Application Security Testing: An Integral Part of DevOps
For those who are new to sockets programming or who've long ago forgotten the idiosyncrasies of byte ordering with sockets (as I had when I needed to know this last year), here's a primer on what byte ordering is, why it's needed, and terms such as little-endian, big-endian, network byte order, and host bye order.
The main benefit of the sockets programming interface is that it enables you to communicate with other systems over a network—regardless of their processor or operating system. The sockets programming interface is similar across modern operating systems; as a result, you might end up communicating with machines that interpret and store data in completely incompatible ways. For example, Intel and VAX machines store numeric values in least significant byte first order. This ordering of bytes is known as little-endian because the data is represented "little-end-first." On the other hand, workstations—such as most Unix workstations—store numeric with the most significant byte first—or big-endian for "big-end-first."
As an example, Table 1 shows the differences between representing the decimal value 256 would be seen in the hex display of a debugger in little-endian and big-endian formats.
Table 1—Formatting of the decimal value 256 in little-endian and big-endian.
For example, if you send the number 256 in big-endian format to another system that interprets numbers in little-endian format, the receiving system would misinterpret the number as decimal one instead of decimal 256.
Because of these differences, the Internet Protocol Suite defines two terms—network byte order and host byte order. Network byte order is a format where the most significant byte is first. Host byte order refers to the local machine's byte order. Note that the host byte order could be either little-endian or big-endian, depending on the local machine's processor (Intel, HP, Motorola, etc.) Also, the host order may or may not be the same as the network order. However, if there's the chance that your code could run on a different type of machine than the one you're developing on and to ensure that the data is interpreted correctly, you should always convert from host to network byte order when sending data and from network to host byte order when receiving data.
# # #