Update documentation
This commit is contained in:
		| @ -2,4 +2,4 @@ | |||||||
|  |  | ||||||
| You are logged in as Moe Stooge, CSO of Goat Hills Financial. You have access to everyone in the company's information, | You are logged in as Moe Stooge, CSO of Goat Hills Financial. You have access to everyone in the company's information, | ||||||
| except the CEO, Neville Bartholomew.  Or at least you should not have access to the CEO's information. For this assignment, | except the CEO, Neville Bartholomew.  Or at least you should not have access to the CEO's information. For this assignment, | ||||||
| examine the contents of the page to see what extra information you can find. | examine the page's contents to see what extra information you can find. | ||||||
|  | |||||||
| @ -1,6 +1,6 @@ | |||||||
| == Client side filtering | == Client side filtering | ||||||
|  |  | ||||||
| It is always a good practice to send to the client only information which they are supposed | It is always a good practice to send only information to the client they are supposed | ||||||
| to have access to.  In this lesson, too much information is being sent to the client, creating | to have access to.  In this lesson, too much information is being sent to the client, creating | ||||||
| a serious access control problem. For this exercise, your mission is exploit the extraneous information being returned | a serious access control problem. For this exercise, your mission is to exploit the extraneous information returned | ||||||
| by the server to discover information to which you should not have access. | by the server to discover information to which you should not have access. | ||||||
|  | |||||||
		Reference in New Issue
	
	Block a user