logo

Data Access from Outside Expected Data Manager Component

Incomplete Base
Structure: Simple
Description

This weakness occurs when an application is designed to handle all data operations through a dedicated manager component (like a database layer), but code elsewhere bypasses it and accesses data directly.

Extended Description

A well-architected application centralizes data access through a specific component, such as a database abstraction layer or a service class. This design ensures consistency, security, and maintainability. When developers bypass this manager and write code that directly queries or manipulates data—for example, using raw SQL in a UI component or directly reading files in a business logic module—they violate the intended architecture. This creates a fragmented and unpredictable data access pattern. Bypassing the central data manager undermines reliability and security. It can lead to inconsistent data states, performance issues, and difficulties in maintaining or auditing data flows. More critically, if an attacker can reach this bypass code, it may expose vulnerabilities like SQL injection or data corruption that the central manager was designed to prevent, turning a design flaw into a potential security breach.
Common Consequences 1
Scope: Other

Impact: Reduce Reliability
References 1
Automated Source Code Reliability Measure (ASCRM)
Object Management Group (OMG)
01-2016
http://www.omg.org/spec/ASCRM/1.0/
ID: REF-961
Related Weaknesses
ChildOf: Insufficient Encapsulation (CWE-1061)
Taxonomy Mapping
  • OMG ASCRM