Side effects are generally unintended consequences of a function or program. These unintended consequences can be good or bad. In general, side effects are considered bad because they can make it difficult to reason about the behavior of a program and can lead to inconsistent behavior.
From a security perspective, side effects can be used to bypass security controls.
For example, a function that is supposed to login a user may improperly
sanitize the input prior to validation. This can lead to a vulnerability where
an attacker can bypass the password check via SQL injection. The attacker
could use a username value that contains SQL code that bypasses the password
check in the where
clause of the query.
1select user.* from users where username = 'admin \'--' and password = 'password'