You need to sign in to do that
Don't have an account?
CustomDataIntegrations
Security Issue - Access control on ticket id Vulnerability
I got this back from the security review, how do I fix this? The Salesforce app is executing a .NET WCF service and the WCF service needs either login info for each call or the Authentication Cookie. How do I make this work? I need to pass the Order Id so that I know what order to retrieve.
1) Access control on ticket id Vulnerability File
Code
public String GetOrderStatus(String OrderTicketId,String CurrentAuthCookie,String Environment) { CDITECService.GetOrderStatus_element request_x = new CDITECService.GetOrderStatus_element(); CDITECService.GetOrderStatusResponse_element response_x; request_x.OrderTicketId = OrderTicketId; request_x.CurrentAuthCookie = CurrentAuthCookie; request_x.Environment = Environment;
Notes
The order ID coming from the user parameter is directly sent to the web service. The web service authenticates the user based on who they say they are.