Home > other >  Bosses, this kind of scenario is belong to unauthorized operation?
Bosses, this kind of scenario is belong to unauthorized operation?

Time:09-16

We have a current page PDF derived form the public interface, data processing logic is the current page formatting to the background, the data table headers and rows of data it contains a list of pages, and then in the background of the PDF form eventually export, the background and don't have any to add and delete,
Now has two roles: the configuration character and business role, can be called the interface, and then I log in business role account, call this interface, and then remove the post request parameters, and then login account configuration role call this interface, intercept post request, then replace the role of the role of business data and configuration data, the export of PDF is contain business role data table,
This belong to unauthorized operations?

CodePudding user response:

Configuration role account itself have export authority, and export information data for the business role also calculate

Page link:https//www.codepudding.com/other/3849.html

Prev:26 years old female, average 2 electronic information, want to ask the software test fit or is suita
Next:Kali Linux update source, the correct password,
  • Related

About Us:  Contact Us      Terms of Service       Privacy Policy

Copyright © 2010-2023,Powered By CodePudding