All Questions

2 questions

3votes

2answers

188views

Any obvious pitfalls of modeling access control policies using subject, scope, object?

Context A small web application with REST API and postgres as db, that has users, documents and teams. A user can do basic CRUD operations on document. A user is always a part of a team. A team is ...

iovo

asked Dec 7, 2022 at 13:44

2votes

0answers

146views

When using parameterized SQL queries, is there still any security issue with simply blindly accepting user input variables?

Suppose I have this: parameterized_database_call('SELECT * FROM widgets WHERE id = $1', $_GET['widget_id']); The SQL query is parameterized, as I've done for many years now. (I'm trying to repress ...

N. C.

asked Dec 1, 2020 at 11:15

Stack Exchange Network

All Questions

Any obvious pitfalls of modeling access control policies using subject, scope, object?

When using parameterized SQL queries, is there still any security issue with simply blindly accepting user input variables?

Hot Network Questions

All Questions

Related Tags