• Post Reply Bookmark Topic Watch Topic
  • New Topic

Prevent URL Rewriting: Integrate File system & LDAP  RSS feed

 
amit bose
Greenhorn
Posts: 25
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
Hi All,

Prologue:
------------
There are two kinds of entities: Manager and Projects(each project has a monthly financial report)
One Manager might have access to one or more Project (and hence to their respective financial reports as well)
Manager is the User who will login to the application.


Context:
------------
Once the user logs in to the web application, he/she gets a link to the PDF report(s). On clicking the report a window opens showing the contents of the report.The PDF reports are stored somewhere in the Server file system.
e.g. folder structure could be like this:
Reports > Project1 > Report1_PROJ1.pdf
Reports > Project1 > Report2_PROJ1.pdf
Reports > Project2 > Report1_PROJ2.pdf and so on..


Problem:
------------
The user might tamper with the URL and change it to try to read other PDF's to which he/she is not authorized.
e.g. ManagerXXX is authorized to see only "Project2" reports.
Current URL:
http://server/filelocation/Reports/Project2/Report1_PROJ2.pdf
The Manger can modify this URL as:
http://server/filelocation/Reports/

Then he/she will see all the available Project Reports even if he/she is not authorized to do so.
Main problem here is that, once the URL has been tampered, the control does not return to the web application but directly goes to the file system relevant to the changed URL.

Already explored solutions:
-----------------------------
Javascript:
We do not show the address bar/status bar so no chance of URL tampering
The problem is that if the browser disabled Javascript then there is great security issue.


Possible solution:
---------------------
If it was possible to somehow integrate the file system and the LDAP. In such case the access rights to the user will be based on groups to which the user belongs in LDAP.
However, I am unable to get any material to get started on this approach.


Regards,
Amit
[ October 24, 2007: Message edited by: amit bose ]
 
William Brogden
Author and all-around good cowpoke
Rancher
Posts: 13078
6
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
The user might tamper with the URL and change it to try to read other PDF's to which he/she is not authorized.


As long as you are providing access directly to a PDF by a URL you are going to have this problem. Why don't you do access indirectly through a servlet? The servlet can be aware of users and authorizations - it can read the pdf from a directory that can't be accessed directly by URL.

Bill
 
  • Post Reply Bookmark Topic Watch Topic
  • New Topic
Boost this thread!