Hi All,
Prologue:
------------
There are two kinds of entities: Manager and Projects(each project has a monthly financial report)
One Manager might have access to one or more Project (and hence to their respective financial reports as well)
Manager is the User who will login to the application.
Context:
------------
Once the user logs in to the web application, he/she gets a link to the PDF report(s). On clicking the report a window opens showing the contents of the report.The PDF reports are stored somewhere in the Server file system.
e.g. folder structure could be like this:
Reports > Project1 > Report1_PROJ1.pdf
Reports > Project1 > Report2_PROJ1.pdf
Reports > Project2 > Report1_PROJ2.pdf and so on..
Problem:
------------
The user might tamper with the URL and change it to try to read other PDF's to which he/she is not authorized.
e.g. ManagerXXX is authorized to see only "Project2" reports.
Current URL:
http://server/filelocation/Reports/Project2/Report1_PROJ2.pdf The Manger can modify this URL as:
http://server/filelocation/Reports/ Then he/she will see all the available Project Reports even if he/she is not authorized to do so.
Main problem here is that, once the URL has been tampered, the control does not return to the web application but directly goes to the file system relevant to the changed URL.
Already explored solutions:
-----------------------------
Javascript:
We do not show the address bar/status bar so no chance of URL tampering
The problem is that if the browser disabled Javascript then there is great security issue.
Possible solution:
---------------------
If it was possible to somehow integrate the file system and the LDAP. In such case the access rights to the user will be based on groups to which the user belongs in LDAP.
However, I am unable to get any material to get started on this approach.
Regards,
Amit
[ October 24, 2007: Message edited by: amit bose ]