From 88026846096e5b78ef85b65aa701c0cfd3be45aa Mon Sep 17 00:00:00 2001 From: Greg Date: Wed, 15 Apr 2015 09:36:17 +0100 Subject: [PATCH 1/2] Disable Cookies Storing sensitive user information in a cookie is a security risk. --- baasbox.js | 24 ++++++++++++------------ 1 file changed, 12 insertions(+), 12 deletions(-) diff --git a/baasbox.js b/baasbox.js index 2a7c106..79bc588 100644 --- a/baasbox.js +++ b/baasbox.js @@ -142,13 +142,13 @@ var BaasBox = (function() { roles.push(r.name); }); setCurrentUser({ - "username": res.data.user.name, + //"username": res.data.user.name, "token": res.data['X-BB-SESSION'], - "roles": roles, - "visibleByAnonymousUsers": res.data["visibleByAnonymousUsers"], - "visibleByTheUser": res.data["visibleByTheUser"], - "visibleByFriends": res.data["visibleByFriends"], - "visibleByRegisteredUsers": res.data["visibleByRegisteredUsers"], + //"roles": roles, + //"visibleByAnonymousUsers": res.data["visibleByAnonymousUsers"], + //"visibleByTheUser": res.data["visibleByTheUser"], + //"visibleByFriends": res.data["visibleByFriends"], + //"visibleByRegisteredUsers": res.data["visibleByRegisteredUsers"], }); deferred.resolve(getCurrentUser()); }) @@ -203,13 +203,13 @@ var BaasBox = (function() { roles.push(r.name); }); setCurrentUser({ - "username": res.data.user.name, + //"username": res.data.user.name, "token": res.data['X-BB-SESSION'], - "roles": roles, - "visibleByAnonymousUsers": res.data["visibleByAnonymousUsers"], - "visibleByTheUser": res.data["visibleByTheUser"], - "visibleByFriends": res.data["visibleByFriends"], - "visibleByRegisteredUsers": res.data["visibleByRegisteredUsers"], + //"roles": roles, + //"visibleByAnonymousUsers": res.data["visibleByAnonymousUsers"], + //"visibleByTheUser": res.data["visibleByTheUser"], + //"visibleByFriends": res.data["visibleByFriends"], + //"visibleByRegisteredUsers": res.data["visibleByRegisteredUsers"], }); deferred.resolve(getCurrentUser()); }) From 5784f302f1c67dd445739a8376906c451f9e2ea3 Mon Sep 17 00:00:00 2001 From: Greg Date: Mon, 27 Apr 2015 11:22:53 +0100 Subject: [PATCH 2/2] Removed sensitive information from cookie The cookie previously contained sensitive user information which poses a security risk. --- baasbox.js | 12 ------------ 1 file changed, 12 deletions(-) diff --git a/baasbox.js b/baasbox.js index 79bc588..35c4045 100644 --- a/baasbox.js +++ b/baasbox.js @@ -142,13 +142,7 @@ var BaasBox = (function() { roles.push(r.name); }); setCurrentUser({ - //"username": res.data.user.name, "token": res.data['X-BB-SESSION'], - //"roles": roles, - //"visibleByAnonymousUsers": res.data["visibleByAnonymousUsers"], - //"visibleByTheUser": res.data["visibleByTheUser"], - //"visibleByFriends": res.data["visibleByFriends"], - //"visibleByRegisteredUsers": res.data["visibleByRegisteredUsers"], }); deferred.resolve(getCurrentUser()); }) @@ -203,13 +197,7 @@ var BaasBox = (function() { roles.push(r.name); }); setCurrentUser({ - //"username": res.data.user.name, "token": res.data['X-BB-SESSION'], - //"roles": roles, - //"visibleByAnonymousUsers": res.data["visibleByAnonymousUsers"], - //"visibleByTheUser": res.data["visibleByTheUser"], - //"visibleByFriends": res.data["visibleByFriends"], - //"visibleByRegisteredUsers": res.data["visibleByRegisteredUsers"], }); deferred.resolve(getCurrentUser()); })