Update documentation
This commit is contained in:
Nanne Baars
Nanne Baars
@ -2,4 +2,4 @@
|
|||||||
|
|
||||||
You are logged in as Moe Stooge, CSO of Goat Hills Financial. You have access to everyone in the company's information,
|
You are logged in as Moe Stooge, CSO of Goat Hills Financial. You have access to everyone in the company's information,
|
||||||
except the CEO, Neville Bartholomew. Or at least you should not have access to the CEO's information. For this assignment,
|
except the CEO, Neville Bartholomew. Or at least you should not have access to the CEO's information. For this assignment,
|
||||||
examine the contents of the page to see what extra information you can find.
|
examine the page's contents to see what extra information you can find.
|
||||||
|
|||||||
@ -1,6 +1,6 @@
|
|||||||
== Client side filtering
|
== Client side filtering
|
||||||
|
|
||||||
It is always a good practice to send to the client only information which they are supposed
|
It is always a good practice to send only information to the client they are supposed
|
||||||
to have access to. In this lesson, too much information is being sent to the client, creating
|
to have access to. In this lesson, too much information is being sent to the client, creating
|
||||||
a serious access control problem. For this exercise, your mission is exploit the extraneous information being returned
|
a serious access control problem. For this exercise, your mission is to exploit the extraneous information returned
|
||||||
by the server to discover information to which you should not have access.
|
by the server to discover information to which you should not have access.
|
||||||
Reference in New Issue
Block a user