DOCUMENT:Q318918 04-MAR-2002 [mspress] TITLE :Writing Secure Code Comments And Corrections PRODUCT :Microsoft Press PROD/VER:: OPER/SYS: KEYWORDS:kbdocfix kbdocerr ====================================================================== ------------------------------------------------------------------------------- The information in this article applies to: - MSPRESS Writing Secure Code ISBN 0-7356-1588-8 ------------------------------------------------------------------------------- SUMMARY ======= This article contains comments, corrections, and information about known errors relating to the Microsoft Press book Writing Secure Code, ISBN 0-7356-1588-8. The following topics are covered: - Page 179: Error In Note - Page 267: NLTM Should Be NTLM - Page 283: Incorrect Overall Chances Statement - Page 327: Error In Code Sample - Page 345: Missing Statement - Page 365: Missing F In Code Sample - Page 385: Process.exe Should Be Program.exe - Page 394: Error In First Paragraph - Page 424: 2 Should Be 3 MORE INFORMATION ================ Page 179: Error In Note ----------------------- There is an error on the second line of the note on page 179. Change: "...regardless of encryption algorithm," To: "...regardless of symmetric encryption algorithm," Page 267: NLTM Should Be NTLM ----------------------------- On page 267, in the 4th line in the Kerberos Support section, change: "...and NLTM authenticates..." To: "...and NTLM authenticates..." Page 283: Incorrect Overall Chances Statement --------------------------------------------- On page 283, in line 12, change: "...is given by (0.9999)^3000, which is approximately..." To: "...is given by (1-0.9999)^3000, which is approximately..." Page 327: Error In Code Sample ------------------------------ There is an error in the code sample on page 327. There is a lower case S which should be capitalized. Change: printf(?MultiByteToWideChar() returned ? ?%s (%d) wide characters\n", wszResult, iRes); To: printf(?MultiByteToWideChar() returned ? ?%S (%d) wide characters\n", wszResult, iRes); Page 345: Missing Statement --------------------------- There is a statement missing from the first paragraph on page 345. Add the following section just above the Note box: "If you must create your own -GS handler, do not throw an exception, and that includes calling DebugBreak, which also throws an exception. This is because the exception address is on the stack and may be overwritten by the vulnerable code." Page 365: Missing F In Code Sample ---------------------------------- There is an error in the first line of the code sample on page 365. Change: #define MAX_BUF (128)" To: #define MAX_BUFF (128)" Page 385: Process.exe Should Be Program.exe ------------------------------------------- The second paragraph on page 385 contains an error. Change: "The following simple Perl script creates a file named File.txt which is read by Process.exe." To: "The following simple Perl script creates a file named File.txt which is read by Program.exe." Page 394: Error In First Paragraph ---------------------------------- There is an error in the first paragraph on page 394. Change: "For example, &{alert('document.cookie');}" To: "For example, &{alert(document.cookie)};" Page 424: 2 Should Be 3 ----------------------- On page 424, in the statement just above the code sample, change: "...that meet requirements 1 and 2:" To: "...that meet requirements 1 and 3:" Microsoft Press is committed to providing informative and accurate books. All comments and corrections listed above are ready for inclusion in future printings of this book. If you have a later printing of this book, it may already contain most or all of the above corrections. Additional query words: DEVBOOK 0-7356-1588-8 LEBLANC ====================================================================== Keywords : kbdocfix kbdocerr Version : : Issue type : kbinfo ============================================================================= THE INFORMATION PROVIDED IN THE MICROSOFT KNOWLEDGE BASE IS PROVIDED "AS IS" WITHOUT WARRANTY OF ANY KIND. MICROSOFT DISCLAIMS ALL WARRANTIES, EITHER EXPRESS OR IMPLIED, INCLUDING THE WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE. IN NO EVENT SHALL MICROSOFT CORPORATION OR ITS SUPPLIERS BE LIABLE FOR ANY DAMAGES WHATSOEVER INCLUDING DIRECT, INDIRECT, INCIDENTAL, CONSEQUENTIAL, LOSS OF BUSINESS PROFITS OR SPECIAL DAMAGES, EVEN IF MICROSOFT CORPORATION OR ITS SUPPLIERS HAVE BEEN ADVISED OF THE POSSIBILITY OF SUCH DAMAGES. SOME STATES DO NOT ALLOW THE EXCLUSION OR LIMITATION OF LIABILITY FOR CONSEQUENTIAL OR INCIDENTAL DAMAGES SO THE FOREGOING LIMITATION MAY NOT APPLY. Copyright Microsoft Corporation 2002.