User:Yehohanan7

Access control enforced by presentation layer
Definition:

Enforcing access control in the presentation layer means that the developer does not show buttons and links for functions and assets that are not authorized for the user

Example in our application:

The payment button will be not shown in the payment page if the holiday is already booked.

Attacks

Forced Browsing

Defense

Access control must be performed in the business layer, not only the presentation layer.

Accidental leaking of sensitive information through data queries
SQL Injection