diff --git a/modules/board/board.controller.php b/modules/board/board.controller.php
index 981f38451..141bab621 100644
--- a/modules/board/board.controller.php
+++ b/modules/board/board.controller.php
@@ -289,6 +289,15 @@ class boardController extends board
 
 		$oDocumentModel = &getModel('document');
 		$oDocument = $oDocumentModel->getDocument($document_srl);
+		if (!$oDocument || !$oDocument->isExists())
+		{
+			throw new Rhymix\Framework\Exceptions\TargetNotFound;
+		}
+		if (!$oDocument->isGranted())
+		{
+			throw new Rhymix\Framework\Exceptions\NotPermitted;
+		}
+		
 		// check protect content
 		if($this->module_info->protect_content == 'Y' || $this->module_info->protect_delete_content == 'Y')
 		{
@@ -311,14 +320,10 @@ class boardController extends board
 		$oDocumentController = getController('document');
 		if($this->module_info->trash_use == 'Y')
 		{
-			// move the trash
-			if($oDocument->isGranted() === true)
+			$output = $oDocumentController->moveDocumentToTrash($oDocument);
+			if(!$output->toBool())
 			{
-				$output = $oDocumentController->moveDocumentToTrash($oDocument);
-				if(!$output->toBool())
-				{
-					return $output;
-				}
+				return $output;
 			}
 		}
 		else
@@ -536,7 +541,16 @@ class boardController extends board
 		}
 
 		$oCommentModel = getModel('comment');
-
+		$comment = $oCommentModel->getComment($comment_srl, $this->grant->manager);
+		if (!$comment || !$comment->isExists())
+		{
+			throw new Rhymix\Framework\Exceptions\TargetNotFound;
+		}
+		if (!$comment->isGranted())
+		{
+			throw new Rhymix\Framework\Exceptions\NotPermitted;
+		}
+		
 		if($this->module_info->protect_delete_comment === 'Y' && $this->grant->manager == false)
 		{
 			$childs = $oCommentModel->getChildComments($comment_srl);
@@ -545,7 +559,7 @@ class boardController extends board
 				throw new Rhymix\Framework\Exception('msg_board_delete_protect_comment');
 			}
 		}
-		$comment = $oCommentModel->getComment($comment_srl, $this->grant->manager);
+		
 		if($this->module_info->protect_comment_regdate > 0 && $this->grant->manager == false)
 		{
 			if($comment->get('regdate') < date('YmdHis', strtotime('-'.$this->module_info->protect_document_regdate.' day')))
diff --git a/modules/comment/comment.controller.php b/modules/comment/comment.controller.php
index 24abf5266..f60af2b09 100644
--- a/modules/comment/comment.controller.php
+++ b/modules/comment/comment.controller.php
@@ -896,6 +896,15 @@ class commentController extends comment
 		{
 			return new BaseObject(-1, 'msg_invalid_request');
 		}
+		$comment = getModel('comment')->getComment($obj->comment_srl);
+		if(!$comment->isExists())
+		{
+			return new BaseObject(-1, 'msg_not_founded');
+		}
+		if(!$is_admin && !$comment->isGranted())
+		{
+			return new BaseObject(-1, 'msg_not_permitted');
+		}
 		
 		// call a trigger (before)
 		$output = ModuleHandler::triggerCall('comment.deleteComment', 'before', $comment);
@@ -1184,6 +1193,14 @@ class commentController extends comment
 
 		$oCommentModel = getModel('comment');
 		$oComment = $oCommentModel->getComment($obj->comment_srl);
+		if(!$oComment->isExists())
+		{
+			return new BaseObject(-1, 'msg_not_founded');
+		}
+		if(!$oComment->isGranted())
+		{
+			return new BaseObject(-1, 'msg_not_permitted');
+		}
 
 		$oMemberModel = getModel('member');
 		$member_info = $oMemberModel->getMemberInfoByMemberSrl($oComment->get('member_srl'));