Menu
The principle of "defense in depth" states that constraints should be enforced in multiple places, so that if a piece of data bypasses or slips through one layer, it is caught in the next. A good example is in a web app - you put validation in the client side javascript, in the server-side code (PHP/Ruby/ASP/whatever), and you put those rules in the database (e.g. foreign key constraints). That way, any data that gets past the Javascript validation gets caught by the server side. Any data that gets past the server validation is caught by database constraints.
However, this seems to violate the DRY (Don't Repeat Yourself) principle. Here you've got three places where the same validation rules are being repeated. I understand that there are ways to generate client side javascript such that it enforces server-side validation. My question is, how does one consolidate database constraints and server-side code? Is there any way to generate code such that it automatically enforces database constraints?
632
We've done this by making a single module the owner of the "security rules", then creating an AJAX interface for it as well, so that the server-side code calls it directly, then front-end UI components call the AJAX interface, but they're all talking to the same module. In this manner, the access rules are only ever in one place (the security module) and you still enforce the rules everywhere. This has an extra advantage of keeping the rules outside of the client-downloadable code.
155
If you love us? You can donate to us via Paypal or buy me a coffee so we can maintain and grow! Thank you!
Donate Us With
