GitHub/school-of-sre
1
0
Fork 0
mirror of https://github.com/linkedin/school-of-sre synced 2026-01-20 07:28:03 +00:00
Code Issues Packages Projects Releases Wiki Activity

Deployed 52e7ed5 with MkDocs version: 1.1.2

Browse Source
This commit is contained in:
github-actions
2021-02-24 16:02:49 +00:00
parent 65fe7bf20b
commit bc0f89d4c8
22 changed files with 629 additions and 625 deletions
Download Patch File Download Diff File Expand all files Collapse all files

30
security/fundamentals/index.html
View File

@@ -1516,15 +1516,16 @@
<ul>
<li>Applications regularly fail to process transactions for many reasons. How they fail can determine if an application is secure or not.</li>
</ul>
<p><div class="highlight"><pre><span></span><code><span class="n">is_admin</span> <span class="o">=</span> <span class="kc">true</span><span class="p">;</span>
<span class="k">try</span> <span class="p">{</span>
<span class="n">code_which_may_faile</span><span class="p">();</span>
<span class="n">is_admin</span> <span class="o">=</span> <span class="n">is_user_assigned_role</span><span class="p">(</span><span class="s">&quot;Adminstrator&quot;</span><span class="p">);</span>
<span class="p">}</span>
<span class="k">catch</span> <span class="p">(</span><span class="n">Exception</span> <span class="n">err</span><span class="p">)</span> <span class="p">{</span>
<span class="n">log</span><span class="p">.</span><span class="na">error</span><span class="p">(</span><span class="n">err</span><span class="p">.</span><span class="na">toString</span><span class="p">());</span>
<span class="p">}</span>
</code></pre></div>
<p>```</p>
<p>is_admin = true;
try {
code_which_may_faile();
is_admin = is_user_assigned_role("Adminstrator");
}
catch (Exception err) {
log.error(err.toString());
}</p>
<p>```
- If either codeWhichMayFail() or isUserInRole fails or throws an exception, the user is an admin by default. This is obviously a security risk.</p>
</li>
<li>
@@ -1596,14 +1597,17 @@
<ul>
<li>Ciphers are the cornerstone of cryptography. A cipher is a set of algorithms that performs encryption or decryption on a message. An encryption algorithm (E) takes a secret key (k) and a message (m) and produces a ciphertext (c). Similarly, a Decryption algorithm (D) takes a secret key (K) and the previous resulting Ciphertext (C). They are represented as follows:</li>
</ul>
<div class="highlight"><pre><span></span><code>E(k,m) = c
<pre><code>
E(k,m) = c
D(k,c) = m
</code></pre></div>
</code></pre>
<ul>
<li>This also means that for it to be a cipher, it must satisfy the consistency equation as follows, making it possible to decrypt.</li>
</ul>
<div class="highlight"><pre><span></span><code>D(k,E(k,m)) = m
</code></pre></div>
<pre><code>
D(k,E(k,m)) = m
</code></pre>
<p>Stream Ciphers:</p>
<ul>
<li>The message is broken into characters or bits and enciphered with a key or keystream(should be random and generated independently of the message stream) that is as long as the plaintext bitstream.</li>