But there’s a better way: Make it impossible. We simply don’t have an endpoint to allow somebody to request another user’s information. The most secure code is the code that never got written.
What’s the Best Authorization Framework? None At All.
John Mileham
84

To write that it’s “impossible” to obtain another user’s information seems unlikely. But perhaps you’d like to elaborate.

At least in the case of nderground, user credentials are presented along with a data retrieval request. If the user doesn’t have permisson to see the data, the request will return nothing.

Unfortunately it is not “impossible” that a user could see data that they should not have access to. I’ve gone to a lot of trouble to avoid this and the entire architecture of nderground is designed to control access to data.

Unfortunately, is not “impossible” that someone could see data they should not. There could always be a software bug in existence or a bug that is introduced in the future. Test suites can help avoid this, but to write that unauthorized data access is “impossible” seems akin to writing “no one can hack our system”. Naive, at best.

Like what you read? Give nderground a round of applause.

From a quick cheer to a standing ovation, clap to show how much you enjoyed this story.