UZHACKERSW

Barqarorlik tamoyili
Prinsiplar -1 06.08.2023 246

Barqarorlik tamoyili Wikipedia

Qilayotgan ishlaringizda konservativ bo'ling, boshqalardan qabul qilgan narsada liberal bo'ling.

Ko'pincha server ilovalarini ishlab chiqishda qo'llaniladigan ushbu tamoyil siz boshqalarga yuborgan narsangiz imkon qadar minimal va mos bo'lishi kerakligini ta'kidlaydi, lekin agar uni qayta ishlash mumkin bo'lsa, mos kelmaydigan kiritishga ruxsat berishni maqsad qilishingiz kerak.

Ushbu tamoyilning maqsadi mustahkam tizimlarni yaratishdir, chunki agar niyat hali ham tushunilsa, ular noto'g'ri shakllangan ma'lumotlarni boshqarishi mumkin. Biroq, noto'g'ri kiritilgan ma'lumotlarni qabul qilish, ayniqsa, bunday kirishni qayta ishlash yaxshi sinovdan o'tkazilmagan bo'lsa, xavfsizlikka ta'sir qilishi mumkin. Ushbu ta'sirlar va boshqa masalalar Erik Allman tomonidan "Qayta ko'rib chiqilgan mustahkamlik printsipi" kitobida tasvirlangan.

Vaqt o'tishi bilan mos kelmaydigan kiritishga ruxsat berish, protokollarning rivojlanish qobiliyatini buzishi mumkin, chunki amalga oshiruvchilar oxir-oqibat o'z xususiyatlarini yaratish uchun ushbu liberallikka tayanadilar.

Shuningdek qarang: Hyrum qonuni

The Robustness Principle (Postel's Law)
Prinsiplar -1 06.08.2023 246

The Robustness Principle on Wikipedia

Be conservative in what you do, be liberal in what you accept from others.

Often applied in server application development, this principle states that what you send to others should be as minimal and conformant as possible, but you should aim to allow non-conformant input if it can be processed.

The goal of this principle is to build systems which are robust, as they can handle poorly formed input if the intent can still be understood. However, there are potentially security implications of accepting malformed input, particularly if the processing of such input is not well tested. These implications and other issues are described by Eric Allman in The Robustness Principle Reconsidered.

Allowing non-conformant input, in time, may undermine the ability of protocols to evolve as implementors will eventually rely on this liberality to build their features.

See Also: Hyrum's Law