hi
in the config.php file we test for authenticated user. (i've added ck finder)
function CheckAuthentication()
{
return isset($_SESSION['IsAuthorized']) && $_SESSION['IsAuthorized'];
}
I would like to test if an unauthorised user can access/delete files. How can I test for this?
Thanks
in the config.php file we test for authenticated user. (i've added ck finder)
function CheckAuthentication()
{
return isset($_SESSION['IsAuthorized']) && $_SESSION['IsAuthorized'];
}
I would like to test if an unauthorised user can access/delete files. How can I test for this?
Thanks
Re: security test
You should post this kind of questions in the CKFinder forum
The first step in the processing of any command at the server is the verification of the CheckAuthentication function, if that fails then no command will execute and the processing stops.
You can try to use CKFinder with the sample files without login in, you will see that it refuses to work. You can then try to login and record all the requests made to the server, and then replay them again (using Fiddler for example), but after logging out and making sure that the new requests don't reuse the same session. All of them should now return the same error message. If anything is different then it means that something is broken and should be fixed ASAP. (well, some requests like view thumbnails or download a file will give a different error message, but in the end all of them should fail)