Time-of-Check Time-of-Use (TOCTTOU) Attack
TOCTTOU attack ka matlab hota hai ki jab ek program ek file ya resource ko read ya write karta hai, tab us resource ke state mein kuch changes hote hai. Is attack mein ek attacker resource ko access karta hai aur usme unwanted changes karta hai, phir successful access ke baad bhi. Yeh bahut tricky hai kyunki kuch programs ko toh seekha diya jata hai ki woh user ki permission check karein, ya phir access ko ek time limit mein rakhein, lekin phir bhi kuch loopholes rehte hai jisse attacker ek loophole dhoond leta hai aur uska fayda uthata hai. Iske kuch examples hote hai jaise file read/write ka time gap, disk space low hona jisse kitna space remaining hai usse kya resource write karega, network connection already occupied hona. Yeh attacks bohat dangerous hote hai kyunki agar ek data mein even ek bhi unwanted change aa jaye toh wo sahi data nahi rahta aur uss data se kuch critical kaam bhi bigad jate hai. Isliye humein iss attack ke bare mein jaankari hona bahut zaruri hai.