
<id>http://docs.fedoraproject.org/ta-IN/opds-Fedora_Security_Team.xml</id>
<title>Fedora Security Team</title>
<subtitle>Fedora Security Team</subtitle>
- <updated>2014-07-14T17:17:15</updated>
+ <updated>2014-07-21T13:54:32</updated>
<!--author>
<name></name>
<uri></uri>
</author-->
<entry>
+ <title>Defensive Coding</title>
+ <id>http://docs.fedoraproject.org/en-US/Fedora_Security_Team/1/epub/Defensive_Coding/Fedora_Security_Team-1-Defensive_Coding-en-US.epub</id>
+ <!--author>
+ <name></name>
+ <uri></uri>
+ </author-->
+ <updated>2014-07-21</updated>
+ <dc:language>ta-IN</dc:language>
+ <category label="1" scheme="http://lexcycle.com/stanza/header" term="free"/>
+ <!--dc:issued></dc:issued-->
+ <summary>A Guide to Improving Software Security</summary>
+ <content type="text">This document provides guidelines for improving software security through secure coding. It covers common programming languages and libraries, and focuses on concrete recommendations.</content>
+ <link type="application/epub+zip" rel="http://opds-spec.org/acquisition" href="http://docs.fedoraproject.org/en-US/Fedora_Security_Team/1/epub/Defensive_Coding/Fedora_Security_Team-1-Defensive_Coding-en-US.epub">
+ <dc:format>application/epub+zip</dc:format>
+ </link>
+ <!--link type="application/atom+xml;type=entry" href="" rel="alternate" title="Full entry"/-->
+ </entry>
+ <entry>
<title>Secure Ruby Development Guide</title>
<id>http://docs.fedoraproject.org/en-US/Fedora_Security_Team/1/epub/Secure_Ruby_Development_Guide/Fedora_Security_Team-1-Secure_Ruby_Development_Guide-en-US.epub</id>
<!--author>
@@ -21,7 +39,7 @@
</author-->
<updated>2014-07-14</updated>
<dc:language>ta-IN</dc:language>
- <category label="1" scheme="http://lexcycle.com/stanza/header" term="free"/>
+ <category label="" scheme="http://lexcycle.com/stanza/header" term="free"/>
<!--dc:issued></dc:issued-->
<summary>Guide to secure software development in Ruby</summary>
<content type="text">This guide covers security aspects of software development in Ruby.</content>
diff --git a/public_html/ta-IN/opds.xml b/public_html/ta-IN/opds.xml
index b2672e5..8b40d9c 100644
--- a/public_html/ta-IN/opds.xml
+++ b/public_html/ta-IN/opds.xml
@@ -6,7 +6,7 @@
<link rel="http://opds-spec.org/crawlable" type="application/atom+xml" href="http://bookserver.archive.org/catalog/crawlable" title="Crawlable feed"/>
<id>http://docs.fedoraproject.org/ta-IN/opds.xml</id>
<title>Product List</title>
- <updated>2014-07-14T17:17:15</updated>
+ <updated>2014-07-21T13:54:32</updated>
<!--author>
<name></name>
<uri></uri>
@@ -15,7 +15,7 @@
<entry>
<title>Community Services Infrastructure</title>
<id>http://docs.fedoraproject.org/ta-IN/Community_Services_Infrastructure/opds-Community_Services_Infrastructure.xml</id>
- <updated>2014-07-14T17:17:15</updated>
+ <updated>2014-07-21T13:54:32</updated>
<dc:language>ta-IN</dc:language>
<content type="text"></content>
<link type="application/atom+xml" href="opds-Community_Services_Infrastructure.xml"/>
@@ -23,7 +23,7 @@
<entry>
<title>Fedora</title>
<id>http://docs.fedoraproject.org/ta-IN/Fedora/opds-Fedora.xml</id>
- <updated>2014-07-14T17:17:15</updated>
+ <updated>2014-07-21T13:54:32</updated>
<dc:language>ta-IN</dc:language>
<content type="text"></content>
<link type="application/atom+xml" href="opds-Fedora.xml"/>
@@ -31,7 +31,7 @@
<entry>
<title>Fedora Contributor Documentation</title>
<id>http://docs.fedoraproject.org/ta-IN/Fedora_Contributor_Documentation/opds-Fedora_Contributor_Documentation.xml</id>
- <updated>2014-07-14T17:17:15</updated>
+ <updated>2014-07-21T13:54:32</updated>
<dc:language>ta-IN</dc:language>
<content type="text"></content>
<link type="application/atom+xml" href="opds-Fedora_Contributor_Documentation.xml"/>
@@ -39,7 +39,7 @@
<entry>
<title>Fedora Core</title>
<id>http://docs.fedoraproject.org/ta-IN/Fedora_Core/opds-Fedora_Core.xml</id>
- <updated>2014-07-14T17:17:15</updated>
+ <updated>2014-07-21T13:54:32</updated>
<dc:language>ta-IN</dc:language>
<content type="text"></content>
<link type="application/atom+xml" href="opds-Fedora_Core.xml"/>
@@ -47,7 +47,7 @@
<entry>
<title>Fedora Documentation</title>
<id>http://docs.fedoraproject.org/ta-IN/Fedora_Documentation/opds-Fedora_Documentation.xml</id>
- <updated>2014-07-14T17:17:15</updated>
+ <updated>2014-07-21T13:54:32</updated>
<dc:language>ta-IN</dc:language>
<content type="text"></content>
<link type="application/atom+xml" href="opds-Fedora_Documentation.xml"/>
@@ -55,7 +55,7 @@
<entry>
<title>Fedora Draft Documentation</title>
<id>http://docs.fedoraproject.org/ta-IN/Fedora_Draft_Documentation/opds-Fedora_Draft_Documentation.xml</id>
- <updated>2014-07-14T17:17:15</updated>
+ <updated>2014-07-21T13:54:32</updated>
<dc:language>ta-IN</dc:language>
<content type="text"></content>
<link type="application/atom+xml" href="opds-Fedora_Draft_Documentation.xml"/>
@@ -63,7 +63,7 @@
<entry>
<title>Fedora Security Team</title>
<id>http://docs.fedoraproject.org/ta-IN/Fedora_Security_Team/opds-Fedora_Security_Team.xml</id>
- <updated>2014-07-14T17:17:15</updated>
+ <updated>2014-07-21T13:54:32</updated>
<dc:language>ta-IN</dc:language>
<content type="text"></content>
<link type="application/atom+xml" href="opds-Fedora_Security_Team.xml"/>
diff --git a/public_html/ta-IN/toc.html b/public_html/ta-IN/toc.html
index 5ad5cec..afba876 100644
--- a/public_html/ta-IN/toc.html
+++ b/public_html/ta-IN/toc.html
@@ -1800,12 +1800,19 @@
<div class="product collapsed" onclick="toggle(event, 'Fedora_Security_Team');work=1;">
<span class="product">Fedora Security Team</span>
<div id='Fedora_Security_Team' class="versions hidden">
- <div id='Fedora_Security_Team.1' class="version collapsed" onclick="toggle(event, 'Fedora_Security_Team.1.books');">
- <span class="version">1</span>
- <div id='Fedora_Security_Team.1.books' class="books hidden">
+ <div id='Fedora_Security_Team.1' class="version collapsed" onclick="toggle(event, 'Fedora_Security_Team.1.books');"> <div id='Fedora_Security_Team.1.books' class="books">
<div id='Fedora_Security_Team.1' class="version collapsed untranslated" onclick="toggle(event, 'Fedora_Security_Team.1.untrans_books');">
<span class="version">Untranslated</span>
<div id='Fedora_Security_Team.1.untrans_books' class="books hidden">
+ <div id='Fedora_Security_Team.1.Defensive_Coding' class="book collapsed" onclick="toggle(event, 'Fedora_Security_Team.1.Defensive_Coding.types');">
+ <a class="type" href="../en-US/Fedora_Security_Team/1/html/Defensive_Coding/index.html" onclick="window.top.location='../en-US/Fedora_Security_Team/1/html/Defensive_Coding/index.html'"><span class="book">Defensive Coding</span></a>
+ <div id='Fedora_Security_Team.1.Defensive_Coding.types' class="types hidden" onclick="work=0;">
+ <a class="type" href="../en-US/./Fedora_Security_Team/1/epub/Defensive_Coding/Fedora_Security_Team-1-Defensive_Coding-en-US.epub" >epub</a>
+ <a class="type" href="../en-US/./Fedora_Security_Team/1/html/Defensive_Coding/index.html" onclick="window.top.location='../en-US/./Fedora_Security_Team/1/html/Defensive_Coding/index.html';return false;">html</a>
+ <a class="type" href="../en-US/./Fedora_Security_Team/1/html-single/Defensive_Coding/index.html" onclick="window.top.location='../en-US/./Fedora_Security_Team/1/html-single/Defensive_Coding/index.html';return false;">html-single</a>
