Parallel ultra vires solution

our company"s system is an intranet system, and we have not paid attention to the problem of parallel ultra vires before. Recently, the company conducted a security test to issue this problem, that is, users can ultra vires access to other users or order information by modifying the parameters in url. At present, the solution we have discussed is to encrypt the core parameters when the parameters are passed by the backend to the foreground, and then decrypt the parameters when the parameters are passed by the backstage to the foreground. The disadvantage of this is that it has a great impact on the business side, and each business method has to be modified.
is there a reasonable solution to this problem to minimize the impact on the business side?

Html java javascript

Mar.07,2021

whether you have permission to belong to the backend should have the function . According to you, the function of this API should be to modify your own order , which is obviously the fault of the backend itself.

your solution can use aspect-oriented programming to set interceptors before requests and responses
A reasonable solution I think it is best to set the scope of user permissions to view personal or departmental and corporate data

Previous: This htmlhint is too retarded.

Next: This rule cannot tell if there is a space at the end.

How does native js implement jquery .on (events, selector, handler) delegate events?
Event delegation can be implemented in jquery as follows, and dynamically added tr can also trigger this event $( "-sharpdataTable tbody" ).on( "click", "tr", function() { console.log( $( this ).text() ); }); how do I ...

Jquery html java javascript

Mar.04,2021
The relationship between url coding and (utf-8,gbk)
figure 1 says that the utf-8 code of "Spring Festival " is E698 A5 E8 8A 82 then I transcoded "Spring Festival " with utf-8 with tools, and found that it was Spring Festival . could you tell me what this is all about? Or is there something wron...

Html java javascript

Mar.11,2021
WEB CSRF Defense issu
A problem with the front end of WEB. I have a http Server, written by java that calls the open source Nanohttpd, page. The data on the Nanohttpd, page is submitted through xhttp.open ( "POST ", url, true); xhttp.setRequestHeader ( "Content-type ", "ap...

Html java javascript

Mar.19,2021
Http://localhost:8000/user request is http://localhost:8000/server/user
proxyTable: { server : { target: http: localhost:8000 , ? secure: false, https? changeOrigin: true, ? pathRewrite: { ^ api : } } user : { tar...

Php css html java javascript

Mar.20,2021
Java background page how to use the bootstrapTable front-end framework to integrate echarts development, can you give an example?
the new project is the background of a Java development of springboot, and the front-end framework uses this bootstrapTable framework. Now the project needs to use the echarts plug-in. I would like to ask how to integrate echarts into it and complete the...

Html java javascript

Sep.08,2021
Whether the natively implemented control can be overridden on top of the webview of Android
The control of HTML5 can not meet the requirements. I wonder if the control that needs to be implemented in Java can be partially covered on webview. Can it be realized technically? is for display only and does not require any user interaction. ...

Css html java javascript android

Nov.26,2021
Why can't you show the time with function showTime?
< html > < head > < meta charset= "utf-8 " > < title > js-01.html < title > < script > var today=new Date (); var year=today.getYear (); var month=today.getMonth (); var hour=today.getHours (); var minute=today.getMinutes (); < script...

Html5 html java javascript

Jan.26,2022
After the video is sliced, how to put it into the player after the request is returned without conflict
after slicing the video, how to put it into the player after the request comes back without conflict! how can this be added to the back of the player without replacing the original? ...

Html5 html java javascript

Feb.14,2022