Ninja Snacks Tales From the Enterprise

Trusting Inputs, Via RESTa Via Nanciacum


All too often, security is treated as an afterthought in our models. I'm as guilty of this as anyone. :) Now that HTTP is becoming the most popular protocol inside the enterprise, sending bad data across the wire becomes much easier. A hidden input field is not all that hidden.

Let's take everyone's second favorite fake business problem: Enrolling Students in Classes. Let's take it further and say we want to develop this as a SaaS product. It'll need to be a multi tenant application. There are lots of independent community colleges (Institutions) out there and we don't want to run a VM or process per Institution.

Incomplete Commands


Recently a question came up in the CQRS chatroom on Jabbr: 

Here's the situation. New command comes in, They can sometimes be missing some info (for daft reasons), if it is missing info then I need to call off to an external api to get the info back. This external api is unreliable so it would be better to supply the information upfront if possible.