+ <a class="type" href="../en-US/./Fedora_Security_Team/1/pdf/Defensive_Coding/Fedora_Security_Team-1-Defensive_Coding-en-US.pdf" onclick="window.top.location='../en-US/./Fedora_Security_Team/1/pdf/Defensive_Coding/Fedora_Security_Team-1-Defensive_Coding-en-US.pdf';return false;">pdf</a>
+ </div>
+ </div>
<div id='Fedora_Security_Team.1.Secure_Ruby_Development_Guide' class="book collapsed" onclick="toggle(event, 'Fedora_Security_Team.1.Secure_Ruby_Development_Guide.types');">
<a class="type" href="../en-US/Fedora_Security_Team/1/html/Secure_Ruby_Development_Guide/index.html" onclick="window.top.location='../en-US/Fedora_Security_Team/1/html/Secure_Ruby_Development_Guide/index.html'"><span class="book">Secure Ruby Development Guide</span></a>
<div id='Fedora_Security_Team.1.Secure_Ruby_Development_Guide.types' class="types hidden" onclick="work=0;">
diff --git a/public_html/te-IN/Site_Statistics.html b/public_html/te-IN/Site_Statistics.html
index 02caf19..bbbf9bd 100644
--- a/public_html/te-IN/Site_Statistics.html
+++ b/public_html/te-IN/Site_Statistics.html
@@ -28,7 +28,7 @@
<td>7</td>
<td>45</td>
<td>22</td>
- <td>166</td>
+ <td>167</td>
</tr>
<tr>
@@ -430,7 +430,7 @@
</table>
<div class="totals">
<b>Total Languages: </b>45<br />
- <b>Total Packages: </b>906
+ <b>Total Packages: </b>907
</div>
</body>
</html>
diff --git a/public_html/te-IN/opds-Community_Services_Infrastructure.xml b/public_html/te-IN/opds-Community_Services_Infrastructure.xml
index ec92686..76fb424 100644
--- a/public_html/te-IN/opds-Community_Services_Infrastructure.xml
+++ b/public_html/te-IN/opds-Community_Services_Infrastructure.xml
@@ -6,7 +6,7 @@
<id>http://docs.fedoraproject.org/te-IN/opds-Community_Services_Infrastructure.xml</id>
<title>Community Services Infrastructure</title>
<subtitle>Community Services Infrastructure</subtitle>
- <updated>2014-07-14T17:17:15</updated>
+ <updated>2014-07-21T13:54:32</updated>
<!--author>
<name></name>
<uri></uri>
diff --git a/public_html/te-IN/opds-Fedora.xml b/public_html/te-IN/opds-Fedora.xml
index 9d47d4f..d61830e 100644
--- a/public_html/te-IN/opds-Fedora.xml
+++ b/public_html/te-IN/opds-Fedora.xml
@@ -6,7 +6,7 @@
<id>http://docs.fedoraproject.org/te-IN/opds-Fedora.xml</id>
<title>Fedora</title>
<subtitle>Fedora</subtitle>
- <updated>2014-07-14T17:17:15</updated>
+ <updated>2014-07-21T13:54:32</updated>
<!--author>
<name></name>
<uri></uri>
diff --git a/public_html/te-IN/opds-Fedora_Contributor_Documentation.xml b/public_html/te-IN/opds-Fedora_Contributor_Documentation.xml
index ccfa080..8816062 100644
--- a/public_html/te-IN/opds-Fedora_Contributor_Documentation.xml
+++ b/public_html/te-IN/opds-Fedora_Contributor_Documentation.xml
@@ -6,7 +6,7 @@
<id>http://docs.fedoraproject.org/te-IN/opds-Fedora_Contributor_Documentation.xml</id>
<title>Fedora Contributor Documentation</title>
<subtitle>Fedora Contributor Documentation</subtitle>
- <updated>2014-07-14T17:17:15</updated>
+ <updated>2014-07-21T13:54:32</updated>
<!--author>
<name></name>
<uri></uri>
diff --git a/public_html/te-IN/opds-Fedora_Core.xml b/public_html/te-IN/opds-Fedora_Core.xml
index b13190d..c453b2c 100644
--- a/public_html/te-IN/opds-Fedora_Core.xml
+++ b/public_html/te-IN/opds-Fedora_Core.xml
@@ -6,7 +6,7 @@
<id>http://docs.fedoraproject.org/te-IN/opds-Fedora_Core.xml</id>
<title>Fedora Core</title>
<subtitle>Fedora Core</subtitle>
- <updated>2014-07-14T17:17:15</updated>
+ <updated>2014-07-21T13:54:32</updated>
<!--author>
<name></name>
<uri></uri>
diff --git a/public_html/te-IN/opds-Fedora_Documentation.xml b/public_html/te-IN/opds-Fedora_Documentation.xml
index 5e91444..8d96ff6 100644
--- a/public_html/te-IN/opds-Fedora_Documentation.xml
+++ b/public_html/te-IN/opds-Fedora_Documentation.xml
@@ -6,7 +6,7 @@
<id>http://docs.fedoraproject.org/te-IN/opds-Fedora_Documentation.xml</id>
<title>Fedora Documentation</title>
<subtitle>Fedora Documentation</subtitle>
- <updated>2014-07-14T17:17:15</updated>
+ <updated>2014-07-21T13:54:32</updated>
<!--author>
<name></name>
<uri></uri>
diff --git a/public_html/te-IN/opds-Fedora_Draft_Documentation.xml b/public_html/te-IN/opds-Fedora_Draft_Documentation.xml
index b114d11..98d1259 100644
--- a/public_html/te-IN/opds-Fedora_Draft_Documentation.xml
+++ b/public_html/te-IN/opds-Fedora_Draft_Documentation.xml
@@ -6,7 +6,7 @@
<id>http://docs.fedoraproject.org/te-IN/opds-Fedora_Draft_Documentation.xml</id>
<title>Fedora Draft Documentation</title>
<subtitle>Fedora Draft Documentation</subtitle>
- <updated>2014-07-14T17:17:15</updated>
+ <updated>2014-07-21T13:54:32</updated>
<!--author>
<name></name>
<uri></uri>
diff --git a/public_html/te-IN/opds-Fedora_Security_Team.xml b/public_html/te-IN/opds-Fedora_Security_Team.xml
index 8aaf5db..dd5d91e 100644
--- a/public_html/te-IN/opds-Fedora_Security_Team.xml
+++ b/public_html/te-IN/opds-Fedora_Security_Team.xml
@@ -6,13 +6,31 @@
<id>http://docs.fedoraproject.org/te-IN/opds-Fedora_Security_Team.xml</id>
<title>Fedora Security Team</title>
<subtitle>Fedora Security Team</subtitle>
- <updated>2014-07-14T17:17:15</updated>
+ <updated>2014-07-21T13:54:32</updated>
<!--author>
<name></name>
<uri></uri>
</author-->
<entry>
+ <title>Defensive Coding</title>
+ <id>http://docs.fedoraproject.org/en-US/Fedora_Security_Team/1/epub/Defensive_Coding/Fedora_Security_Team-1-Defensive_Coding-en-US.epub</id>
+ <!--author>
+ <name></name>
+ <uri></uri>
+ </author-->
+ <updated>2014-07-21</updated>
+ <dc:language>te-IN</dc:language>
+ <category label="1" scheme="http://lexcycle.com/stanza/header" term="free"/>
+ <!--dc:issued></dc:issued-->
+ <summary>A Guide to Improving Software Security</summary>
+ <content type="text">This document provides guidelines for improving software security through secure coding. It covers common programming languages and libraries, and focuses on concrete recommendations.</content>
+ <link type="application/epub+zip" rel="http://opds-spec.org/acquisition" href="http://docs.fedoraproject.org/en-US/Fedora_Security_Team/1/epub/Defensive_Coding/Fedora_Security_Team-1-Defensive_Coding-en-US.epub">
+ <dc:format>application/epub+zip</dc:format>
+ </link>
+ <!--link type="application/atom+xml;type=entry" href="" rel="alternate" title="Full entry"/-->
+ </entry>
+ <entry>
<title>Secure Ruby Development Guide</title>
<id>http://docs.fedoraproject.org/en-US/Fedora_Security_Team/1/epub/Secure_Ruby_Development_Guide/Fedora_Security_Team-1-Secure_Ruby_Development_Guide-en-US.epub</id>
<!--author>
@@ -21,7 +39,7 @@
</author-->
<updated>2014-07-14</updated>
<dc:language>te-IN</dc:language>
- <category label="1" scheme="http://lexcycle.com/stanza/header" term="free"/>
+ <category label="" scheme="http://lexcycle.com/stanza/header" term="free"/>
<!--dc:issued></dc:issued-->
<summary>Guide to secure software development in Ruby</summary>
<content type="text">This guide covers security aspects of software development in Ruby.</content>
diff --git a/public_html/te-IN/opds.xml b/public_html/te-IN/opds.xml
index 1e9365d..a8ecaf1 100644
--- a/public_html/te-IN/opds.xml
+++ b/public_html/te-IN/opds.xml
@@ -6,7 +6,7 @@
<link rel="http://opds-spec.org/crawlable" type="application/atom+xml" href="http://bookserver.archive.org/catalog/crawlable" title="Crawlable feed"/>
<id>http://docs.fedoraproject.org/te-IN/opds.xml</id>
