J
Jon
Hello all.
Just after some help with handling page security.
I'm writing an app that has a number of companies. Each company has a number
of employees, standard stuff.
If I have a user who is a member of one company, they can request to see all
the that companie employees, however, if they hack they query string so that
the company ID is now not the company ID they belong to, they can see all the
employees for another company, bad!
How can this be stopped so that a ' Not enough Permissions' style error
occurs?
I'm using forms authentication and have set up the SiteIdentity and
SitePrincial objects.
I'm also interested in any kind of address encryption or masking.
Thanks all,
JY
Just after some help with handling page security.
I'm writing an app that has a number of companies. Each company has a number
of employees, standard stuff.
If I have a user who is a member of one company, they can request to see all
the that companie employees, however, if they hack they query string so that
the company ID is now not the company ID they belong to, they can see all the
employees for another company, bad!
How can this be stopped so that a ' Not enough Permissions' style error
occurs?
I'm using forms authentication and have set up the SiteIdentity and
SitePrincial objects.
I'm also interested in any kind of address encryption or masking.
Thanks all,
JY