8 lines
310 B
Markdown
8 lines
310 B
Markdown
|
|
||
|
## How to Prevent Access Control
|
||
|
|
||
|
- Do not rely on obfuscation alone
|
||
|
- Deny access by default
|
||
|
- Use single application-wide mechanism for enforcing access controls
|
||
|
- Make it mandatory for developers to declare access allowed for each resource
|
||
|
- Audit and test access controls to ensure they are working
|