<title>Product List</title>
- <updated>2014-07-14T17:17:15</updated>
+ <updated>2014-07-21T13:54:32</updated>
<!--author>
<name></name>
<uri></uri>
@@ -15,7 +15,7 @@
<entry>
<title>Community Services Infrastructure</title>
<id>http://docs.fedoraproject.org/te-IN/Community_Services_Infrastructure/opds-Community_Services_Infrastructure.xml</id>
- <updated>2014-07-14T17:17:15</updated>
+ <updated>2014-07-21T13:54:32</updated>
<dc:language>te-IN</dc:language>
<content type="text"></content>
<link type="application/atom+xml" href="opds-Community_Services_Infrastructure.xml"/>
@@ -23,7 +23,7 @@
<entry>
<title>Fedora</title>
<id>http://docs.fedoraproject.org/te-IN/Fedora/opds-Fedora.xml</id>
- <updated>2014-07-14T17:17:15</updated>
+ <updated>2014-07-21T13:54:32</updated>
<dc:language>te-IN</dc:language>
<content type="text"></content>
<link type="application/atom+xml" href="opds-Fedora.xml"/>
@@ -31,7 +31,7 @@
<entry>
<title>Fedora Contributor Documentation</title>
<id>http://docs.fedoraproject.org/te-IN/Fedora_Contributor_Documentation/opds-Fedora_Contributor_Documentation.xml</id>
- <updated>2014-07-14T17:17:15</updated>
+ <updated>2014-07-21T13:54:32</updated>
<dc:language>te-IN</dc:language>
<content type="text"></content>
<link type="application/atom+xml" href="opds-Fedora_Contributor_Documentation.xml"/>
@@ -39,7 +39,7 @@
<entry>
<title>Fedora Core</title>
<id>http://docs.fedoraproject.org/te-IN/Fedora_Core/opds-Fedora_Core.xml</id>
- <updated>2014-07-14T17:17:15</updated>
+ <updated>2014-07-21T13:54:32</updated>
<dc:language>te-IN</dc:language>
<content type="text"></content>
<link type="application/atom+xml" href="opds-Fedora_Core.xml"/>
@@ -47,7 +47,7 @@
<entry>
<title>Fedora Documentation</title>
<id>http://docs.fedoraproject.org/te-IN/Fedora_Documentation/opds-Fedora_Documentation.xml</id>
- <updated>2014-07-14T17:17:15</updated>
+ <updated>2014-07-21T13:54:32</updated>
<dc:language>te-IN</dc:language>
<content type="text"></content>
<link type="application/atom+xml" href="opds-Fedora_Documentation.xml"/>
@@ -55,7 +55,7 @@
<entry>
<title>Fedora Draft Documentation</title>
<id>http://docs.fedoraproject.org/te-IN/Fedora_Draft_Documentation/opds-Fedora_Draft_Documentation.xml</id>
- <updated>2014-07-14T17:17:15</updated>
+ <updated>2014-07-21T13:54:32</updated>
<dc:language>te-IN</dc:language>
<content type="text"></content>
<link type="application/atom+xml" href="opds-Fedora_Draft_Documentation.xml"/>
@@ -63,7 +63,7 @@
<entry>
<title>Fedora Security Team</title>
<id>http://docs.fedoraproject.org/te-IN/Fedora_Security_Team/opds-Fedora_Security_Team.xml</id>
- <updated>2014-07-14T17:17:15</updated>
+ <updated>2014-07-21T13:54:32</updated>
<dc:language>te-IN</dc:language>
<content type="text"></content>
<link type="application/atom+xml" href="opds-Fedora_Security_Team.xml"/>
diff --git a/public_html/te-IN/toc.html b/public_html/te-IN/toc.html
index e69bb39..9a908c4 100644
--- a/public_html/te-IN/toc.html
+++ b/public_html/te-IN/toc.html
@@ -1800,12 +1800,19 @@
<div class="product collapsed" onclick="toggle(event, 'Fedora_Security_Team');work=1;">
<span class="product">Fedora Security Team</span>
<div id='Fedora_Security_Team' class="versions hidden">
- <div id='Fedora_Security_Team.1' class="version collapsed" onclick="toggle(event, 'Fedora_Security_Team.1.books');">
- <span class="version">1</span>
- <div id='Fedora_Security_Team.1.books' class="books hidden">
+ <div id='Fedora_Security_Team.1' class="version collapsed" onclick="toggle(event, 'Fedora_Security_Team.1.books');"> <div id='Fedora_Security_Team.1.books' class="books">
<div id='Fedora_Security_Team.1' class="version collapsed untranslated" onclick="toggle(event, 'Fedora_Security_Team.1.untrans_books');">
<span class="version">Untranslated</span>
<div id='Fedora_Security_Team.1.untrans_books' class="books hidden">
+ <div id='Fedora_Security_Team.1.Defensive_Coding' class="book collapsed" onclick="toggle(event, 'Fedora_Security_Team.1.Defensive_Coding.types');">
+ <a class="type" href="../en-US/Fedora_Security_Team/1/html/Defensive_Coding/index.html" onclick="window.top.location='../en-US/Fedora_Security_Team/1/html/Defensive_Coding/index.html'"><span class="book">Defensive Coding</span></a>
+ <div id='Fedora_Security_Team.1.Defensive_Coding.types' class="types hidden" onclick="work=0;">
+ <a class="type" href="../en-US/./Fedora_Security_Team/1/epub/Defensive_Coding/Fedora_Security_Team-1-Defensive_Coding-en-US.epub" >epub</a>
+ <a class="type" href="../en-US/./Fedora_Security_Team/1/html/Defensive_Coding/index.html" onclick="window.top.location='../en-US/./Fedora_Security_Team/1/html/Defensive_Coding/index.html';return false;">html</a>
+ <a class="type" href="../en-US/./Fedora_Security_Team/1/html-single/Defensive_Coding/index.html" onclick="window.top.location='../en-US/./Fedora_Security_Team/1/html-single/Defensive_Coding/index.html';return false;">html-single</a>
+ <a class="type" href="../en-US/./Fedora_Security_Team/1/pdf/Defensive_Coding/Fedora_Security_Team-1-Defensive_Coding-en-US.pdf" onclick="window.top.location='../en-US/./Fedora_Security_Team/1/pdf/Defensive_Coding/Fedora_Security_Team-1-Defensive_Coding-en-US.pdf';return false;">pdf</a>
+ </div>
+ </div>
<div id='Fedora_Security_Team.1.Secure_Ruby_Development_Guide' class="book collapsed" onclick="toggle(event, 'Fedora_Security_Team.1.Secure_Ruby_Development_Guide.types');">
<a class="type" href="../en-US/Fedora_Security_Team/1/html/Secure_Ruby_Development_Guide/index.html" onclick="window.top.location='../en-US/Fedora_Security_Team/1/html/Secure_Ruby_Development_Guide/index.html'"><span class="book">Secure Ruby Development Guide</span></a>
<div id='Fedora_Security_Team.1.Secure_Ruby_Development_Guide.types' class="types hidden" onclick="work=0;">
diff --git a/public_html/toc.html b/public_html/toc.html
index a4a4248..67444d1 100644
--- a/public_html/toc.html
+++ b/public_html/toc.html
@@ -4095,10 +4095,24 @@
<div class="product">
<span id="Fedora_Security_Team" class="product">Fedora Security Team</span>
<div class="versions">
- <div class="version">
- <span class="version">1</span> <div class="books">
+ <div class="books">
<div class="book">
+ <span id="Defensive_Coding" class="book">Defensive Coding</span>
+ <div class="types">
+
+ <a class="type" href="./en-US/Fedora_Security_Team/1/epub/Defensive_Coding/Fedora_Security_Team-1-Defensive_Coding-en-US.epub">epub</a>
+
+ <a class="type" href="./en-US/Fedora_Security_Team/1/html/Defensive_Coding/index.html">html</a>
+
+ <a class="type" href="./en-US/Fedora_Security_Team/1/html-single/Defensive_Coding/index.html">html-single</a>
+
+ <a class="type" href="./en-US/Fedora_Security_Team/1/pdf/Defensive_Coding/Fedora_Security_Team-1-Defensive_Coding-en-US.pdf">pdf</a>
+
+ </div>
+ </div>
+
+ <div class="book">
<span id="Secure_Ruby_Development_Guide" class="book">Secure Ruby Development Guide</span>
<div class="types">
@@ -4113,7 +4127,7 @@
</div>
</div>
- </div> </div> <div class="books">
+ </div> <div class="books">
<div class="book">
<span id="Defensive_Coding" class="book">Defensive Coding</span>
diff --git a/public_html/uk-UA/Site_Statistics.html b/public_html/uk-UA/Site_Statistics.html
index 2d96599..77b727a 100644
--- a/public_html/uk-UA/Site_Statistics.html
+++ b/public_html/uk-UA/Site_Statistics.html
