EGL Development User Group

EGL Development User Group

EGL Development User Group

The EGL Development User Group is dedicated to sharing news, knowledge, and insights regarding the EGL language and Business Developer product. Consisting of IBMers, HCL, and users, this community collaborates to advance the EGL ecosystem.

 View Only

  • 1.  Richui Security

    Posted Wed March 28, 2018 03:42 AM

    Hello,

    In my Richui web application I 'm calling SOAP WS in an EGL Rich UI handler using @bindService property.

    The application is running under J2EE security and uses form-based authentication.

    But it seems that if a user is logged in, he is able to see the Web service call and the request parameters.

    The user can change the request parameter(e.g. customer code (int)) easily and see different response results and not only the response that he is allowed to see.

    How is it possible to secure this webservice call and prevent this WebService attack?

     

    Thanks in advance.

    michaeldefox


  • 2.  Re: Richui Security

    Posted Fri March 30, 2018 09:58 AM

    Hello @michaeldefox

    If I understand, can the user change the URL containing the customer ID? something like ? and submit browser submission for service access ?? it is ?

     

    Osvaldo Menezes

    @ojomenezes

    ojomenezes


Related Content