The current event-based approach for updating the backend from the client requires that the citationId for an added citation be generated on the client. If a bad actor generated malformed citationIds could it be a security risk, or otherwise destabilize the system?
Investigation is needed.
Some mitigation ideas if it is a problem, or just in case:
generated citationId is just for the duration of the session. The server actually generates its own citationId but stores the client-generated citationId so that it can interpret review updates during the session. On next load client gets the server-generated citationId. (Not sure if this is any more secure.)
server checks format of client-generated citationId, to ensure that it is scoped to the current form and question.
The current event-based approach for updating the backend from the client requires that the
citationIdfor an added citation be generated on the client. If a bad actor generated malformedcitationIds could it be a security risk, or otherwise destabilize the system?Investigation is needed.
Some mitigation ideas if it is a problem, or just in case:
citationIdis just for the duration of the session. The server actually generates its owncitationIdbut stores the client-generatedcitationIdso that it can interpret review updates during the session. On next load client gets the server-generatedcitationId. (Not sure if this is any more secure.)citationId, to ensure that it is scoped to the current form and question.