Security Issue - Access control on ticket id Vulnerability

I got this back from the security review, how do I fix this? The Salesforce app is executing a .NET WCF service and the WCF service needs either login info for each call or the Authentication Cookie. How do I make this work? I need to pass the Order Id so that I know what order to retrieve.

1) Access control on ticket id Vulnerability File

Code

 public String GetOrderStatus(String OrderTicketId,String CurrentAuthCookie,String Environment) {
            CDITECService.GetOrderStatus_element request_x = new CDITECService.GetOrderStatus_element();
            CDITECService.GetOrderStatusResponse_element response_x;
            request_x.OrderTicketId = OrderTicketId;
            request_x.CurrentAuthCookie = CurrentAuthCookie;
            request_x.Environment = Environment;

Notes

The order ID coming from the user parameter is directly sent to the web service.  The web service authenticates the user based on who they say they are.

March 31, 2013
·
Answer
·
Like
0
·
Follow
0

You need to sign in to do that.

Need an account? Sign Up

Have an account? Sign In

Dismiss

Browse by Topic

Welcome to Support!

Show

sorted by

Security Issue - Access control on ticket id Vulnerability

You need to sign in to do that.