On 1/7/2013 8:43 AM, Flying-w wrote:
Probably not. Rule #1: The client computer is an environment not under your control. It can be hacked. It might /not/ be hacked, but that doesn't mean it /can't/ be hacked. The same goes for whatever Javascript is running on the client. Don't assume that any Javascript comes from a web browser environment, or that it even comes from a PC.I have a GWT application that among many things shows PDFs that are stored on the server side. I have a security related question, as described below.When a user logs in through a dialogue on the client side, I make a note of the userid they entered while processing the login on the server side. This is all done through the normal GWT RPC Infrastructure:
HttpSession session = getThreadLocalRequest().getSession();
session.setAttribute("USER", userId);
I have a separate servlet that is responsible for locating and delivering PDF content back to the browser when requested. When the user clicks a button in the GWT client, I open a new browser window and address the servlet to produce the desired PDF. A reference to the name of the PDF required is stored in a client side cookie (and transmitted in the HTTP request).
Window.open(GWT.getModuleBaseURL() + "Showpdf", "PDF Viewer", "");
The servlet needs to check whomever is making the request is authorised to view the PDF requested, and checks the user name stored in the HttpSession earlier:
HttpSession session = request.getSession();String user = (String)session.getAttribute("USER");// Do whatever is required to check the user can access the required PDF
Is this approach is safe from hacking?
This is a variant of a common technique for delivering low-value digital content.Is there a way the user name can be spoofed by a hacker to gain access to a PDF they are not authorised for? Is there another way of doing this?
The tradeoff is the value of the PDF vs. the strength of the safe in which the PDF is contained. If the PDF is {low value|cheap} and the safe is expensive, that's not a good tradeoff. If the PDF is
{expensive|valuable} than you might want to think of other delivery methods.
Cheers,
jec
No comments:
Post a Comment