aMail
Rules for secure programming
Taint checkings must be enabled in each script (-T switch)
All the code added to check security must me tagged ( # SEC: ) and a little explanation of the intended check must follow
The testing must be performed (and documented) for each security feature or correction made.
To clean the data a 'regular expression' must be used (WORK FURTHER ON THIS)
Use every function in aMail::Sec instead of its primitives (open, etc.)
Each variable that contains a path
MUST
contain the word path in its name (this makes easier the task to check for file names that can be attacked)
aMail
Rules for secure programming