Wiki Code na Kiyaye: Gidan yanar gizo na amintattun cod masu kyawawan halaye

Wiki Code na Kiyaye: Gidan yanar gizo na amintattun cod masu kyawawan halaye

Wiki Code na Kiyaye: Gidan yanar gizo na amintattun cod masu kyawawan halaye

Domin cigaban Ilimi da Ilimida Kimiyya da fasaha Gabaɗaya, koyaushe yana da mahimmancin aiwatar da ayyuka mafi kyau da inganci, matakan ko shawarwari (Ayyuka masu kyau) don cimma burin ƙarshe na, kawo 'ya'yan itace kowane aiki ko tsari.

Kuma Shiryawa ko Ci gaban software Kamar kowane irin IT da aikin ƙwararru, yana da nasa "Ayyuka masu kyau" hade da fannoni da yawa, musamman waɗanda suke da alaƙa da Tsaro ta yanar gizo na kayayyakin software da aka samar. Kuma a cikin wannan sakon za mu gabatar da wasu «Kyawawan Amintattun Lambobin Cody », daga wani shafin yanar gizo mai ban sha'awa da amfani "Wiki Code mai kariya", sosai game da Fagen ci gaba kyauta kuma a bude, azaman zaman kansa kuma a rufe.

Lasisi don ci gaban Free and Open Software: Ayyuka masu kyau

Lasisi don ci gaban Free and Open Software: Ayyuka masu kyau

Kafin shiga cikin batun, kamar yadda muka saba, daga baya za mu bar wasu hanyoyin zuwa littattafan da suka gabata dangane da batun «Kyawawan Ayyuka a cikin Shirye-shirye ko Ci gaban Software ».

"Practices kyawawan halaye waɗanda "Lambar Ci Gaban Gabatarwa" na Bankin Cigaban Amurka, kan iyakokin Software lasisi, wanda dole ne a ɗauka yayin haɓaka samfuran software (kayan aikin dijital), musamman kyauta da buɗe." Lasisi don ci gaban Free and Open Software: Ayyuka masu kyau

Lasisi don ci gaban Free and Open Software: Ayyuka masu kyau
Labari mai dangantaka:
Lasisi don ci gaban Free and Open Software: Ayyuka masu kyau

Ingancin fasaha: Ayyuka masu kyau wajen haɓaka Software na Kyauta
Labari mai dangantaka:
Ingancin fasaha: Ayyuka masu kyau wajen haɓaka Software na Kyauta
Takardar aiki: Ayyuka masu kyau don haɓaka software kyauta da buɗewa
Labari mai dangantaka:
Ayyuka masu kyau don haɓaka kyauta da buɗaɗɗen Software: Takaddun shaida

Wiki Mai Kiyaye Sirri: Kyakkyawan Amintaccen Coding Kira

Wiki Mai Kiyaye Sirri: Kyakkyawan Amintaccen Coding Kira

Menene Secure Code na Wiki?

Kamar yadda matanin ta ya fada shafin yanar gizo:

"Secure Code mai karewa tabbatacce ne na ayyukan adana lambobi don yaruka da yawa."

Kuma kun kasance kyawawan ayyuka da kuma shafin yanar gizo na "Wiki Code mai kariya" an ƙirƙira kuma an kiyaye ta wata ƙungiyar Indiya da ake kira Payatus.

Misalan kyawawan Ayyuka ta nau'ikan Yarukan Shirye-shirye

Tunda, gidan yanar gizon yana cikin Turanci, za mu nuna wasu misalan amintaccen lamba game da daban-daban harsuna shirye-shirye, wasu kyauta kuma a bude, wasu kuma masu zaman kansu ne kuma an rufe su, an bayar dasu ta hanyar yanar gizo bincika ƙimar da ingancin abun ciki loda

Bugu da kari, yana da mahimmanci a haskaka hakan Ayyuka masu kyau wanda aka nuna akan Fagen ci gaba mai zuwa:

  • .NET
  • Java
  • Java Domin Android
  • Kotlin
  • NodeJS
  • Manufar C
  • PHP
  • Python
  • Ruby
  • Swift
  • WordPress

An rarraba su zuwa nau'ikan da ke zuwa don Yarukan Desktop:

  • A1 - Allura (Allura)
  • A2 - Tantance kalmar sirri ta karye (Broken Gasktawa)
  • A3 - Bayyanannen bayanai masu mahimmanci (Bayyanar Bayanin Mahimmanci)
  • A4 - XML ​​Mahalli na waje (XML na Entasashen Waje / XXE)
  • A5 - Ikon sarrafa hanya mara kyau (Kenarƙashin Rarraba Accessarfafawa)
  • A6 - sake fasalin yanayin tsaro (Kuskuren Tsaro)
  • A7 - Rubuta Tsarin Yanar Gizo (Rubutun Tsarin Gida / XSS)
  • A8 - Rashin son tsaro (Rashin tsaro)
  • A9 - Amfani da abubuwan haɗi tare da sanannun rauni (Yin amfani da Kayan aiki tare da Sanannun ulananan lamuran aiki)
  • A10 - Rashin isassun rajista da kulawa (Suarancin Shiga ciki da Kulawa)

Kuma an raba shi zuwa rukunan masu zuwa don Yarukan Waya:

  • M1 - Rashin amfani da dandamali (Amfani da Kayan Samfu Na Inganci)
  • M2 - Adana bayanai mara tsaro (Sirrin Bayanai Na Tsare)
  • M3 - Sadarwa mara tsaro (Sadarwa mara tsaro)
  • M4 - Tantance kalmar sirri (Tabbatarwa mara tsaro)
  • M5 - cryptoarancin rubutun kalmomi (Suarancin Cryptography)
  • M6 - Izini mara izini (Izini mara tsaro)
  • M7 - Ingancin lambar abokin ciniki (Ingantaccen Lambar Abokin Ciniki)
  • M8 - Yin amfani da lambar (Lambar Cin Hanci)
  • M9 - Ingantaccen Injiniya (Gyara Injiniya)
  • M10 - Aikin ban mamaki (Karin Bayani)

Misali 1:. Net (A1- Allura)

Amfani da maapin alaƙar abu (ORM) ko hanyoyin da aka adana ita ce hanya mafi inganci don magance ƙarancin shigar SQL.

