The current event-based approach for updating the backend from the client requires that the citationId for an added citation be generated on the client. If a bad actor generated malformed citationIds could it be a security risk, or otherwise destabilize the system?
Investigation is needed.
Some mitigation ideas if it is a problem, or just in case:
generated citationId is just for the duration of the session. The server actually generates its own citationId but stores the client-generated citationId so that it can interpret review updates during the session. On next load client gets the server-generated citationId. (Not sure if this is any more secure.)
server checks format of client-generated citationId, to ensure that it is scoped to the current form and question.
The current event-based approach for updating the backend from the client requires that the
citationId
for an added citation be generated on the client. If a bad actor generated malformedcitationId
s could it be a security risk, or otherwise destabilize the system?Investigation is needed.
Some mitigation ideas if it is a problem, or just in case:
citationId
is just for the duration of the session. The server actually generates its owncitationId
but stores the client-generatedcitationId
so that it can interpret review updates during the session. On next load client gets the server-generatedcitationId
. (Not sure if this is any more secure.)citationId
, to ensure that it is scoped to the current form and question.