The ultra vires operation of Web security: horizontal and vertical ultra vires

Reference: http://blog.csdn.net/github_39104978/article/details/78265433

Read the above article, the concept of ultra vires operation is still relatively vague, not clear the actual scene.

Horizontal ultra vires situation:

In the user Login module, assume that the user wants to reset the password when they forget the password (not logged in). Assume that the interface is designed to pass only the user name and the new password.

LOCALHOST:8080/USER/FORGET_RESET_PASSWORD.DO?USERNAME=AAA&passwordnew=xxx

After the user has been prompted with a password and answered the question successfully, jump to the Reset Password page. Under this page, the attacker in the browser to view the password reset interface, you can enter any user name and password to submit, if the user name entered will cause other users to be modified password! Also is the normal user's permission, modifies other ordinary user's information, this kind of function situation is the horizontal ultra vires.

In order to avoid the above horizontal ultra vires behavior, the common method is that after the user answers the password prompt question is correct, the service side randomly generates a token value to return, and gives token to set the expiration time (such as 30 minutes), then resets the password the interface requires the front end to pass the token, You can ensure that the current user has changed their password.

To reset the password, change the interface to

LOCALHOST:8080/USER/FORGET_RESET_PASSWORD.DO?USERNAME=AAA&passwordnew=xxx&forgetToken =531EF4B4-9663-4E6D-9A20-FB56367446A5

The ultra vires operation of Web security: horizontal and vertical ultra vires