Welcome to MSDN Blogs Sign in | Join | Help

Browse by Tags

All Tags » Authorization   (RSS)
Sorry, but there are no more tags available to filter with.

How To: Configure permissions in Out-of-the-box MOSS 2007 Approval Workflow such that “Approvers” cannot edit or delete the item to be approved

1. Consider a Microsoft Office SharePoint Server 2007 site that will be used as a “Document Approval System”. Certain users will be “Editors” and they will be able to upload documents for approval. Another set of users will be “Approvers”. These users Read More...
Posted Monday, August 04, 2008 12:01 PM by Varun Sharma | 3 Comments
Filed under:

Catch the Security Flaw #3

Quite a few web applications encrypt query string values. This is generally done as an added measure to prevent unauthorized access. Since the end user cannot chose a value and then encrypt it, changing parameters becomes difficult. But encryption is Read More...
Posted Monday, July 14, 2008 11:17 AM by Varun Sharma | 8 Comments

Common Authorization flaw in Web Applications: Why disabling buttons (or other controls) is not enough?

I have seen quite a few web applications that rely on disabling controls for authorization. Consider this code:- The scenario may be that the page has to be displayed in a read-only manner for certain roles, or after submission of some details but prior Read More...
Posted Tuesday, January 22, 2008 8:24 PM by Varun Sharma | 2 Comments
Filed under:

Common Authorization Vulnerability in Thick Client applications

Consider the following architecture for an intranet application. A thick client installed on the user’s machine connects to a web service which in turn connects to the database. The web service authenticates the caller using windows authentication. It Read More...
Posted Wednesday, October 31, 2007 12:55 PM by Varun Sharma | 0 Comments
Filed under:
 
Page view tracker