Welcome Guest, Not a member yet? Register   Sign In
should I worry about data being disclosed?
#1

(This post was last modified: 05-30-2021, 03:27 AM by richb201.)

I have built a multi-user application in CI3. To keep one users data from being seen by another user I do a number of things. For example I keep each users uploaded images on S3 and only download them when they login. I also keep all users data (as best I can) out of the application and on mysql RDS which is hosted by AWS. 
I am concerned about a package I use called Koolreport to generate end user reports. I display these reports either on the browser screen and allow a user to print to them to a pdf or directly download them to a user's hard drive. 
Do I need to be worried about reports for one user displaying on another users PC? The reason i ask is that I just read this:
  • Widget after receiving data will render html together with its resources such as Javascript files and CSS.So in order to make widget works, its resources has to be loaded to browser or in other words, resources of widget need to be put in a public place where they can be accessed.If koolreport folder is placed in public place then widget's resources can be accessed directly. There is no doubt about it. However, in many cases due to security or other reasons, koolreport folder is put in inaccessible place, for example vendor folder.
Is this something that I need to worry about or can I assume that one user's resources are segregated from another user by the system without my concern?Any idea how I can test this?
proof that an old dog can learn new tricks
Reply
#2

I spoke with the makers of koolreport and their quote above corresponds to CSS files, not to data files or reports, so I think I am AOK.
proof that an old dog can learn new tricks
Reply




Theme © iAndrew 2016 - Forum software by © MyBB