Karlos Posted February 13, 2009 Share Posted February 13, 2009 Well me and Eternal are having a conversation on MSN and he is saying %u in a sprintf() is insecure. But i always believed it was secure. I am still adamant that %u is secure but I'm posting here so when can discuss it and also other can share their input. But as far as I know and learnt %u is secure... Anyone care to share info? Quote Link to comment Share on other sites More sharing options...
Eternal Posted February 13, 2009 Share Posted February 13, 2009 Re: sprintf() Query.. I may be wrong a little. But i think i was in another convo with some coder non mccode related. Where we was talking about how sprinf and its variables Can be insecure. Quote Link to comment Share on other sites More sharing options...
Floydian Posted February 13, 2009 Share Posted February 13, 2009 Re: sprintf() Query.. It's neither secure or insecure. The governing factor here is context. An unsigned integer has benefits for sure but consider this: you have a script where you buy an item in quantity. You pass in the item id and the quantity. The script calculates total cost, checks if you have enough, and then subtracts that amount. For brevity, let's skip ahead of some of the preliminaries and get to the meat of the script. /* Posted vars: $item_id $quantity Result from query: $cost $users_money */ $total_cost = $quantity * $cost; if ($users_money < $total_cost) { die('not enough cash'); } else { mysql_query(sprintf('update users set money = money - %u where userid = %d', $total_cost, $userid); } What could be the problem here? What if the quantity the person put in was negative? $total_cost would then be a negative number. The user would presumably always have more cash than a negative amount. Therefore, in this context, the code, holistically, is insecure. Definition of holistic: specifically definition #2 There is however nothing wrong with the sprintf function call or the params passed into it. The problem, potentially, is blindly relying on a single portion of code to provide security to the whole. It just doesn't work that way I'm afraid. Quote Link to comment Share on other sites More sharing options...
Karlos Posted February 13, 2009 Author Share Posted February 13, 2009 Re: sprintf() Query.. So okay, it's not secure but neither insecure. I can understand that. I never rely on 1 part of a code to secure, you have to go through the whole thing. So the idea is that it's better to use %d because it's a signed integer so the user the person puts in will be above 0 and I'm also guessing that none of the params are secure or insecure? Quote Link to comment Share on other sites More sharing options...
AlabamaHit Posted February 13, 2009 Share Posted February 13, 2009 Re: sprintf() Query.. basically its not to "secure" its to "verify" the sent data. It is safer to use sprintf rather than not. Quote Link to comment Share on other sites More sharing options...
Karlos Posted February 13, 2009 Author Share Posted February 13, 2009 Re: sprintf() Query.. No offence meant to be intended here, but I gathered that really. Quote Link to comment Share on other sites More sharing options...
AlabamaHit Posted February 13, 2009 Share Posted February 13, 2009 Re: sprintf() Query.. no offense taken. Then I don't understand what you want to know? lol Explain what it is u want to know? No one can tell you when its better for you to use a signed or unsigned. on your game. "coding". becase we have no idea what is behind everything. For example %u is fine if you aleady change certain varibles..... Best thing would be to read up on it a few more times. I'm sure you will get it. just try to get what the varibles do... Quote Link to comment Share on other sites More sharing options...
Floydian Posted February 14, 2009 Share Posted February 14, 2009 Re: sprintf() Query.. So the idea is that it's better to use %d because it's a signed integer so the user the person puts in will be above 0 [sNIPPED] A signed integer can be positive or negative. %u -- an unsigned integer, is always positive. It doesn't matter if you use %d or %u. Neither one is better or worse, secure, or insecure. Again, what matters is larger than the subtle distinctions between sprintf's formatters. Here's what most people seem to miss: sprintf() is used to format a string. That's it. It's not magic; it's not Fort Knox; it just formats a string. Quote Link to comment Share on other sites More sharing options...
Guest Anonymous Posted February 17, 2009 Share Posted February 17, 2009 Re: sprintf() Query.. .... %u -- an unsigned integer, is always positive. It doesn't matter if you use %d or %u. Best check the source to sprintf to verify that statement... You might be surprised Quote Link to comment Share on other sites More sharing options...
Karlos Posted February 17, 2009 Author Share Posted February 17, 2009 Re: sprintf() Query.. To clarify are you talking about "It doesn't matter if you use %d or %u." that part in particular? Quote Link to comment Share on other sites More sharing options...
POG1 Posted February 17, 2009 Share Posted February 17, 2009 Re: sprintf() Query.. string print format It does exactly what it says on the tin :) Quote Link to comment Share on other sites More sharing options...
Floydian Posted February 17, 2009 Share Posted February 17, 2009 Re: sprintf() Query.. .... %u -- an unsigned integer' date=' is always positive. It doesn't matter if you use %d or %u.[/quote'] Best check the source to sprintf to verify that statement... You might be surprised I don't know C++ unfortunately. But the manual does say: "u - the argument is treated as an integer, and presented as an unsigned decimal number. " I'll amend what I said previously and replace it with that. Quote Link to comment Share on other sites More sharing options...
Recommended Posts
Join the conversation
You can post now and register later. If you have an account, sign in now to post with your account.