Results 1 to 10 of 13

Thread: WAF - Security approach question - pbRender

Threaded View

Previous Post Previous Post   Next Post Next Post
  1. #1
    Join Date
    Feb 2009
    Location
    Brazil
    Posts
    2,382

    Default WAF - Security approach question - pbRender

    Hi everybody

    I am developing the security layer of my webapp, based on user roles.. and I thought initially pbRender would be my friend..

    Planned to use it to hide options, controls, buttons, menu-itens, links, etc... from users, if they are not allowed to .... based in their roles.

    Visually, it works perfectly. but just found out that the control is actually sent client, and created in the DOM. An advanced and malicious user, can easily hack it (I am not one, and I could...), and access the control functionality I was trying to block.

    So. based on this.. What are our other options ?

    What have you guys used, besides pbRender, to block non-authorized functionality ?

    Examples:
    1. block a button from being clicked ?
    2. block a checkbox from being changed ?
    3. form or column from being visible, if it contains sensitive information ...

    etc ...

    For Data operations, (update, delete, Inserts) this will be covered at DD layer, so no big deal.. but for other stuff that does not involves data operations directly.. I thought pbRender would help me.. but I was wrong.

    Thanks in advance
    Last edited by Samuel Pizarro; 19-Dec-2019 at 02:03 PM.
    Samuel Pizarro

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •