Securing input of private / protected methods?
Posted
by ts
on Stack Overflow
See other posts from Stack Overflow
or by ts
Published on 2010-05-17T15:03:17Z
Indexed on
2010/05/17
20:00 UTC
Read the original article
Hit count: 212
Hello,
normally, all sane developers are trying to secure input of all public methods (casting to proper types, validating, sanitizing etc.)
My question is: are you in your code validating also parameters passed to protected / private methods? In my opinion it is not necessary, if you securize properly parameters of public methods and return values from outside (other classes, db, user input etc...).
But I am constantly facing frameworks and apps (ie. prestashop to name one) where validation is often repeated in method call, in method body and once again for securize returned value - which, I think, is creating performace overhead and is also a sign of bad design.
© Stack Overflow or respective owner