Timeline for Is it ok to have validation layer before access control layer
Current License: CC BY-SA 4.0
4 events
| when toggle format | what | by | license | comment | |
|---|---|---|---|---|---|
| May 9, 2018 at 6:03 | audit | First posts | |||
| May 9, 2018 at 6:04 | |||||
| May 5, 2018 at 18:02 | comment | added | TomTom | That assumes answers are public. I dare saying a lot of API's will not even show you the data withou authentication. | |
| May 4, 2018 at 15:30 | comment | added | S.D. | This is the realistic answer. If its simple, straight input data structure validation, then there must be no qualms putting it first. It even protects Access control layer from specially designed inputs/packets. The validation that actually entails secure information leak or guessing, must be placed after access checks. | |
| May 4, 2018 at 12:29 | history | answered | Sebastian Redl | CC BY-SA 4.0 |