Prompt
When implementing security measures, always err on the side of caution by making conservative assumptions about potential risks. This principle applies across multiple security contexts:
Taint Analysis: If there’s any execution path where data could become tainted, treat it as tainted. Use may-analysis approaches that assume the worst-case scenario rather than trying to prove safety.
Capability Restriction: Limit access rights to the absolute minimum necessary. Don’t pass unnecessary capabilities to callbacks or sub-components, even if they’re currently unused.
Resource Protection: Implement defensive measures like timeouts to prevent resource exhaustion, even in contexts where attacks seem unlikely.
Example from taint analysis:
def process_data(user_input):
try:
safe_data = validate(user_input)
result = process(safe_data)
except ValidationError:
result = user_input # This path taints result
# Treat result as tainted due to exception path
return sanitize(result)
This conservative approach helps prevent security vulnerabilities by assuming potential attack vectors exist rather than trying to prove they don’t.