Misali 2: Java (A2 - Tantance kalmar sirri ta karye)

Duk lokacin da zai yiwu, aiwatar da tabbatattun abubuwa da yawa don hana keɓaɓɓiyar abu, sharar takardun shaidarka, brarfin zalunci, da sake amfani da hare-hare akan takardun shaidan da aka sata.

Misali na 3: Java Na Android (M3 - Sadarwa mara tsaro)

Yana da mahimmanci a yi amfani da SSL / TLS zuwa tashoshin jigilar kaya waɗanda aikace-aikacen hannu ke amfani da su don watsa bayanai masu mahimmanci, alamun zaman ko wasu bayanai masu mahimmanci ga API na baya ko sabis ɗin yanar gizo.

Misali 4: Kotlin (M4 - Ingantaccen Ingantaccen Gaske)

Guji rauni alamu

Misali 5: NodeJS (A5 - Sarrafa Mummunan Dama)

Ikon isa ga samfurin yakamata ya tilasta mallakar bayanan, maimakon barin mai amfani ya ƙirƙiri, karanta, sabuntawa, ko share kowane rikodin.

Misali 6: Manufa C (M6 - Ba shi da izinin izini)

Aikace-aikace yakamata a guji amfani da lambobin da ake tsammani azaman bayanin ishara.

Misali 7: PHP (A7 - Rubutun Yanar Giciye)

Sanya dukkan haruffa na musamman ta amfani da htmlspecialchars () ko htmlentities () [idan yana cikin alamun html].

Misali 8: Python (A8 - Son Zuciya)

Pickle da jsonpickle koyaushe bashi da aminci, kar a taɓa amfani da shi don ɓatar da amintaccen bayanan.

Misali 9: Python (A9 - Amfani da Kayan aiki tare da Sanannun Varfafawa)

Gudanar da aikace-aikacen tare da mafi ƙarancin mai amfani

Misali 10: Swift (M10 - Baƙon aiki)

Cire ayyukan ɓoyayyen ɓoyayyen baya ko wasu ragamar tsaro na cikin gida waɗanda ba a nufin fitarwa a cikin yanayin samarwa.

Misali 11: WordPress (XML-RPC Kashe)

XML-RPC sigar WordPress ce wacce ke ba da damar canja wurin bayanai tsakanin WordPress da sauran tsarin. Yau REST API ya mamaye ta, amma har yanzu yana cikin abubuwan shigar don daidaitawar baya. Idan aka kunna shi a cikin WordPress, mai kawo hari zai iya yin zalunci, harin pingback (SSRF), da sauransu.

Hoton hoto don ƙarshen labarin

ƙarshe

Muna fatan wannan "amfani kadan post" game da gidan yanar gizon da ake kira «Secure Code Wiki», wanda ke ba da mahimman bayanai masu alaƙa da «Kyawawan Amintattun Lambobin Cody »; yana da matukar amfani da amfani, ga duka «Comunidad de Software Libre y Código Abierto» kuma yana da babbar gudummawa wajan yada kyawawan al'adu, manyan halittu da girma na aikace-aikacen «GNU/Linux».

A yanzu, idan kuna son wannan publicación, Kar ka tsaya raba shi tare da wasu, akan rukunin yanar gizon da kuka fi so, tashoshi, ƙungiyoyi ko al'ummomin hanyoyin sadarwar jama'a ko tsarin aika saƙon, zai fi dacewa kyauta, buɗewa da / ko amintacce kamar yadda sakon wayaSignalMastodon ko wani na Mai rarrabewa, zai fi dacewa.

Kuma ku tuna ziyarci gidanmu na farko a «DagaLinux» don bincika ƙarin labarai, da shiga tashar tashar mu ta hukuma Sakon waya daga FromLinuxDuk da yake, don ƙarin bayani, zaku iya ziyarci kowane Laburaren kan layi kamar yadda OpenLibra y JITIT, don samun dama da karanta littattafan dijital (PDFs) akan wannan batun ko wasu.


Abubuwan da ke cikin labarin suna bin ka'idodinmu na ka'idojin edita. Don yin rahoton kuskure danna a nan.

Sharhi, bar naka

Bar tsokaci

Your email address ba za a buga. Bukata filayen suna alama da *

*

*

  1. Mai alhakin bayanan: Miguel Ángel Gatón
  2. Dalilin bayanan: Gudanar da SPAM, gudanar da sharhi.
  3. Halacci: Yarda da yarda
  4. Sadarwar bayanan: Ba za a sanar da wasu bayanan ga wasu kamfanoni ba sai ta hanyar wajibcin doka.
  5. Ajiye bayanai: Bayanin yanar gizo wanda Occentus Networks (EU) suka dauki nauyi
  6. Hakkoki: A kowane lokaci zaka iyakance, dawo da share bayanan ka.

  1.   lux m

    Labari mai ban sha'awa, ya zama tilas ga kowane mai haɓakawa ..