70-340 Implementing Security for Applications with Microsoft Visual C# .NET Certification Exam

Demo Question 11.

You are an application developer for EliteCertify.com. You are developing the business layer of a three-tier Web application. The application uses Forms authentication. File access permissions are assigned based on the role of the user. The authenticated user names and roles are stored in a Microsoft SQL Server database. When a user is authenticated by the server, the user's cryptographically random session token and role are stored in a cookie on the client computer and used for access to other pages. You want users who are members of a role named Editor to have Read permission and Write permission for the application files. You want users who are members of a role named Reader to have only Read permission for the files. You create a method named OpenFile to pass the name and role of the current user along with the name of a file. This information is used to open and return a file. The method is contained in the following code segment. public Stream OpenFile(HttpCookieCollection userInfo, string file) { switch (userInfo["Role"].Value) { case "Editor": return new FileStream(file, FileMode.Open, FileAccess .Read ) ; } } During a security review, you discover that some users will receive Write permission when they should not. You need to prevent unauthorized users from modifying files. What should you do?

A. Change the application to use Windows authentication.
B. Create a restrictive discretionary access control list (DACL) entry for each file.
C. Verify the role by using the word Reader, instead of relying on the default case.
D. Retrieve the user's role information from the database instead of from the cookie.


Display Answer

Answer: D

Explanation: Cookies are a prime target for session high-jacking. There should be limited information stored in them as they can be manipulated client-side if stored there. Since the role is stored here in plain text it can just be changed to a higher role. The question only ask for one option but it specifically states that one role has read/write and the other only has read, but the code only checks for the read/write role, which would mean everyone using the code would at least have read when in only the one role has read only. It would be best to not only pull the role from a more secure/securable source other than the cookie but also check for the roles in the case select. Bulletproof persistent cookies to increase security Web browser cookies can enhance the user experience by providing additional functionality and ease of use. However, from an administration point of view, cookies are a security concern. Encrypt your cookies with this simple technique. Cookies offer an excellent way to keep small bits of information about the user readily available so that they don't have to be looked up again. They can allow you to keep users' numeric IDs handy instead of their logon names, which makes getting back to their security and authorization easier and quicker. However, cookies represent a dangerous risk: Users may choose to tamper with the information and see what havoc it might cause. Risks of cookie tampering To understand how using cookies can create huge security risks, consider a site that stores the user's ID in a database in a cookie. The cookie is persistent, and the site never validates the information in the cookie. It's assumed to be correct. The user goes to the site and logs in. He or she looks at the cookie file and determines that only an ID is being stored in it. The user resets the number in the file to 1 and logs back into the site. For most sites, the super user is the first ID inserted into the database, and it's usually never disabled. If the site doesn't validate the value from the cookie, the user has become a complete administrator with a trivial amount of text editing. Any unchecked information placed in a cookie can represent a potential security problem.