@@ -28,7 +28,7 @@
<td>7</td>
<td>45</td>
<td>22</td>
- <td>166</td>
+ <td>167</td>
</tr>
<tr>
@@ -430,7 +430,7 @@
</table>
<div class="totals">
<b>Загалом мов: </b>45<br />
- <b>Загалом пакунків: </b>906
+ <b>Загалом пакунків: </b>907
</div>
</body>
</html>
diff --git a/public_html/uk-UA/opds-Community_Services_Infrastructure.xml b/public_html/uk-UA/opds-Community_Services_Infrastructure.xml
index 4927dce..78030ff 100644
--- a/public_html/uk-UA/opds-Community_Services_Infrastructure.xml
+++ b/public_html/uk-UA/opds-Community_Services_Infrastructure.xml
@@ -6,7 +6,7 @@
<id>http://docs.fedoraproject.org/uk-UA/opds-Community_Services_Infrastructure.xml</id>
<title>Community Services Infrastructure</title>
<subtitle>Community Services Infrastructure</subtitle>
- <updated>2014-07-14T17:17:16</updated>
+ <updated>2014-07-21T13:54:32</updated>
<!--author>
<name></name>
<uri></uri>
diff --git a/public_html/uk-UA/opds-Fedora.xml b/public_html/uk-UA/opds-Fedora.xml
index d2bc6e6..0e859db 100644
--- a/public_html/uk-UA/opds-Fedora.xml
+++ b/public_html/uk-UA/opds-Fedora.xml
@@ -6,7 +6,7 @@
<id>http://docs.fedoraproject.org/uk-UA/opds-Fedora.xml</id>
<title>Fedora</title>
<subtitle>Fedora</subtitle>
- <updated>2014-07-14T17:17:16</updated>
+ <updated>2014-07-21T13:54:32</updated>
<!--author>
<name></name>
<uri></uri>
diff --git a/public_html/uk-UA/opds-Fedora_Contributor_Documentation.xml b/public_html/uk-UA/opds-Fedora_Contributor_Documentation.xml
index cbe1fe9..e0f2cc2 100644
--- a/public_html/uk-UA/opds-Fedora_Contributor_Documentation.xml
+++ b/public_html/uk-UA/opds-Fedora_Contributor_Documentation.xml
@@ -6,7 +6,7 @@
<id>http://docs.fedoraproject.org/uk-UA/opds-Fedora_Contributor_Documentation.xml</id>
<title>Документація для учасника розробки Fedora</title>
<subtitle>Документація для учасника розробки Fedora</subtitle>
- <updated>2014-07-14T17:17:16</updated>
+ <updated>2014-07-21T13:54:32</updated>
<!--author>
<name></name>
<uri></uri>
diff --git a/public_html/uk-UA/opds-Fedora_Core.xml b/public_html/uk-UA/opds-Fedora_Core.xml
index a66ab36..5d056fb 100644
--- a/public_html/uk-UA/opds-Fedora_Core.xml
+++ b/public_html/uk-UA/opds-Fedora_Core.xml
@@ -6,7 +6,7 @@
<id>http://docs.fedoraproject.org/uk-UA/opds-Fedora_Core.xml</id>
<title>Fedora Core</title>
<subtitle>Fedora Core</subtitle>
- <updated>2014-07-14T17:17:16</updated>
+ <updated>2014-07-21T13:54:32</updated>
<!--author>
<name></name>
<uri></uri>
diff --git a/public_html/uk-UA/opds-Fedora_Documentation.xml b/public_html/uk-UA/opds-Fedora_Documentation.xml
index 07b7f7a..e765627 100644
--- a/public_html/uk-UA/opds-Fedora_Documentation.xml
+++ b/public_html/uk-UA/opds-Fedora_Documentation.xml
@@ -6,7 +6,7 @@
<id>http://docs.fedoraproject.org/uk-UA/opds-Fedora_Documentation.xml</id>
<title>Fedora Documentation</title>
<subtitle>Fedora Documentation</subtitle>
- <updated>2014-07-14T17:17:16</updated>
+ <updated>2014-07-21T13:54:32</updated>
<!--author>
<name></name>
<uri></uri>
diff --git a/public_html/uk-UA/opds-Fedora_Draft_Documentation.xml b/public_html/uk-UA/opds-Fedora_Draft_Documentation.xml
index ae8332c..c316a34 100644
--- a/public_html/uk-UA/opds-Fedora_Draft_Documentation.xml
+++ b/public_html/uk-UA/opds-Fedora_Draft_Documentation.xml
@@ -6,7 +6,7 @@
<id>http://docs.fedoraproject.org/uk-UA/opds-Fedora_Draft_Documentation.xml</id>
<title>Чернетки документації з Fedora</title>
<subtitle>Чернетки документації з Fedora</subtitle>
- <updated>2014-07-14T17:17:16</updated>
+ <updated>2014-07-21T13:54:32</updated>
<!--author>
<name></name>
<uri></uri>
diff --git a/public_html/uk-UA/opds-Fedora_Security_Team.xml b/public_html/uk-UA/opds-Fedora_Security_Team.xml
index 59b87c4..ecbe1b6 100644
--- a/public_html/uk-UA/opds-Fedora_Security_Team.xml
+++ b/public_html/uk-UA/opds-Fedora_Security_Team.xml
@@ -6,13 +6,31 @@
<id>http://docs.fedoraproject.org/uk-UA/opds-Fedora_Security_Team.xml</id>
<title>Fedora Security Team</title>
<subtitle>Fedora Security Team</subtitle>
- <updated>2014-07-14T17:17:16</updated>
+ <updated>2014-07-21T13:54:32</updated>
<!--author>
<name></name>
<uri></uri>
</author-->
<entry>
+ <title>Defensive Coding</title>
+ <id>http://docs.fedoraproject.org/en-US/Fedora_Security_Team/1/epub/Defensive_Coding/Fedora_Security_Team-1-Defensive_Coding-en-US.epub</id>
+ <!--author>
+ <name></name>
+ <uri></uri>
+ </author-->
+ <updated>2014-07-21</updated>
+ <dc:language>uk-UA</dc:language>
+ <category label="1" scheme="http://lexcycle.com/stanza/header" term="free"/>
+ <!--dc:issued></dc:issued-->
+ <summary>A Guide to Improving Software Security</summary>
+ <content type="text">This document provides guidelines for improving software security through secure coding. It covers common programming languages and libraries, and focuses on concrete recommendations.</content>
+ <link type="application/epub+zip" rel="http://opds-spec.org/acquisition" href="http://docs.fedoraproject.org/en-US/Fedora_Security_Team/1/epub/Defensive_Coding/Fedora_Security_Team-1-Defensive_Coding-en-US.epub">
+ <dc:format>application/epub+zip</dc:format>
+ </link>
+ <!--link type="application/atom+xml;type=entry" href="" rel="alternate" title="Full entry"/-->
+ </entry>
+ <entry>
<title>Secure Ruby Development Guide</title>
<id>http://docs.fedoraproject.org/en-US/Fedora_Security_Team/1/epub/Secure_Ruby_Development_Guide/Fedora_Security_Team-1-Secure_Ruby_Development_Guide-en-US.epub</id>
<!--author>
@@ -21,7 +39,7 @@
</author-->
<updated>2014-07-14</updated>
<dc:language>uk-UA</dc:language>
- <category label="1" scheme="http://lexcycle.com/stanza/header" term="free"/>
+ <category label="" scheme="http://lexcycle.com/stanza/header" term="free"/>
<!--dc:issued></dc:issued-->
<summary>Guide to secure software development in Ruby</summary>
<content type="text">This guide covers security aspects of software development in Ruby.</content>
diff --git a/public_html/uk-UA/opds.xml b/public_html/uk-UA/opds.xml
index ccccadd..2adef87 100644
--- a/public_html/uk-UA/opds.xml
+++ b/public_html/uk-UA/opds.xml
@@ -6,7 +6,7 @@
<link rel="http://opds-spec.org/crawlable" type="application/atom+xml" href="http://bookserver.archive.org/catalog/crawlable" title="Crawlable feed"/>
<id>http://docs.fedoraproject.org/uk-UA/opds.xml</id>
<title>Product List</title>
- <updated>2014-07-14T17:17:16</updated>
+ <updated>2014-07-21T13:54:32</updated>
<!--author>
<name></name>
<uri></uri>
@@ -15,7 +15,7 @@
<entry>
<title>Community Services Infrastructure</title>
<id>http://docs.fedoraproject.org/uk-UA/Community_Services_Infrastructure/opds-Community_Services_Infrastructure.xml</id>
- <updated>2014-07-14T17:17:16</updated>
+ <updated>2014-07-21T13:54:32</updated>
<dc:language>uk-UA</dc:language>
<content type="text"></content>
<link type="application/atom+xml" href="opds-Community_Services_Infrastructure.xml"/>
@@ -23,7 +23,7 @@
<entry>
<title>Fedora</title>
<id>http://docs.fedoraproject.org/uk-UA/Fedora/opds-Fedora.xml</id>
- <updated>2014-07-14T17:17:16</updated>
+ <updated>2014-07-21T13:54:32</updated>
<dc:language>uk-UA</dc:language>
<content type="text"></content>
<link type="application/atom+xml" href="opds-Fedora.xml"/>
@@ -31,7 +31,7 @@
<entry>
<title>Документація для учасника розробки Fedora</title>
