There’s a reason you pay for plastic shopping bags. It is to protect the environment. Durable shopping bags can be re-used, and don’t pollute our oceans and landfills.
Re-use is a good thing – and not just for the environment. We know that code re-use is important. And that also applies to data. If we have data that is used in many places, we only want to store it in one place and have one source.
That’s the same principle behind XML external entities (XEE). Unfortunately, there’s a potential security loop hole.
This is a very important question.
How do you know if something has gone wrong, or if your site has been compromised?
The answer is that, unless you are logging and monitoring events, you don’t know.
If you read about major data breaches, you’ll notice that often the data breach might have been going on for years. The companies only noticed it when someone complained.
According to a 2020 IBM Security study, companies in South Africa took on average 177 days to identify a data breach. That might not be years, but it is still way too late.