Most server usage would be as plugin (ISAPI, apache module or the like) to a standard webserver, which obviously shields a bit.
For webservers a thing that you can do is to create a CGI application, and then use the linux priviledge system to restrict access to the filesystem and even to certain syscalls. For example if you have a service that should never read any files, you can simply completely disable the open syscall. I can really recommend the talk from 37c3:
https://www.youtube.com/watch?v=TaE28fJVPTk Note that in this talk there are absolutely no assumptions about code quality, the code could have massive security vulnerabilities everywhere and it's solely on how to restrict access so an attacker can't do anything with that
But the problem is here you need to be really dedicated to this, both during development to have a clear picture on what functions are used and how you can restrict things, but also in the system administration to enforce these things.
So in a general project where you don't know who will work on the software and who will host this, it is not really widely applicable. Especially as soon as software goes "enterprise", you can't make many assumptions anymore on who works on which parts with what competences (as enterprise is designed to have everything easiely replacable).
But for personal projects I highly recommend doing something like this at least once, just to learn what you can do with your system.
Hello,
working with FPC or Delphi I found often these problems/mistakes with classes/objects: calling methods on nil objects; or, opposite, calling methods on destroyed, but not nil, objects.
Of course in the second case one could, and should, always use FreeAndNil. Although the compiler not prohibits simple Free, and not warns about it.
Are there other memory safety problems using classes?
Miscasts:
var
o: TObject;
begin
o := TStringList.Create;
TMemoryStream(o).WriteByte(42);
end.
Of course this is a constructed example, but you will often have to "downcast" data, e.g. to send data through a polymorphic interface (Application.QueueAsyncCall) or for storing in unspecified memory (e.g. Tag property of controls).
So a common mistake is when you put at some point some ohter data in there than expected and you then miscast
And generally as this topic also diverges a bit into advice for avoiding memory leaks, there is only one real way: Testing, testing and more testing. And use heaptrc (with keepreleased=true to detect use-after-free) or valgrind for your tests to detect memory errors.
We all hate to write tests but they are really useful.
Recent
