This site is the archived OWASP Foundation Wiki and is no longer accepting Account Requests.
To view the new OWASP Foundation website, please visit https://owasp.org
Difference between revisions of "Fail securely"
From OWASP
m (Fail safely moved to Fail securely) |
|||
| Line 3: | Line 3: | ||
{{Template:Stub}} | {{Template:Stub}} | ||
| − | == | + | ==Overview== |
| + | |||
| + | Applications regularly fail to process transactions for many reasons. How they fail can determine if an application is secure or not. | ||
| + | |||
| + | For example: | ||
| + | |||
| + | isAdmin = true; | ||
| + | try { | ||
| + | codeWhichMayFail(); | ||
| + | isAdmin = isUserInRole( “Administrator” ); | ||
| + | } | ||
| + | catch (Exception ex) | ||
| + | { | ||
| + | log.write(ex.toString()); | ||
| + | } | ||
| + | |||
| + | If codeWhichMayFail() fails, the user is an admin by default. This is obviously a security risk. | ||
[[Category:Principle]] | [[Category:Principle]] | ||
Revision as of 14:51, 14 June 2006
This is a principle or a set of principles. To view all principles, please see the Principle Category page.
This article is a stub. You can help OWASP by expanding it or discussing it on its Talk page.
Overview
Applications regularly fail to process transactions for many reasons. How they fail can determine if an application is secure or not.
For example:
isAdmin = true;
try {
codeWhichMayFail();
isAdmin = isUserInRole( “Administrator” );
}
catch (Exception ex)
{
log.write(ex.toString());
}
If codeWhichMayFail() fails, the user is an admin by default. This is obviously a security risk.
