17 lines
779 B
Plaintext
17 lines
779 B
Plaintext
==== Use secure APIs
|
|
|
|
Some frameworks provide a database abstraction layer that frees the developers
|
|
from sanitizing or writing prepared statements.
|
|
|
|
These provided APIs can be described as "secure by design". +
|
|
By providing a builder pattern with parameter binding behind the scenes,
|
|
`{secure_feature}` can be called "secure by design" as it adds
|
|
multiple layers of security to the code while keeping the codebase shorter.
|
|
|
|
*Note*: These types of APIs can also provide "raw" functions or equivalents. These
|
|
functions allow developers to create complex queries using the user-friendly
|
|
builder pattern. +
|
|
These methods should be considered unsafe and should not be used with untrusted
|
|
data.
|
|
For example, `{secure_feature}` exposes `{unsafe_function}` that is prone to injections.
|