#33 Secure URL parameters

UI / Client
open-accepted
nobody
Users (6)
5
2009-05-20
2008-10-03
Anonymous
No

The server is not validating if a URL is coming from a user with the right permissions. A user with a customer role could modify the URLs to manipulate other customer's data.

Discussion

  • Emil Conde
    Emil Conde
    2009-05-20

    • status: open --> open-accepted