<id>http://docs.fedoraproject.org/uk-UA/Fedora_Contributor_Documentation/opds-Fedora_Contributor_Documentation.xml</id>
- <updated>2014-07-14T17:17:16</updated>
+ <updated>2014-07-21T13:54:32</updated>
<dc:language>uk-UA</dc:language>
<content type="text"></content>
<link type="application/atom+xml" href="opds-Fedora_Contributor_Documentation.xml"/>
@@ -39,7 +39,7 @@
<entry>
<title>Fedora Core</title>
<id>http://docs.fedoraproject.org/uk-UA/Fedora_Core/opds-Fedora_Core.xml</id>
- <updated>2014-07-14T17:17:16</updated>
+ <updated>2014-07-21T13:54:32</updated>
<dc:language>uk-UA</dc:language>
<content type="text"></content>
<link type="application/atom+xml" href="opds-Fedora_Core.xml"/>
@@ -47,7 +47,7 @@
<entry>
<title>Fedora Documentation</title>
<id>http://docs.fedoraproject.org/uk-UA/Fedora_Documentation/opds-Fedora_Documentation.xml</id>
- <updated>2014-07-14T17:17:16</updated>
+ <updated>2014-07-21T13:54:32</updated>
<dc:language>uk-UA</dc:language>
<content type="text"></content>
<link type="application/atom+xml" href="opds-Fedora_Documentation.xml"/>
@@ -55,7 +55,7 @@
<entry>
<title>Чернетки документації з Fedora</title>
<id>http://docs.fedoraproject.org/uk-UA/Fedora_Draft_Documentation/opds-Fedora_Draft_Documentation.xml</id>
- <updated>2014-07-14T17:17:16</updated>
+ <updated>2014-07-21T13:54:32</updated>
<dc:language>uk-UA</dc:language>
<content type="text"></content>
<link type="application/atom+xml" href="opds-Fedora_Draft_Documentation.xml"/>
@@ -63,7 +63,7 @@
<entry>
<title>Fedora Security Team</title>
<id>http://docs.fedoraproject.org/uk-UA/Fedora_Security_Team/opds-Fedora_Security_Team.xml</id>
- <updated>2014-07-14T17:17:16</updated>
+ <updated>2014-07-21T13:54:32</updated>
<dc:language>uk-UA</dc:language>
<content type="text"></content>
<link type="application/atom+xml" href="opds-Fedora_Security_Team.xml"/>
diff --git a/public_html/uk-UA/toc.html b/public_html/uk-UA/toc.html
index 3a6a6d6..79b127f 100644
--- a/public_html/uk-UA/toc.html
+++ b/public_html/uk-UA/toc.html
@@ -1812,12 +1812,19 @@
<div class="product collapsed" onclick="toggle(event, 'Fedora_Security_Team');work=1;">
<span class="product">Fedora Security Team</span>
<div id='Fedora_Security_Team' class="versions hidden">
- <div id='Fedora_Security_Team.1' class="version collapsed" onclick="toggle(event, 'Fedora_Security_Team.1.books');">
- <span class="version">1</span>
- <div id='Fedora_Security_Team.1.books' class="books hidden">
+ <div id='Fedora_Security_Team.1' class="version collapsed" onclick="toggle(event, 'Fedora_Security_Team.1.books');"> <div id='Fedora_Security_Team.1.books' class="books">
<div id='Fedora_Security_Team.1' class="version collapsed untranslated" onclick="toggle(event, 'Fedora_Security_Team.1.untrans_books');">
<span class="version">Не перекладено</span>
<div id='Fedora_Security_Team.1.untrans_books' class="books hidden">
+ <div id='Fedora_Security_Team.1.Defensive_Coding' class="book collapsed" onclick="toggle(event, 'Fedora_Security_Team.1.Defensive_Coding.types');">
+ <a class="type" href="../en-US/Fedora_Security_Team/1/html/Defensive_Coding/index.html" onclick="window.top.location='../en-US/Fedora_Security_Team/1/html/Defensive_Coding/index.html'"><span class="book">Defensive Coding</span></a>
+ <div id='Fedora_Security_Team.1.Defensive_Coding.types' class="types hidden" onclick="work=0;">
+ <a class="type" href="../en-US/./Fedora_Security_Team/1/epub/Defensive_Coding/Fedora_Security_Team-1-Defensive_Coding-en-US.epub" >epub</a>
+ <a class="type" href="../en-US/./Fedora_Security_Team/1/html/Defensive_Coding/index.html" onclick="window.top.location='../en-US/./Fedora_Security_Team/1/html/Defensive_Coding/index.html';return false;">html</a>
+ <a class="type" href="../en-US/./Fedora_Security_Team/1/html-single/Defensive_Coding/index.html" onclick="window.top.location='../en-US/./Fedora_Security_Team/1/html-single/Defensive_Coding/index.html';return false;">html-single</a>
+ <a class="type" href="../en-US/./Fedora_Security_Team/1/pdf/Defensive_Coding/Fedora_Security_Team-1-Defensive_Coding-en-US.pdf" onclick="window.top.location='../en-US/./Fedora_Security_Team/1/pdf/Defensive_Coding/Fedora_Security_Team-1-Defensive_Coding-en-US.pdf';return false;">pdf</a>
+ </div>
+ </div>
<div id='Fedora_Security_Team.1.Secure_Ruby_Development_Guide' class="book collapsed" onclick="toggle(event, 'Fedora_Security_Team.1.Secure_Ruby_Development_Guide.types');">
<a class="type" href="../en-US/Fedora_Security_Team/1/html/Secure_Ruby_Development_Guide/index.html" onclick="window.top.location='../en-US/Fedora_Security_Team/1/html/Secure_Ruby_Development_Guide/index.html'"><span class="book">Secure Ruby Development Guide</span></a>
<div id='Fedora_Security_Team.1.Secure_Ruby_Development_Guide.types' class="types hidden" onclick="work=0;">
diff --git a/public_html/zh-CN/Site_Statistics.html b/public_html/zh-CN/Site_Statistics.html
index 02caf19..bbbf9bd 100644
--- a/public_html/zh-CN/Site_Statistics.html
+++ b/public_html/zh-CN/Site_Statistics.html
@@ -28,7 +28,7 @@
<td>7</td>
<td>45</td>
<td>22</td>
- <td>166</td>
+ <td>167</td>
</tr>
<tr>
@@ -430,7 +430,7 @@
</table>
<div class="totals">
<b>Total Languages: </b>45<br />
- <b>Total Packages: </b>906
+ <b>Total Packages: </b>907
</div>
</body>
</html>
diff --git a/public_html/zh-CN/opds-Community_Services_Infrastructure.xml b/public_html/zh-CN/opds-Community_Services_Infrastructure.xml
index 27bd77e..4617ffe 100644
--- a/public_html/zh-CN/opds-Community_Services_Infrastructure.xml
+++ b/public_html/zh-CN/opds-Community_Services_Infrastructure.xml
@@ -6,7 +6,7 @@
<id>http://docs.fedoraproject.org/zh-CN/opds-Community_Services_Infrastructure.xml</id>
<title>Community Services Infrastructure</title>
<subtitle>Community Services Infrastructure</subtitle>
- <updated>2014-07-14T17:17:16</updated>
+ <updated>2014-07-21T13:54:32</updated>
<!--author>
<name></name>
<uri></uri>
diff --git a/public_html/zh-CN/opds-Fedora.xml b/public_html/zh-CN/opds-Fedora.xml
index 0c49a66..d3af003 100644
--- a/public_html/zh-CN/opds-Fedora.xml
+++ b/public_html/zh-CN/opds-Fedora.xml
@@ -6,7 +6,7 @@
<id>http://docs.fedoraproject.org/zh-CN/opds-Fedora.xml</id>
<title>Fedora</title>
<subtitle>Fedora</subtitle>
- <updated>2014-07-14T17:17:16</updated>
+ <updated>2014-07-21T13:54:33</updated>
<!--author>
<name></name>
<uri></uri>
diff --git a/public_html/zh-CN/opds-Fedora_Contributor_Documentation.xml b/public_html/zh-CN/opds-Fedora_Contributor_Documentation.xml
index ae27fa4..ea5f06d 100644
--- a/public_html/zh-CN/opds-Fedora_Contributor_Documentation.xml
+++ b/public_html/zh-CN/opds-Fedora_Contributor_Documentation.xml
@@ -6,7 +6,7 @@
<id>http://docs.fedoraproject.org/zh-CN/opds-Fedora_Contributor_Documentation.xml</id>
<title>Fedora Contributor Documentation</title>
<subtitle>Fedora Contributor Documentation</subtitle>
- <updated>2014-07-14T17:17:16</updated>
+ <updated>2014-07-21T13:54:33</updated>
<!--author>
<name></name>
<uri></uri>
diff --git a/public_html/zh-CN/opds-Fedora_Core.xml b/public_html/zh-CN/opds-Fedora_Core.xml
index b82da0c..1b26c80 100644
--- a/public_html/zh-CN/opds-Fedora_Core.xml
+++ b/public_html/zh-CN/opds-Fedora_Core.xml
@@ -6,7 +6,7 @@
<id>http://docs.fedoraproject.org/zh-CN/opds-Fedora_Core.xml</id>
<title>Fedora Core</title>
<subtitle>Fedora Core</subtitle>
- <updated>2014-07-14T17:17:16</updated>
