How will you handle Yahoo's recent authorization bug in your app?
This is with reference to http://thehackernews.com/2014/05/vulnerability-in-yahoo-websites-allows.html
Authentication normally has three steps:
1. Authenticating User : username, passwd verification i.e a valid yahoo user 2. Authorizing Action (role based access): whether user is allowed to perform the action i.e user is allowed to delete comments 3. Authorizing Entity : verify user owns the entity i.e user is allowed to delete only his comments.
How do you handle the third step in your application ?
1 comment
[ 0.26 ms ] story [ 10.6 ms ] thread