This site is the archived OWASP Foundation Wiki and is no longer accepting Account Requests.
To view the new OWASP Foundation website, please visit https://owasp.org

Use encapsulation

From OWASP
Revision as of 13:15, 7 September 2008 by KirstenS (talk | contribs)

Jump to: navigation, search

This is a principle or a set of principles. To view all principles, please see the Principle Category page.

Last revision (mm/dd/yy): 09/7/2008


ASDR Table of Contents


Description

Draw strong boundaries among application elements, including modules, functions and data, to limit the impact of potential attacks.

Examples

  • Design
    • Separate internal administrator's functions from external users' functions
    • Differentiate between validated data and unvalidated data, between one user's data and another's, or between data users are allowed to see and data that they are not.
    • In a web browser ensure that your mobile code cannot be abused by other mobile code.
  • Implementation
    • Hide internal details of a class, including data and methods, using private access modifier.

Related Vulnerabilities


Related Controls


References

Retrieved from "https://wiki.owasp.org/index.php?title=Use_encapsulation&oldid=38748"