+ <updated>2014-07-21T13:54:33</updated>
<!--author>
<name></name>
<uri></uri>
diff --git a/public_html/zh-CN/opds-Fedora_Documentation.xml b/public_html/zh-CN/opds-Fedora_Documentation.xml
index f206817..9fdeb76 100644
--- a/public_html/zh-CN/opds-Fedora_Documentation.xml
+++ b/public_html/zh-CN/opds-Fedora_Documentation.xml
@@ -6,7 +6,7 @@
<id>http://docs.fedoraproject.org/zh-CN/opds-Fedora_Documentation.xml</id>
<title>Fedora Documentation</title>
<subtitle>Fedora Documentation</subtitle>
- <updated>2014-07-14T17:17:16</updated>
+ <updated>2014-07-21T13:54:33</updated>
<!--author>
<name></name>
<uri></uri>
diff --git a/public_html/zh-CN/opds-Fedora_Draft_Documentation.xml b/public_html/zh-CN/opds-Fedora_Draft_Documentation.xml
index 88c724f..2e11338 100644
--- a/public_html/zh-CN/opds-Fedora_Draft_Documentation.xml
+++ b/public_html/zh-CN/opds-Fedora_Draft_Documentation.xml
@@ -6,7 +6,7 @@
<id>http://docs.fedoraproject.org/zh-CN/opds-Fedora_Draft_Documentation.xml</id>
<title>Fedora Draft Documentation</title>
<subtitle>Fedora Draft Documentation</subtitle>
- <updated>2014-07-14T17:17:16</updated>
+ <updated>2014-07-21T13:54:33</updated>
<!--author>
<name></name>
<uri></uri>
diff --git a/public_html/zh-CN/opds-Fedora_Security_Team.xml b/public_html/zh-CN/opds-Fedora_Security_Team.xml
index 51981e1..a250adf 100644
--- a/public_html/zh-CN/opds-Fedora_Security_Team.xml
+++ b/public_html/zh-CN/opds-Fedora_Security_Team.xml
@@ -6,13 +6,31 @@
<id>http://docs.fedoraproject.org/zh-CN/opds-Fedora_Security_Team.xml</id>
<title>Fedora Security Team</title>
<subtitle>Fedora Security Team</subtitle>
- <updated>2014-07-14T17:17:16</updated>
+ <updated>2014-07-21T13:54:33</updated>
<!--author>
<name></name>
<uri></uri>
</author-->
<entry>
+ <title>Defensive Coding</title>
+ <id>http://docs.fedoraproject.org/en-US/Fedora_Security_Team/1/epub/Defensive_Coding/Fedora_Security_Team-1-Defensive_Coding-en-US.epub</id>
+ <!--author>
+ <name></name>
+ <uri></uri>
+ </author-->
+ <updated>2014-07-21</updated>
+ <dc:language>zh-CN</dc:language>
+ <category label="1" scheme="http://lexcycle.com/stanza/header" term="free"/>
+ <!--dc:issued></dc:issued-->
+ <summary>A Guide to Improving Software Security</summary>
+ <content type="text">This document provides guidelines for improving software security through secure coding. It covers common programming languages and libraries, and focuses on concrete recommendations.</content>
+ <link type="application/epub+zip" rel="http://opds-spec.org/acquisition" href="http://docs.fedoraproject.org/en-US/Fedora_Security_Team/1/epub/Defensive_Coding/Fedora_Security_Team-1-Defensive_Coding-en-US.epub">
+ <dc:format>application/epub+zip</dc:format>
+ </link>
+ <!--link type="application/atom+xml;type=entry" href="" rel="alternate" title="Full entry"/-->
+ </entry>
+ <entry>
<title>Secure Ruby Development Guide</title>
<id>http://docs.fedoraproject.org/en-US/Fedora_Security_Team/1/epub/Secure_Ruby_Development_Guide/Fedora_Security_Team-1-Secure_Ruby_Development_Guide-en-US.epub</id>
<!--author>
@@ -21,7 +39,7 @@
</author-->
<updated>2014-07-14</updated>
<dc:language>zh-CN</dc:language>
- <category label="1" scheme="http://lexcycle.com/stanza/header" term="free"/>
+ <category label="" scheme="http://lexcycle.com/stanza/header" term="free"/>
<!--dc:issued></dc:issued-->
<summary>Guide to secure software development in Ruby</summary>
<content type="text">This guide covers security aspects of software development in Ruby.</content>
diff --git a/public_html/zh-CN/opds.xml b/public_html/zh-CN/opds.xml
index 68d27ae..4d136a1 100644
--- a/public_html/zh-CN/opds.xml
+++ b/public_html/zh-CN/opds.xml
@@ -6,7 +6,7 @@
<link rel="http://opds-spec.org/crawlable" type="application/atom+xml" href="http://bookserver.archive.org/catalog/crawlable" title="Crawlable feed"/>
<id>http://docs.fedoraproject.org/zh-CN/opds.xml</id>
<title>Product List</title>
- <updated>2014-07-14T17:17:16</updated>
+ <updated>2014-07-21T13:54:33</updated>
<!--author>
<name></name>
<uri></uri>
@@ -15,7 +15,7 @@
<entry>
<title>Community Services Infrastructure</title>
<id>http://docs.fedoraproject.org/zh-CN/Community_Services_Infrastructure/opds-Community_Services_Infrastructure.xml</id>
- <updated>2014-07-14T17:17:16</updated>
+ <updated>2014-07-21T13:54:32</updated>
<dc:language>zh-CN</dc:language>
<content type="text"></content>
<link type="application/atom+xml" href="opds-Community_Services_Infrastructure.xml"/>
@@ -23,7 +23,7 @@
<entry>
<title>Fedora</title>
<id>http://docs.fedoraproject.org/zh-CN/Fedora/opds-Fedora.xml</id>
- <updated>2014-07-14T17:17:16</updated>
+ <updated>2014-07-21T13:54:33</updated>
<dc:language>zh-CN</dc:language>
<content type="text"></content>
<link type="application/atom+xml" href="opds-Fedora.xml"/>
@@ -31,7 +31,7 @@
<entry>
<title>Fedora Contributor Documentation</title>
<id>http://docs.fedoraproject.org/zh-CN/Fedora_Contributor_Documentation/opds-Fedora_Contributor_Documentation.xml</id>
- <updated>2014-07-14T17:17:16</updated>
+ <updated>2014-07-21T13:54:33</updated>
<dc:language>zh-CN</dc:language>
<content type="text"></content>
<link type="application/atom+xml" href="opds-Fedora_Contributor_Documentation.xml"/>
@@ -39,7 +39,7 @@
<entry>
<title>Fedora Core</title>
<id>http://docs.fedoraproject.org/zh-CN/Fedora_Core/opds-Fedora_Core.xml</id>
- <updated>2014-07-14T17:17:16</updated>
+ <updated>2014-07-21T13:54:33</updated>
<dc:language>zh-CN</dc:language>
<content type="text"></content>
<link type="application/atom+xml" href="opds-Fedora_Core.xml"/>
@@ -47,7 +47,7 @@
<entry>
<title>Fedora Documentation</title>
<id>http://docs.fedoraproject.org/zh-CN/Fedora_Documentation/opds-Fedora_Documentation.xml</id>
- <updated>2014-07-14T17:17:16</updated>
+ <updated>2014-07-21T13:54:33</updated>
<dc:language>zh-CN</dc:language>
<content type="text"></content>
<link type="application/atom+xml" href="opds-Fedora_Documentation.xml"/>
@@ -55,7 +55,7 @@
<entry>
<title>Fedora Draft Documentation</title>
<id>http://docs.fedoraproject.org/zh-CN/Fedora_Draft_Documentation/opds-Fedora_Draft_Documentation.xml</id>
- <updated>2014-07-14T17:17:16</updated>
+ <updated>2014-07-21T13:54:33</updated>
<dc:language>zh-CN</dc:language>
<content type="text"></content>
<link type="application/atom+xml" href="opds-Fedora_Draft_Documentation.xml"/>
@@ -63,7 +63,7 @@
<entry>
<title>Fedora Security Team</title>
<id>http://docs.fedoraproject.org/zh-CN/Fedora_Security_Team/opds-Fedora_Security_Team.xml</id>
- <updated>2014-07-14T17:17:16</updated>
+ <updated>2014-07-21T13:54:33</updated>
<dc:language>zh-CN</dc:language>
<content type="text"></content>
<link type="application/atom+xml" href="opds-Fedora_Security_Team.xml"/>
diff --git a/public_html/zh-CN/toc.html b/public_html/zh-CN/toc.html
index 465cb77..3ddfde9 100644
--- a/public_html/zh-CN/toc.html
+++ b/public_html/zh-CN/toc.html
@@ -1870,12 +1870,19 @@
<div class="product collapsed" onclick="toggle(event, 'Fedora_Security_Team');work=1;">
<span class="product">Fedora Security Team</span>
<div id='Fedora_Security_Team' class="versions hidden">
- <div id='Fedora_Security_Team.1' class="version collapsed" onclick="toggle(event, 'Fedora_Security_Team.1.books');">
- <span class="version">1</span>
- <div id='Fedora_Security_Team.1.books' class="books hidden">
