Time Of Check - Time Of Use
Time Of Check – Time Of Use (TOCTOU) is an extensive class of synchronization problems. Between the resource check and its use, there is always a time interval during which there may be a loss of access to a resource, a resource change, or a change in the state of a resource.
- Time of check (TOC) is the moment of a resource checking. Data coming into the application from the outside is considered "unsafe", because the external environment (the user of web site) can manipulate the input data. The application checks data and if they are correct, they are marked as "trusted". An example is the check of access to the file for the user.
- Time of use (TOU) is the moment when the application performs operations on the resource. For example, reading the contents of a file and outputting it to a user.
TOCTOU occurs when the application considers that the state of the resource has not changed since the time of its last check (TOC), and performs actions on the resource (TOU) considering it trusted. It may be incorrect.