Last post Aug 20, 2019 07:34 AM by Mikesdotnetting
Aug 20, 2019 06:41 AM|snowfrost88|LINK
Did the Fortify Scan and got the Access Control Category for the below source . The bold statement was flagged out. May I know how do I rectify this ?
public Repository(MemberPointsEntities entities)
this.entities = entities;
this.databaseSet = entities.Set<T>();
Aug 20, 2019 06:51 AM|Mikesdotnetting|LINK
The bold statement was flagged out.
Aug 20, 2019 07:10 AM|snowfrost88|LINK
Meaning that this "this.databaseSet = entities.Set<T>();" from my program is being flagged out for this Fortify Category : Access Control: Database which the recommendation was to:
Rather than relying on the presentation layer to restrict values submitted by the user, access control should
be handled by the application and database layers. Under no circumstances should a user be allowed to
retrieve or modify a row in the database without the appropriate permissions. Every query that accesses
the database should enforce this policy, which can often be accomplished by simply including the current
authenticated username as part of the query.
I am not sure how to change so that it won't be flagged out in the next scan.
Aug 20, 2019 07:34 AM|Mikesdotnetting|LINK
You'll be better off posting your question to a Fortify forum. The issue has nothing to do with ASP.NET.