Imagine I have 2 objects. A 'user' object, responsible for handling user functionality, and a 'security' object, responsible for handling authorization and authentication.
I would like to hear pros and cons to my current belief of the following.
I have a method in the security object called 'canAccess'. You can pass it 2 optional arguments, a userID and a pageID. If no userID is passed, it infers the current user object's ID (which is tied to the session scope), and if no pageID is provided, it infers the current request object's page ID (which is tied to the request scope)
At first, I thought this might be a security risk, because code could pass a userID that did not belong to them, even though all this method does is determine if the user provided has Access rights to the page provided.
I've been thinking about this for quite some time, and my current belief is that this is OK as LONG as the method is not set for remote access (and it is not). My application supports installable 'modules' which others can code, plugs into my framework, and the pages in those modules could invoke this method and pass whatever user/page ID combo they want to it, but ultimately, it's up to the responsibility of the person who has the core application/framework to approve/inspect any modules they install.
Does this sound as if I am properly assessing the scalability of my object methods? Any concerns you can bring to light I haven't hit on?
2
Replies
AdChoices