[mr_cyborg]

> I tell everyone the same thing about access control. Don't check access.

This caught my eye and I’m dying to know more - could you elaborate or point me to a good resource on this? My team has been dealing with some issues related to this recently.

[rascul]

It may be in reference to TOCTOU. [0] If you check that you can access a resource before you access that resource, you have implemented a race condition where you could potentially lose access to the resource in between the check and access attempt. It's probably not an issue if you have proper error handling, but it seems common to check that access is allowed then assume the resource will still be accessible later, without handling errors for when it's not.

[0] https://en.wikipedia.org/wiki/Time-of-check_to_time-of-use

[mr_cyborg]

Thank you so much for sharing this!