• Create BookmarkCreate Bookmark
  • Create Note or TagCreate Note or Tag
  • PrintPrint

Row-based Security

When using Web-based email applications, you might notice certain information, such as a large number, being displayed in the URL. These large values often represent keys or indexes to the database, which allows the email application to look up a particular message or user. However, when application developers don't take the proper precautions, these keys can expose your email messages to other users or outside email attackers.

Case Study 9-1

Scott checked his Web-based email account from his hotel room. He and his partner were about to close a major deal with a distributor for a new revolutionary electronic toy they had developed in time for the Christmas season. Indications were that this toy would be a major seller and set Scott and his partner on easy street.

Scott had been emailing his partner at each step of his trip about various issues with the toy. He checked to see whether his partner had replied with any new questions or information. Instead, he found an email from their investor, who had heavily funded their research and development. Now that the payback was near, Scott was sure congratulations were forthcoming.

To his horror, the email was a scathing tirade about how Scott had sold out the company and its substantial investment. Scott's emails had been posted on a public Web site, and now a competitor had announced a similar product, beating Scott to the punch. As Scott wondered what had happened, he realized his dreams for the future were fading away.



PREVIEW

                                                                          

Not a subscriber?

Start A Free Trial


  
  • Creative Edge
  • Create BookmarkCreate Bookmark
  • Create Note or TagCreate Note or Tag
  • PrintPrint