PTracker: Dangerous to expose Project.Resources ?

antoan posted on Wednesday, September 27, 2006

In chapter 1 of the book it is discussed that we ought not to trust the UI/Controller Layer and that all should be validated in the Busness layer:

"You should assume that any code running on
those clients will run incorrectly or not at all; in other words, the client input must be completely
validated as it enters the domain of trust..." p7.

I was wondering if Project.Resources should be made publicly accsessible. My thinking is that it might be possible to subvert the application by calling Project.Resource.Add(ProjectResource badObject); with bad data?
Project.Resources.Add(invalidProjectResource) with a bad ProjectResource?

RockfordLhotka replied on Wednesday, September 27, 2006

That's an interesting point. Resources must be public or you couldn't create the UIs in PTWin or PTWeb. However, it may make sense to have a check during the add process to ensure that the child object being added is a valid child for the given project.

I imagine you could override InsertItem() and check to ensure that the child's project id value matches that of the collection's parent.

This is an edge case though, because it isn't possible for the UI to directly create a ProjectResource. The factory/constructor methods are non-public. So to make this mistake you'd need to maintain a reference to a pre-existing ProjectResource from some other project and then try to add it to a different project, or something along that line.