+ <div id='Fedora_Security_Team.1' class="version collapsed" onclick="toggle(event, 'Fedora_Security_Team.1.books');"> <div id='Fedora_Security_Team.1.books' class="books">
<div id='Fedora_Security_Team.1' class="version collapsed untranslated" onclick="toggle(event, 'Fedora_Security_Team.1.untrans_books');">
<span class="version">Untranslated</span>
<div id='Fedora_Security_Team.1.untrans_books' class="books hidden">
+ <div id='Fedora_Security_Team.1.Defensive_Coding' class="book collapsed" onclick="toggle(event, 'Fedora_Security_Team.1.Defensive_Coding.types');">
+ <a class="type" href="../en-US/Fedora_Security_Team/1/html/Defensive_Coding/index.html" onclick="window.top.location='../en-US/Fedora_Security_Team/1/html/Defensive_Coding/index.html'"><span class="book">Defensive Coding</span></a>
+ <div id='Fedora_Security_Team.1.Defensive_Coding.types' class="types hidden" onclick="work=0;">
+ <a class="type" href="../en-US/./Fedora_Security_Team/1/epub/Defensive_Coding/Fedora_Security_Team-1-Defensive_Coding-en-US.epub" >epub</a>
+ <a class="type" href="../en-US/./Fedora_Security_Team/1/html/Defensive_Coding/index.html" onclick="window.top.location='../en-US/./Fedora_Security_Team/1/html/Defensive_Coding/index.html';return false;">html</a>
+ <a class="type" href="../en-US/./Fedora_Security_Team/1/html-single/Defensive_Coding/index.html" onclick="window.top.location='../en-US/./Fedora_Security_Team/1/html-single/Defensive_Coding/index.html';return false;">html-single</a>
+ <a class="type" href="../en-US/./Fedora_Security_Team/1/pdf/Defensive_Coding/Fedora_Security_Team-1-Defensive_Coding-en-US.pdf" onclick="window.top.location='../en-US/./Fedora_Security_Team/1/pdf/Defensive_Coding/Fedora_Security_Team-1-Defensive_Coding-en-US.pdf';return false;">pdf</a>
+ </div>
+ </div>
<div id='Fedora_Security_Team.1.Secure_Ruby_Development_Guide' class="book collapsed" onclick="toggle(event, 'Fedora_Security_Team.1.Secure_Ruby_Development_Guide.types');">
<a class="type" href="../en-US/Fedora_Security_Team/1/html/Secure_Ruby_Development_Guide/index.html" onclick="window.top.location='../en-US/Fedora_Security_Team/1/html/Secure_Ruby_Development_Guide/index.html'"><span class="book">Secure Ruby Development Guide</span></a>
<div id='Fedora_Security_Team.1.Secure_Ruby_Development_Guide.types' class="types hidden" onclick="work=0;">
diff --git a/public_html/zh-TW/Site_Statistics.html b/public_html/zh-TW/Site_Statistics.html
index 02caf19..bbbf9bd 100644
--- a/public_html/zh-TW/Site_Statistics.html
+++ b/public_html/zh-TW/Site_Statistics.html
@@ -28,7 +28,7 @@
<td>7</td>
<td>45</td>
<td>22</td>
- <td>166</td>
+ <td>167</td>
</tr>
<tr>
@@ -430,7 +430,7 @@
</table>
<div class="totals">
<b>Total Languages: </b>45<br />
- <b>Total Packages: </b>906
+ <b>Total Packages: </b>907
</div>
</body>
</html>
diff --git a/public_html/zh-TW/opds-Community_Services_Infrastructure.xml b/public_html/zh-TW/opds-Community_Services_Infrastructure.xml
index 8d53d3a..40c1294 100644
--- a/public_html/zh-TW/opds-Community_Services_Infrastructure.xml
+++ b/public_html/zh-TW/opds-Community_Services_Infrastructure.xml
@@ -6,7 +6,7 @@
<id>http://docs.fedoraproject.org/zh-TW/opds-Community_Services_Infrastructure.xml</id>
<title>Community Services Infrastructure</title>
<subtitle>Community Services Infrastructure</subtitle>
- <updated>2014-07-14T17:17:16</updated>
+ <updated>2014-07-21T13:54:33</updated>
<!--author>
<name></name>
<uri></uri>
diff --git a/public_html/zh-TW/opds-Fedora.xml b/public_html/zh-TW/opds-Fedora.xml
index ed5ef09..0208980 100644
--- a/public_html/zh-TW/opds-Fedora.xml
+++ b/public_html/zh-TW/opds-Fedora.xml
@@ -6,7 +6,7 @@
<id>http://docs.fedoraproject.org/zh-TW/opds-Fedora.xml</id>
<title>Fedora</title>
<subtitle>Fedora</subtitle>
- <updated>2014-07-14T17:17:16</updated>
+ <updated>2014-07-21T13:54:33</updated>
<!--author>
<name></name>
<uri></uri>
diff --git a/public_html/zh-TW/opds-Fedora_Contributor_Documentation.xml b/public_html/zh-TW/opds-Fedora_Contributor_Documentation.xml
index 0799e64..0a407b0 100644
--- a/public_html/zh-TW/opds-Fedora_Contributor_Documentation.xml
+++ b/public_html/zh-TW/opds-Fedora_Contributor_Documentation.xml
@@ -6,7 +6,7 @@
<id>http://docs.fedoraproject.org/zh-TW/opds-Fedora_Contributor_Documentation.xml</id>
<title>Fedora Contributor Documentation</title>
<subtitle>Fedora Contributor Documentation</subtitle>
- <updated>2014-07-14T17:17:16</updated>
+ <updated>2014-07-21T13:54:33</updated>
<!--author>
<name></name>
<uri></uri>
diff --git a/public_html/zh-TW/opds-Fedora_Core.xml b/public_html/zh-TW/opds-Fedora_Core.xml
index 82ac80b..2bf23c0 100644
--- a/public_html/zh-TW/opds-Fedora_Core.xml
+++ b/public_html/zh-TW/opds-Fedora_Core.xml
@@ -6,7 +6,7 @@
<id>http://docs.fedoraproject.org/zh-TW/opds-Fedora_Core.xml</id>
<title>Fedora Core</title>
<subtitle>Fedora Core</subtitle>
- <updated>2014-07-14T17:17:16</updated>
+ <updated>2014-07-21T13:54:33</updated>
<!--author>
<name></name>
<uri></uri>
diff --git a/public_html/zh-TW/opds-Fedora_Documentation.xml b/public_html/zh-TW/opds-Fedora_Documentation.xml
index 04fa886..b73e248 100644
--- a/public_html/zh-TW/opds-Fedora_Documentation.xml
+++ b/public_html/zh-TW/opds-Fedora_Documentation.xml
@@ -6,7 +6,7 @@
<id>http://docs.fedoraproject.org/zh-TW/opds-Fedora_Documentation.xml</id>
<title>Fedora Documentation</title>
<subtitle>Fedora Documentation</subtitle>
- <updated>2014-07-14T17:17:16</updated>
+ <updated>2014-07-21T13:54:33</updated>
<!--author>
<name></name>
<uri></uri>
diff --git a/public_html/zh-TW/opds-Fedora_Draft_Documentation.xml b/public_html/zh-TW/opds-Fedora_Draft_Documentation.xml
index 7064195..bb1099d 100644
--- a/public_html/zh-TW/opds-Fedora_Draft_Documentation.xml
+++ b/public_html/zh-TW/opds-Fedora_Draft_Documentation.xml
@@ -6,7 +6,7 @@
<id>http://docs.fedoraproject.org/zh-TW/opds-Fedora_Draft_Documentation.xml</id>
<title>Fedora Draft Documentation</title>
<subtitle>Fedora Draft Documentation</subtitle>
- <updated>2014-07-14T17:17:16</updated>
+ <updated>2014-07-21T13:54:33</updated>
<!--author>
<name></name>
<uri></uri>
diff --git a/public_html/zh-TW/opds-Fedora_Security_Team.xml b/public_html/zh-TW/opds-Fedora_Security_Team.xml
index 393da07..b94ac2b 100644
--- a/public_html/zh-TW/opds-Fedora_Security_Team.xml
+++ b/public_html/zh-TW/opds-Fedora_Security_Team.xml
@@ -6,13 +6,31 @@
<id>http://docs.fedoraproject.org/zh-TW/opds-Fedora_Security_Team.xml</id>
<title>Fedora Security Team</title>
<subtitle>Fedora Security Team</subtitle>
- <updated>2014-07-14T17:17:16</updated>
+ <updated>2014-07-21T13:54:33</updated>
<!--author>
<name></name>
<uri></uri>
</author-->
<entry>
+ <title>Defensive Coding</title>
+ <id>http://docs.fedoraproject.org/en-US/Fedora_Security_Team/1/epub/Defensive_Coding/Fedora_Security_Team-1-Defensive_Coding-en-US.epub</id>
+ <!--author>
+ <name></name>
+ <uri></uri>
+ </author-->
+ <updated>2014-07-21</updated>
+ <dc:language>zh-TW</dc:language>
+ <category label="1" scheme="http://lexcycle.com/stanza/header" term="free"/>
+ <!--dc:issued></dc:issued-->
+ <summary>A Guide to Improving Software Security</summary>
+ <content type="text">This document provides guidelines for improving software security through secure coding. It covers common programming languages and libraries, and focuses on concrete recommendations.</content>
