PENGIN PI! A CRM with the back bone of a feature light ERP system. Utilitarian in design, easy to extend, customize, and deploy. Made by a community, supported by Tobu Pengin.
GNU General Public License v3.0
9
stars
1
forks
source link
[TASK] client side, we need to remove sending of userID #420
Description
We need to be sure to remove all messenger js transmit of userID from the client side. Under no circumstances should we send the server client ID information from the client side run application. The client can easily spoof an alternate ID.
Details
[ ] Ensure we do not encapsulate and send userID from client side to server side
[ ] Ensure server side is not parsing out userID from a message or POST method, server side must always check the flask session or the database for valid information, never retrieve clientID from a restful message.
Additional context
deprecate or fix all transgressions of this policy enforcement
Description We need to be sure to remove all messenger js transmit of userID from the client side. Under no circumstances should we send the server client ID information from the client side run application. The client can easily spoof an alternate ID.
Details
Additional context deprecate or fix all transgressions of this policy enforcement