Always preserve existing security constraints and validation mechanisms rather than weakening them for convenience or functionality. When modifying authentication, validation, or security-related code, ensure that the changes maintain or strengthen the security posture.
Always preserve existing security constraints and validation mechanisms rather than weakening them for convenience or functionality. When modifying authentication, validation, or security-related code, ensure that the changes maintain or strengthen the security posture.
Key principles:
Example from hash validation:
# Good: Maintain strict validation
known_hashes = {f["hash"] for f in package.files if f["file"] == archive.name}
if known_hashes and archive_hash not in known_hashes:
# Still fails for security when no known hashes exist
# Bad: Weakening the constraint
if archive_hash not in known_hashes: # Passes when known_hashes is empty
When in doubt about whether a security constraint is necessary, err on the side of maintaining it unless there’s clear evidence it’s safe to remove.
Enter the URL of a public GitHub repository