Difference between revisions of "Fix security issues correctly"
(Reverting to last version not containing links to www.textolocc4t.com)
|(One intermediate revision by one other user not shown)|
Latest revision as of 13:28, 27 May 2009
This is a principle or a set of principles. To view all principles, please see the Principle Category page.
Once a security issue has been identified, it is important to develop a test for it, and to understand the root cause of the issue. When design patterns are used, it is likely that the security issue is widespread amongst all code bases, so developing the right fix without introducing regressions is essential.
- A user has found that they can see another user’s balance by adjusting their cookie. The fix seems to be relatively straightforward, but as the cookie handling code is shared amongst all applications, a change to just one application will trickle through to all other applications. The fix must therefore be tested on all affected applications.