+ <link type="application/epub+zip" rel="http://opds-spec.org/acquisition" href="http://docs.fedoraproject.org/en-US/Fedora_Security_Team/1/epub/Defensive_Coding/Fedora_Security_Team-1-Defensive_Coding-en-US.epub">
+ <dc:format>application/epub+zip</dc:format>
+ </link>
+ <!--link type="application/atom+xml;type=entry" href="" rel="alternate" title="Full entry"/-->
+ </entry>
+ <entry>
<title>Secure Ruby Development Guide</title>
<id>http://docs.fedoraproject.org/en-US/Fedora_Security_Team/1/epub/Secure_Ruby_Development_Guide/Fedora_Security_Team-1-Secure_Ruby_Development_Guide-en-US.epub</id>
<!--author>
@@ -21,7 +39,7 @@
</author-->
<updated>2014-07-14</updated>
<dc:language>zh-TW</dc:language>
- <category label="1" scheme="http://lexcycle.com/stanza/header" term="free"/>
+ <category label="" scheme="http://lexcycle.com/stanza/header" term="free"/>
<!--dc:issued></dc:issued-->
<summary>Guide to secure software development in Ruby</summary>
<content type="text">This guide covers security aspects of software development in Ruby.</content>
diff --git a/public_html/zh-TW/opds.xml b/public_html/zh-TW/opds.xml
index a3a73b0..d3e82f5 100644
--- a/public_html/zh-TW/opds.xml
+++ b/public_html/zh-TW/opds.xml
@@ -6,7 +6,7 @@
<link rel="http://opds-spec.org/crawlable" type="application/atom+xml" href="http://bookserver.archive.org/catalog/crawlable" title="Crawlable feed"/>
<id>http://docs.fedoraproject.org/zh-TW/opds.xml</id>
<title>Product List</title>
- <updated>2014-07-14T17:17:16</updated>
+ <updated>2014-07-21T13:54:33</updated>
<!--author>
<name></name>
<uri></uri>
@@ -15,7 +15,7 @@
<entry>
<title>Community Services Infrastructure</title>
<id>http://docs.fedoraproject.org/zh-TW/Community_Services_Infrastructure/opds-Community_Services_Infrastructure.xml</id>
- <updated>2014-07-14T17:17:16</updated>
+ <updated>2014-07-21T13:54:33</updated>
<dc:language>zh-TW</dc:language>
<content type="text"></content>
<link type="application/atom+xml" href="opds-Community_Services_Infrastructure.xml"/>
@@ -23,7 +23,7 @@
<entry>
<title>Fedora</title>
<id>http://docs.fedoraproject.org/zh-TW/Fedora/opds-Fedora.xml</id>
- <updated>2014-07-14T17:17:16</updated>
+ <updated>2014-07-21T13:54:33</updated>
<dc:language>zh-TW</dc:language>
<content type="text"></content>
<link type="application/atom+xml" href="opds-Fedora.xml"/>
@@ -31,7 +31,7 @@
<entry>
<title>Fedora Contributor Documentation</title>
<id>http://docs.fedoraproject.org/zh-TW/Fedora_Contributor_Documentation/opds-Fedora_Contributor_Documentation.xml</id>
- <updated>2014-07-14T17:17:16</updated>
+ <updated>2014-07-21T13:54:33</updated>
<dc:language>zh-TW</dc:language>
<content type="text"></content>
<link type="application/atom+xml" href="opds-Fedora_Contributor_Documentation.xml"/>
@@ -39,7 +39,7 @@
<entry>
<title>Fedora Core</title>
<id>http://docs.fedoraproject.org/zh-TW/Fedora_Core/opds-Fedora_Core.xml</id>
- <updated>2014-07-14T17:17:16</updated>
+ <updated>2014-07-21T13:54:33</updated>
<dc:language>zh-TW</dc:language>
<content type="text"></content>
<link type="application/atom+xml" href="opds-Fedora_Core.xml"/>
@@ -47,7 +47,7 @@
<entry>
<title>Fedora Documentation</title>
<id>http://docs.fedoraproject.org/zh-TW/Fedora_Documentation/opds-Fedora_Documentation.xml</id>
- <updated>2014-07-14T17:17:16</updated>
+ <updated>2014-07-21T13:54:33</updated>
<dc:language>zh-TW</dc:language>
<content type="text"></content>
<link type="application/atom+xml" href="opds-Fedora_Documentation.xml"/>
@@ -55,7 +55,7 @@
<entry>
<title>Fedora Draft Documentation</title>
<id>http://docs.fedoraproject.org/zh-TW/Fedora_Draft_Documentation/opds-Fedora_Draft_Documentation.xml</id>
- <updated>2014-07-14T17:17:16</updated>
+ <updated>2014-07-21T13:54:33</updated>
<dc:language>zh-TW</dc:language>
<content type="text"></content>
<link type="application/atom+xml" href="opds-Fedora_Draft_Documentation.xml"/>
@@ -63,7 +63,7 @@
<entry>
<title>Fedora Security Team</title>
<id>http://docs.fedoraproject.org/zh-TW/Fedora_Security_Team/opds-Fedora_Security_Team.xml</id>
- <updated>2014-07-14T17:17:16</updated>
+ <updated>2014-07-21T13:54:33</updated>
<dc:language>zh-TW</dc:language>
<content type="text"></content>
<link type="application/atom+xml" href="opds-Fedora_Security_Team.xml"/>
diff --git a/public_html/zh-TW/toc.html b/public_html/zh-TW/toc.html
index 6e9a2e6..736e179 100644
--- a/public_html/zh-TW/toc.html
+++ b/public_html/zh-TW/toc.html
@@ -1800,12 +1800,19 @@
<div class="product collapsed" onclick="toggle(event, 'Fedora_Security_Team');work=1;">
<span class="product">Fedora Security Team</span>
<div id='Fedora_Security_Team' class="versions hidden">
- <div id='Fedora_Security_Team.1' class="version collapsed" onclick="toggle(event, 'Fedora_Security_Team.1.books');">
- <span class="version">1</span>
- <div id='Fedora_Security_Team.1.books' class="books hidden">
+ <div id='Fedora_Security_Team.1' class="version collapsed" onclick="toggle(event, 'Fedora_Security_Team.1.books');"> <div id='Fedora_Security_Team.1.books' class="books">
<div id='Fedora_Security_Team.1' class="version collapsed untranslated" onclick="toggle(event, 'Fedora_Security_Team.1.untrans_books');">
<span class="version">Untranslated</span>
<div id='Fedora_Security_Team.1.untrans_books' class="books hidden">
+ <div id='Fedora_Security_Team.1.Defensive_Coding' class="book collapsed" onclick="toggle(event, 'Fedora_Security_Team.1.Defensive_Coding.types');">
+ <a class="type" href="../en-US/Fedora_Security_Team/1/html/Defensive_Coding/index.html" onclick="window.top.location='../en-US/Fedora_Security_Team/1/html/Defensive_Coding/index.html'"><span class="book">Defensive Coding</span></a>
+ <div id='Fedora_Security_Team.1.Defensive_Coding.types' class="types hidden" onclick="work=0;">
+ <a class="type" href="../en-US/./Fedora_Security_Team/1/epub/Defensive_Coding/Fedora_Security_Team-1-Defensive_Coding-en-US.epub" >epub</a>
+ <a class="type" href="../en-US/./Fedora_Security_Team/1/html/Defensive_Coding/index.html" onclick="window.top.location='../en-US/./Fedora_Security_Team/1/html/Defensive_Coding/index.html';return false;">html</a>
+ <a class="type" href="../en-US/./Fedora_Security_Team/1/html-single/Defensive_Coding/index.html" onclick="window.top.location='../en-US/./Fedora_Security_Team/1/html-single/Defensive_Coding/index.html';return false;">html-single</a>
+ <a class="type" href="../en-US/./Fedora_Security_Team/1/pdf/Defensive_Coding/Fedora_Security_Team-1-Defensive_Coding-en-US.pdf" onclick="window.top.location='../en-US/./Fedora_Security_Team/1/pdf/Defensive_Coding/Fedora_Security_Team-1-Defensive_Coding-en-US.pdf';return false;">pdf</a>
+ </div>
+ </div>
<div id='Fedora_Security_Team.1.Secure_Ruby_Development_Guide' class="book collapsed" onclick="toggle(event, 'Fedora_Security_Team.1.Secure_Ruby_Development_Guide.types');">
<a class="type" href="../en-US/Fedora_Security_Team/1/html/Secure_Ruby_Development_Guide/index.html" onclick="window.top.location='../en-US/Fedora_Security_Team/1/html/Secure_Ruby_Development_Guide/index.html'"><span class="book">Secure Ruby Development Guide</span></a>
<div id='Fedora_Security_Team.1.Secure_Ruby_Development_Guide.types' class="types hidden" onclick="work=0;">
More information about the docs-commits
mailing list