Hi, i want to know which are the main security issues that i must remember when i develop a file transfer program.
You're allowing a user to read and write files remotely. The main consideration is always going to be "who can read/write what?". You don't want someone being able to overwrite some important system file, or steal private data which they shouldn't have access to.
As a networked program, you need to consider the fact that you are passing potentially sensitive information across the wire. How are you going to stop people being able to gain access to this, or malicious inject data into it?
How do you authenticate users? How do you ensure that you are really talking to the host you think you are talking to and not somebody else pretending to be that host?
The final consideration is a general one, but what happens if you get it wrong? How do you minimize the potential damage that could be caused if you have a bug in any of the code enforcing your security model?
Since the question is very general, I will list some issues which you should get more insight in.
Software Security
- Buffer overflows
- Integer overflows
- ...(All the classic programming errors)
Network Security
- Transport security
Access control
- Who is allowed to do what with which objects in what case