It's more of a concept than a technical example. But to try to be a little more specific, I've recently been working on a system that manages compliance on individual machines. "Compliance" is a concept that is derived from many different factors. If the device doesn't have updated antivirus files, or if it's outside its acceptable geographic area, or if it's not encrypted, or if many other factors - it's noncompliant.
But when you look at the API for the software, there's a PUT /v1/device/{id} endpoint that allows you to update - directly - the "compliant" true/false value. But that makes no sense. You shouldn't be able to just set a device to be "compliant". It should be calculated to be compliant (or non-compliant) based on all the other factors.
For further actions, you may consider blocking this person and/or reporting abuse
We're a place where coders share, stay up-to-date and grow their careers.
It's more of a concept than a technical example. But to try to be a little more specific, I've recently been working on a system that manages compliance on individual machines. "Compliance" is a concept that is derived from many different factors. If the device doesn't have updated antivirus files, or if it's outside its acceptable geographic area, or if it's not encrypted, or if many other factors - it's noncompliant.
But when you look at the API for the software, there's a
PUT /v1/device/{id}
endpoint that allows you to update - directly - the "compliant"true/false
value. But that makes no sense. You shouldn't be able to just set a device to be "compliant". It should be calculated to be compliant (or non-compliant) based on all the other factors.