Skip to main content
Information Security

Return to Answer

Commonmark migration
Source Link
Community Bot
Community Bot
  • 1

Do not use user input

#Do not use user input (because you camnot trust it)

This answer extends the accepted with what looks to me a significant simplification.

Now, from your description and from my best understanding, you have said that you want to prevent Sales Agent A (namely 12345) to peek into Sales Agent B's (namely 54321) data.

Simply, kill the agentId parameter from the query string and get it from the session

The URL becomes https://example.org/show_order.php

Internally, the application must extract the sales agent id from the principal stored within the session. I am excessively rusty in PHP so I will use pseudo code

SELECT * FROM sales where salesman_id = ?1; [1 = getPrincipalSalesId()]

This query will simply ignore everything that comes from the client. It does not require modifications to the persistence layer. It doesn't even require implementing RBAC (role-based access control), but everything is about that function getPrincipalSalesId.

It's basically the same code you use to generate the URL, but this time you hammer that value into the query, making it implicit.

#Do not use user input (because you camnot trust it)

This answer extends the accepted with what looks to me a significant simplification.

Now, from your description and from my best understanding, you have said that you want to prevent Sales Agent A (namely 12345) to peek into Sales Agent B's (namely 54321) data.

Simply, kill the agentId parameter from the query string and get it from the session

The URL becomes https://example.org/show_order.php

Internally, the application must extract the sales agent id from the principal stored within the session. I am excessively rusty in PHP so I will use pseudo code

SELECT * FROM sales where salesman_id = ?1; [1 = getPrincipalSalesId()]

This query will simply ignore everything that comes from the client. It does not require modifications to the persistence layer. It doesn't even require implementing RBAC (role-based access control), but everything is about that function getPrincipalSalesId.

It's basically the same code you use to generate the URL, but this time you hammer that value into the query, making it implicit.

Do not use user input

(because you camnot trust it)

This answer extends the accepted with what looks to me a significant simplification.

Now, from your description and from my best understanding, you have said that you want to prevent Sales Agent A (namely 12345) to peek into Sales Agent B's (namely 54321) data.

Simply, kill the agentId parameter from the query string and get it from the session

The URL becomes https://example.org/show_order.php

Internally, the application must extract the sales agent id from the principal stored within the session. I am excessively rusty in PHP so I will use pseudo code

SELECT * FROM sales where salesman_id = ?1; [1 = getPrincipalSalesId()]

This query will simply ignore everything that comes from the client. It does not require modifications to the persistence layer. It doesn't even require implementing RBAC (role-based access control), but everything is about that function getPrincipalSalesId.

It's basically the same code you use to generate the URL, but this time you hammer that value into the query, making it implicit.

Source Link
usr-local-ΕΨΗΕΛΩΝ
usr-local-ΕΨΗΕΛΩΝ
  • 5.4k
  • 3
  • 21
  • 37

#Do not use user input (because you camnot trust it)

This answer extends the accepted with what looks to me a significant simplification.

Now, from your description and from my best understanding, you have said that you want to prevent Sales Agent A (namely 12345) to peek into Sales Agent B's (namely 54321) data.

Simply, kill the agentId parameter from the query string and get it from the session

The URL becomes https://example.org/show_order.php

Internally, the application must extract the sales agent id from the principal stored within the session. I am excessively rusty in PHP so I will use pseudo code

SELECT * FROM sales where salesman_id = ?1; [1 = getPrincipalSalesId()]

This query will simply ignore everything that comes from the client. It does not require modifications to the persistence layer. It doesn't even require implementing RBAC (role-based access control), but everything is about that function getPrincipalSalesId.

It's basically the same code you use to generate the URL, but this time you hammer that value into the query, making it implicit.