Menu Search Sign up

Fail Safe

The principle of fail safe means that if a system fails, it should fail to a state where the security of the system and its data are not compromised.

In one of the web app code that I inspected, the http request parameter for “app-type” is an http header added by the infrastrcture to notify the application where the user’s source IP is from: domestic or international, with domestic users able to view less restrictive content than international users.

However, in the application, the default value for “app-type” is set to be “DOM” for domestic. This goes against the security principle of “fail safe”, which requires that if a system fails, it should fail to a state where the security of the system and its data are not compromised.

              private final String DEFAULT_ORIGIN = "DOM";

              if (origin == null || origin.equals("")) {

                     origin = DEFAULT_ORIGIN;

              }

              else {

                     // validation on origin

                     if ( !origin.equals("DOM") && !origin.equals("INT") ) {

                           origin = DEFAULT_ORIGIN;

                     }

              }