als-computing / splash-server

Server code for the Splash system.
Other
1 stars 4 forks source link

Flaw in team security #84

Closed J-avery32 closed 3 years ago

J-avery32 commented 3 years ago

Currently we check against the name of the team to make sure that the user is properly authenticated. However, it is possible for a user to create a team with the exact same name, thus allowing them to infiltrate another team. We should either make team names unique, or we should check against team uids.