Apex Code Development You need to sign in to do that
Don't have an account?
Sahil Bansal 7 Security Review Issues : Canvas App
Hi Folks,
We have built a managed package containing the canvas app that uses "Signed Request". The canvas app is further rendered on a vf page using <apex:canvasApp> tag.
But the package didn't pass the security review with the following errors at "HTTPS" URLs:
I also tried running BURP but no success
Can anyone help to resolve or replicate these reported issues?
We have built a managed package containing the canvas app that uses "Signed Request". The canvas app is further rendered on a vf page using <apex:canvasApp> tag.
But the package didn't pass the security review with the following errors at "HTTPS" URLs:
- Authorisation :
- Notes : Insecure object reference in the given function let a normal user to access to every user information in the database. Even the users from other organizations. Email, password, token, salts...
- CSRF : https://sample.com/account/logout
- Notes : Logout function has any kind of CSRF protection
I also tried running BURP but no success
Can anyone help to resolve or replicate these reported issues?