The Author Online Book Forums are Moving

The Author Online Book Forums will soon redirect to Manning's liveBook and liveVideo. All book forum content will migrate to liveBook's discussion forum and all video forum content will migrate to liveVideo. Log in to liveBook or liveVideo with your Manning credentials to join the discussion!

Thank you for your engagement in the AoF over the years! We look forward to offering you a more enhanced forum experience.

452930 (1) [Avatar] Offline

From my POV, intro example about User class may look confusing for both application security professionals and developers who is novice to security:

1) Both solutions fall short in terms of security.
2) Design-centric solution provide little (if any) benefit for security.

Neither solution demonstrate correct approach to fix XSS. So it will cause questions from security experts and give wrong guidance for novices (like data validation is a proper way to fix injection flaws).

Moreover, it leaves evident questions without answer: what if Username is allowed to contain symbols that may become dangerous in an output contexts. Or imagine, someone needs to add Email field into User class (which is obviously allowed to contain <> signs). Or if User object needs to be put into lexical context, where another injection flaws are possible (SQL, URL, LDAP, etc.).

I do believe that secure by design approach is right way to go but for me this example fails to demonstrate this.