Question: For my question I have two samples of my code. I need to know what vulnerability I've got in each of them, how this could

For my question I have two samples of my code. I need to know what vulnerability I've got in each of them, how this could potentially be exploited by an attacker, as well as what fixes I could implement to fix it. Can you please include the fixes written in C?

Part one of code:

#include string.h #define BUFFER LENGTH 15 void chk permission(char *str) { char buf[BUFFER LENGTH]; int pass = 0; strcpy(buf,Buffer); if(strcmp(buf, savedPassword) == 0) //match found { pass = 1; } if(pass) { grant permission(); } } int main (int argc, char argv) { chk permission(argv[1]); }

part 2 of code: (Pretty sure this is vulnerable to sql injection attack, but please let me know if I am right)

public static void main( String args[] ) { try { //... Database connection created and established .... ...// String sql query = session.createQuery(SELECT * FROM accounts WHERE custID= + request.getParameter(id) + ); stmt.executeQuery(sql query); c.commit(); } catch ( Exception e ) { System.exit(0); } }

Step by Step Solution

There are 3 Steps involved in it

1 Expert Approved Answer

Step: 1 Unlock blur-text-image

Question Has Been Solved by an Expert!

Get step-by-step solutions from verified subject matter experts

Step: 2 Unlock

Step: 3 Unlock

Students Have Also Explored These Related Databases Questions!

from the following podcast pick one of the podcasts and briefly provide some thoughts on it in the context of the topic of leadership. PODCAST Support for this podcast and the following message comes...

Question: Analyze the actions of Ranbaxy Laboratories and US Food and Drug Administration (FDA) using the following concept 1. Leadership behavior 1. The assignment On the morning of Aug. 18, 2004,...

Are there are any errors in their data analysis with regard to the chosen tests and/or conclusions? Provide brief comments. 2) Based on the research objectives stated in the teams report, did the...

Please help me with Question 2! Language is python. Below is the question and code for question 2, as well as number one to reference. Any help is greatly appreciated! Thanks! Question 2 Code to...

the language to do out this code is python. Create a dictionary to count the number of words in the book. Use the stop_words_english to remove any stop words found in the book. Remove all...

HBR.ORG The Real Leadership Lessons of Steve Jobs Six months after Jobs's death, the author of his best-selling biography identifies the practices that every CEO can try to emulate. by Walter...

Confirming Pages C H A P T E R 19 Analyzing Information and Writing Reports Chapter Outline Using Your Time Efficiently Analyzing Data and Information for Reports Identifying the Source of the Data...

Help Needed! Please help me with Question 2! Language is python. Below is the question and code for question 2, as well as number one to reference. Any help is greatly appreciated! Thanks! Question 2...

Return Predictability along the Supply Chain F.AJ inancial Analysts Journal Volume 66 . Number 3 @2010 CFA Institute these two studies were based on the idea that the 2007, the last month for which...

Write a program that merges two lists. Let L1 = [1, 2, 3] and L2 = [10, 20, 30] be two lists. Write a program that merges L1 with L2. After the merge, contents of L1 will be: L1=[1, 2, 3, 10, 20 30]...

Question 3 What is wrong with the following orbital spin diagram? tt 1s O One arrow should be in the 1s and one arrow should be in the 1p. One arrow should be pointing up and one arrow should be...

Question 2 3 pts Which of the following events would make it more ibely that a company would call its outstanding callable bonds? Merket interest rates decliese aharple. Intarion increases...

Scenario: A Multi-national Corporation called The Globe has created a subsidiary called Thirst in an under-developed country called non-potable waters. This hosting country suffers from a severe...

a lack of management responsibility concerning ecological issues and the utilization of scarce resources.

a neglect of quality in relationship to international competitors;

full employment policies, and therefore lack of concern with negative appraisal, as salaries varied very little and there was no danger of unemployment;