https://wiki.owasp.org/api.php?action=feedcontributions&feedformat=atom&user=Yehohanan7OWASP - User contributions [en]2026-05-05T15:40:19ZUser contributionsMediaWiki 1.27.2https://wiki.owasp.org/index.php?title=User:Yehohanan7&diff=29699User:Yehohanan72008-05-22T14:07:45Z<p>Yehohanan7: /* Accidental leaking of sensitive information through data queries */</p>
<hr />
<div>== Access control enforced by presentation layer ==<br />
<br />
<br />
[[Definition:]] <br />
<br />
Enforcing access control in the presentation layer means that the developer does not show buttons and links for functions and assets that are not authorized for the user<br />
<br />
Example in our application:<br />
<br />
The payment button will be not shown in the payment page if the holiday is already booked.<br />
<br />
[[Attacks]]<br />
<br />
Forced Browsing<br />
<br />
<br />
[[Defense]]<br />
<br />
Access control must be performed in the business layer, not only the presentation layer.<br />
<br />
<br />
<br />
----<br />
<br />
<br />
== Accidental leaking of sensitive information through data queries ==<br />
<br />
[[SQL Injection]]</div>Yehohanan7https://wiki.owasp.org/index.php?title=User:Yehohanan7&diff=29689User:Yehohanan72008-05-22T09:32:03Z<p>Yehohanan7: </p>
<hr />
<div><br />
== Access control enforced by presentation layer ==<br />
<br />
<br />
[[Definition:]] <br />
<br />
Enforcing access control in the presentation layer means that the developer does not show buttons and links for functions and assets that are not authorized for the user<br />
<br />
Example in our application:<br />
<br />
The payment button will be not shown in the payment page if the holiday is already booked.<br />
<br />
[[Attacks]]<br />
<br />
Forced Browsing<br />
<br />
<br />
[[Defense]]<br />
<br />
Access control must be performed in the business layer, not only the presentation layer.<br />
<br />
<br />
<br />
----<br />
<br />
<br />
== Accidental leaking of sensitive information through data queries ==</div>Yehohanan7https://wiki.owasp.org/index.php?title=User:Yehohanan7&diff=29688User:Yehohanan72008-05-22T09:30:28Z<p>Yehohanan7: New page: Access control enforced by presentation layer Definition: Enforcing access control in the presentation layer means that the developer does not show buttons and links for functions ...</p>
<hr />
<div> Access control enforced by presentation layer<br />
<br />
Definition: <br />
<br />
Enforcing access control in the presentation layer means that the developer does not show buttons and links for functions and assets that are not authorized for the user<br />
<br />
Example in our application:<br />
<br />
The payment button will be not shown in the payment page if the holiday is already booked.<br />
<br />
Attacks<br />
<br />
Forced Browsing<br />
<br />
<br />
Defense<br />
<br />
Access control must be performed in the business layer, not only the presentation layer.<br />
<br />
<br />
<br />
Accidental leaking of sensitive information through data queries</div>Yehohanan7