Question 1: We learned that when calling subprograms or functions that we can pass data to the subprogram or function by ‘value’ or by ‘reference’. Describe what each approach is, how it works and what the potential security disadvantage is when passing parameters by reference. An easy way to view the difference between pass by value and pass by reference is to use the explanation on (Stack Overflow, 2008). This is a great way to visualize the difference as well as the potential security issues. "Say I want to share a web page with you.
If I tell you the URL, I'm passing by reference. You can use that URL to see the same web page I can see. If that page is changed, we both see the changes. If you delete the URL, all you're doing is destroying
…show more content…
This means that the data you have is stale and can be misleading. In my research one way this can cause issues is with token or certificate authorities. Each certificate is passed by value and is a copy of the original. There is a program that evaluates them each time to ensure they are accurate. This causes some issues in that the data could be replicated or stale. Pass By Reference: References the address or location in memory where the data is associated with the argument. Changes made in the subprogram will be made to the data in the calling program as well. Potential Security Disadvantage:
If a hacker can gain access to the variable, they could potentially write a null and cause an error or denial of service. At the same time they could introduce a value that is not correct thus causing the program to report inaccurate values though the program is actually working. In this scenario, a hacker could attempt to change the value of their bank account balance thus tricking the bank into thinking they have more money then they really