You are the newly hired Network Security Administrator for UMESCo, a financial c

Question

You are the newly hired Network Security Administrator for UMESCo, a financial consulting company. This company has seven branch offices around the country, connecting to the primary office over L2TP/IPSEC VPN tunnels. There are one hundred employees at the main office, and an average of 25 at each remote office. All employees have access to FinanceWare, the antiquated and proprietary financial ERP system used by your company, via the SSH-based client installed locally on their Windows 8.1 desktops, running in a server/client environment. The system is maintained by the IT Department, and all IT personnel are located full-time at the main office where the FinanceWare system is housed. Recently, several of the senior staff have asked to access FinanceWare from their mobile devices or web browsers when on the road, or meeting with clients. The software is old, and does not have any sort of web or mobile interface whatsoever. The back-end product is a Microsoft SQL database, and the front end client application is unable to be modified. The Chief Information Officer (CIO) has stated that his Network and System Engineers will be making changes to the firewall to publish the FinanceWare system to an external public IP address, allowing any mobile or web-enabled devices with Internet access to log in from anywhere. Due to the age of FinanceWare, a custom interface will need to be created by a 3rd party vendor, as there are no on-staff software engineers at UMESCo and the software version owned does not support a user interface for mobile clients. The vendor has stated that they will need administrative access to the Application server in order to set up Microsoft IIS and configure the web server functionality to work with their newly-created web app that interfaces directly with the SQL database on the local server. The vendor has stated that their software will be Javascript based, heavy with SQL statements and use custom views for the security groups set up in SQL as the means of security. Note that the SQL based access will allow the users to have the same rights in the field that they have in the office based on their user login (read only or read/write). The CIO has asked you to prepare a report for him detailing what you consider to be potential security vulnerabilities with his new plan. You must: Identify what you consider to be potential security threats in the scenario above. Develop a plan that, by using the methods, tools and ideals covered in this course, integrates effective security and protection against the potential threats you have identified. I need as many vulnerabilities as possible

Explanation / Answer

The standard and the compiler don't generally think much about whether a record is .cpp or .h or .monkeyface. The ideas driving organizing your source code into usage and header records are truly quite recently acknowledged approaches to help deal with your source. In spite of this, not organizing your source in the acknowledged way is regularly thought to be off base or terrible C++.
All #include does is advise the preprocessor to incorporate the substance of the record you indicate in the present document. It resembles duplicating and gluing the other record into yours. When you say #include "foo.h", it just incorporates the substance of foo.h and couldn't care less about foo.cpp by any means - it doesn't realize that it exists (and there's no reason it needs to exist).
Organizing your source code in execution and header records is to a great degree valuable - it maintains a strategic distance from issues with conditions and various definitions, and furthermore enhances assemblage time fairly. At the point when your code utilizes another class, you just need to #include the header petition for that class. The reason is on account of your code doesn't have to think about the execution of the class, it simply has to comprehend what it would seem that (its name, individuals, base class, and so on.). It doesn't fret about how precisely the part capacities are executed.
The expansions .cpp and .h are only traditions. A few people like to utilize .hpp for header records. A few people even utilize .tpp for layout executions. You can name them anyway you like - yes, you can even incorporate a .txt record. Your compiler most likely tries to gather things about records (for instance, which dialect to assemble it as) from the document augmentation, however that is typically overrideable.
So if your main.cpp incorporates foo.h in light of the fact that it utilizes class foo, when does foo.cpp get included? All things considered, in the aggregation of main.cpp, it doesn't get included by any stretch of the imagination. main.cpp doesn't have to think about the execution of the class, as we talked about above. Nonetheless, when accumulating your whole program, you will pass each of your .cpp records to the compiler to be incorporated independently. That is, you would accomplish something like g++ main.cpp foo.cpp. At the point when foo.cpp is gathered, it will incorporate the headers that it needs to arrange.

Related Questions

Navigate

• Browse (All)
• Browse Y
• Subjects

Integrity-first tutoring: explanations and feedback only — we do not complete graded work. Learn more.