This site is the archived OWASP Foundation Wiki and is no longer accepting Account Requests.
To view the new OWASP Foundation website, please visit https://owasp.org
Difference between revisions of "Use encapsulation"
From OWASP
Weilin Zhong (talk | contribs) |
|||
| (5 intermediate revisions by 3 users not shown) | |||
| Line 1: | Line 1: | ||
{{Template:Principle}} | {{Template:Principle}} | ||
| + | |||
| + | Last revision (mm/dd/yy): '''{{REVISIONMONTH}}/{{REVISIONDAY}}/{{REVISIONYEAR}}''' | ||
| + | |||
| + | <br> | ||
| + | [[Category:OWASP ASDR Project]] | ||
| + | |||
==Description== | ==Description== | ||
| Line 6: | Line 12: | ||
==Examples == | ==Examples == | ||
| − | * Design | + | * Design |
| − | * Implementation | + | ** Separate internal administrator's functions from external users' functions |
| + | ** Differentiate between validated data and unvalidated data, between one user's data and another's, or between data users are allowed to see and data that they are not. | ||
| + | ** In a web browser ensure that your mobile code cannot be abused by other mobile code. | ||
| + | * Implementation | ||
| + | ** Hide internal details of a class, including data and methods, using private access modifier. | ||
| + | |||
| + | ==Related [[Vulnerabilities]]== | ||
| + | |||
| + | * [[Vulnerability 1]] | ||
| + | * [[Vulnerabiltiy 2]] | ||
| + | |||
| + | |||
| + | ==Related [[Controls]]== | ||
| − | + | * [[Controls 1]] | |
| + | * [[Controls 2]] | ||
| − | |||
| − | == | + | ==References== |
| − | + | * http://www.link1.com | |
| + | * [http://www.link2.com Title for the link2] | ||
| − | |||
| − | + | __NOTOC__ | |
| − | + | [[Category:Principle]] | |
Latest revision as of 12:44, 7 April 2009
This is a principle or a set of principles. To view all principles, please see the Principle Category page.
Last revision (mm/dd/yy): 04/7/2009
Description
Draw strong boundaries among application elements, including modules, functions and data, to limit the impact of potential attacks.
Examples
- Design
- Separate internal administrator's functions from external users' functions
- Differentiate between validated data and unvalidated data, between one user's data and another's, or between data users are allowed to see and data that they are not.
- In a web browser ensure that your mobile code cannot be abused by other mobile code.
- Implementation
- Hide internal details of a class, including data and methods, using private access modifier.
Related Vulnerabilities
Related Controls
