In this case, there was file a, which is the backend file responsible for intake and sanitation. Depending on what’s next, it might go on to file b or file c. He modified file a.
His rationale was that every single backend file should do sanitation, because at some future point someone might make a different project and take file b and pair it with some other intake code that didn’t sanitize.
I know all about client side being useless for meaningful security enforcement.
I have to say that is pretty dumb. I will agree the scenario isn’t completely implausible, but if someone who doesn’t know what they are doing is allowed to do something like that, they’re going to screw up other stuff too.
In this case, there was file a, which is the backend file responsible for intake and sanitation. Depending on what’s next, it might go on to file b or file c. He modified file a.
His rationale was that every single backend file should do sanitation, because at some future point someone might make a different project and take file b and pair it with some other intake code that didn’t sanitize.
I know all about client side being useless for meaningful security enforcement.
I have to say that is pretty dumb. I will agree the scenario isn’t completely implausible, but if someone who doesn’t know what they are doing is allowed to do something like that, they’re going to screw up other stuff too.