A user has chosen to leverage WebISO to gather authenticated user information with our Single Sign On module rather than the traditional Active Directory/LDAP. They discovered that the URL query string exposed the user ID allowing someone to simply change it to another user ID, and access/change another user's information.
The solution to the problem is to use SSO and also Gateway HTTPuser parameter inside the form to get the credentials of the users trying to use the form.
PerfectForms Forums » General
Using WebISO with Single Sign On module
(1 post)-
Posted 1 year ago #
