So i have the following code:
Session.create(uc.user);
Session.location = 'Dashboard';
switch (uc.user.user_type_id)
{
case 1:
$state.go('app.dashboard-v1');
break;
case 2:
$state.go('app.dashboard-v1');
break;
case 3:
$state.go('app.dashboard-v1');
break;
case 4:
$state.go('client.dashboard');
break;
case 5:
// break (external partner)
break;
}
This controls where the newly logged in user is redirected to.
If i use the HTML editor in google chrome (as an example) and insert the following line:
Session.create(uc.user);
Session.location = 'Dashboard';
uc.user.user_type_id = 4; // this line
switch (uc.user.user_type_id)
{
case 1:
$state.go('app.dashboard-v1');
break;
case 2:
$state.go('app.dashboard-v1');
break;
case 3:
$state.go('app.dashboard-v1');
break;
case 4:
$state.go('client.dashboard');
break;
case 5:
// break (external partner)
break;
}
Then i am able to "Crack" the redirection and allow my user to access some sensitive data.
My question is how do i avoid this?
It doesn't matter at all that how exactly you edit the Javascript... you must not send any sensitive information from the server to the client if the client is not authorised to access that data. If the data is already on the client and all that prevents the client from seeing it is a Javascript switch
statement, you have already lost. You can very well send the client some admin UI, but the actual data to fill in the blanks in that UI must only be sent after the client has properly authenticated with the server; and the client must not be allowed to execute any action on the server unless they're authorised by the server to do so.
Collected from the Internet
Please contact [email protected] to delete if infringement.
Comments