Let's imagine next situation:
I'm a manager in big organization. That organization uses WinForms application (3 tier) written with CSLA framework. I have some skills in programming.
At one day, I open exe/dll of that application in tools like "ILSpy" or "Reflector" and export it to "csproj". I'm opening that "csproj" in Visual Studio and rewrite "Login" method:
this:
public static void Login(string username, string password)
{
var identity = Library.CustomIdentity.GetCustomIdentity(username, password);
Csla.ApplicationContext.User = new CustomPrincipal(identity);
}
I change like this:
public static void Login(string username, string password)
{
var identity = Library.CustomIdentity.GetCustomIdentity("admin");
Csla.ApplicationContext.User = new CustomPrincipal(identity);
}
I compile it back and load my modified application. In authentication window I enter any name, any password and voila - I'm working with "admin" rights.
Is it true?
↧
What a proper way to implement strong authentication security?
↧