Open jaedoucette opened 4 years ago
We are able to get a complete, unencrypted list of everyone in a production database, without even signing up for an account.
Therefore, this but is a high priority security issue, because our clients want that data to be encrypted.
Possible solution: have riff-server authenticate against our firebase server or LTI.
The authentication process used by riffplatform & RiffEDU, in both our testing and production environments appears to leak credentials to any user smart enough to check for them.
After obtaining these credentials, a malicious user could perform arbitrary operations on any Riff-server instance that uses the same credentials. For example, they could retrieve a list of all users, and delete them one by one from the system. Or they could add arbitrary data to any table (e.g. fake utterances, fake users, fake meetings).
Steps to Reproduce
Riffplatform:
RiffEDU:
Expected behavior
Possible Solutions
Acceptance Criteria
The most critical API changes to patch the main security risk have been completed and are documented in story #251.
Spike Acceptance Criteria
The goal of this spike it to have enough information to know how to prioritize the proposed solution(s), based on their complexity, size and benefit of the work.
Context
New Security Issues.
Site the bug occurred on:
All tested environments.
Desktop (please complete the following information):
Tested with Chrome.