my organization has website powered wordpress. using pagebuilder design pages. have assets (pdf files, ppts) etc. can access these files.
i need modify them there access control. first suggestion provide access control “register” each user wants access files. based on type of user (normal, hr, finance etc) each of them can have access specific set of files.
could suggest how above can done.
as starting point see owasp has it. here entry on direct object references: https://www.owasp.org/index.php/top_10_2013-a4-insecure_direct_object_references
Comments
Post a Comment