rspec/rules/S4834/ask-yourself.adoc

== Ask Yourself Whether

* Granted permission to an entity (user, application) allow access to information or functionalities not needed by this entity.
* Privileges are easily acquired (eg: based on the location of the user, type of device used, defined by third parties, does not require approval ...). 
* Inherited permission, default permission, no privileges (eg: anonymous user) is authorized to access to a protected resource.

There is a risk if you answered yes to any of those questions.
Add rules 4000-4999 2020-06-30 12:49:37 +02:00			`== Ask Yourself Whether`

			`* Granted permission to an entity (user, application) allow access to information or functionalities not needed by this entity.`
			`* Privileges are easily acquired (eg: based on the location of the user, type of device used, defined by third parties, does not require approval ...).`
			`* Inherited permission, default permission, no privileges (eg: anonymous user) is authorized to access to a protected resource.`

			`There is a risk if you answered yes to any of those questions.`