I’ve been wondering about this for a while after reading through an interesting article a while ago (probably old news for some of you here) about a technique which one could use to introduce intrinsically hidden backdoors in compilers (article here). Another interesting article: (Did NSA Put a Secret Backdoor in New Encryption Standard?).
Which other methods can you think of that could threaten data security (in the broad sense) and could go unnoticed for a (very) long time?
I’m making this community wiki. Let the paranoia go!
This may not be a complicated one, but doing an assign operation instead of a comparison could be a big hole that’s easily overlooked:
if (userRole = "admin") { ... }instead of:
if (userRole == "admin") { ... }Lately, I’ve taken to putting my constant or literal as the first part of the conditional, like so:
if ("admin" == userRole) { ... }So that if I ever mess up the comparison operator, the code will bomb right then and there during testing, instead of silently giving the user “admin” privileges.