The “depth protection” principle states that restrictions must be implemented in several places, so if part of the data goes around or slips through one layer, it falls into the next. A good example - in a web application - you put the check on the JavaScript side of the client, in the server code (PHP / Ruby / ASP / whatever), and you put these rules into the database (for example, foreign key restrictions). Thus, any data that passes the Javascript validation gets to the server side. Any data that has passed server verification is subject to database restrictions.
However, this seems to violate the principle of DRY (Do not Repeat Yourself). Here you have three places where the same validation rules are repeated. I understand that there are ways to generate client-side javascript so that it provides server-side validation. My question is: how to consolidate database restrictions and server side code? Is there a way to generate code so that it automatically applies database restrictions?
source
share