UCF STIG Viewer Logo
Changes are coming to https://stigviewer.com. Take our survey to help us understand your usage and how we can better serve you in the future.
Take Survey

The Designer will ensure the application does not store configuration and control files in the same directory as user data.


Overview

Finding ID Version Rule ID IA Controls Severity
V-6150 APP3060 SV-6150r1_rule DCPA-1 Medium
Description
Application code and data require two very different security requirements, authentication and authorization (especially in file access). Without proper authentication and authorization there is the potential for existing code to be changed. These changes in code can lead to a Denial of Service (DoS) attack or allow malicious code to be placed within the application. In addition, collocating application data and code complicates many issues such as backup, recovery, directory access privilege, and upgrades.
STIG Date
Application Security and Development STIG 2014-04-03

Details

Check Text ( C-3055r1_chk )
Ask the application representative or examine the application documentation to determine the location of the application code and data. Examine the directory where the application code is located.


1) If the application data is located in the same directory as the code, this is a finding.
Fix Text (F-16988r1_fix)
Separate the application data into a different directory than the application code.