Securing input of private / protected methods?

Posted by ts on Stack Overflow See other posts from Stack Overflow or by ts
Published on 2010-05-17T15:03:17Z Indexed on 2010/05/17 20:00 UTC
Read the original article Hit count: 212

Hello,

normally, all sane developers are trying to secure input of all public methods (casting to proper types, validating, sanitizing etc.)

My question is: are you in your code validating also parameters passed to protected / private methods? In my opinion it is not necessary, if you securize properly parameters of public methods and return values from outside (other classes, db, user input etc...).

But I am constantly facing frameworks and apps (ie. prestashop to name one) where validation is often repeated in method call, in method body and once again for securize returned value - which, I think, is creating performace overhead and is also a sign of bad design.

© Stack Overflow or respective owner

Related posts about security

Related posts about best-practices