undefined

points

[-]

As written, I do think that's naive. Being sure the person/browser is authorized doesn't mean that the signals you get are actions they intended.

Suppose that in normal use a user can visit a certain URL which triggers a dangerous effect. An attacker could trick the user into performing the action by presenting a link to them titled "click here for free stuff."

There are various ways to protect against that (e.g. CORS, not using GET methods) but backend cloud credential management does not give it to you for free.

by scarface_741 hours ago|

parent|

[-]

And that same user is already trusted to have admin access to the entire organizational AWS credentials - I did say it was an internal management site.

The lambda itself only has limited permissions to the backend. The user can’t do anything if the lambda only has permission to one database and certain rights to those tables, one S3 bucket, etc.

Heck with Postgres on AWS you can even restrict a Cognito user to only have access to rows based on the logged in user.

And the database user it’s using only has the minimum access to just do certain permissions.

by sgarland2 hours ago|

prev|

[-]

Did you mean to reply to someone else? This seems awfully defensive for a reply to parent’s comment.

by losvedir1 hours ago|

prev|

[-]

It wouldn't prevent the admin page from exfiltrating data, though, right? Like, POSTing whatever data is loaded on the page to an arbitrary attacker controlled website.

by scarface_741 hours ago|

parent|

[-]

That would require the logged in user to do something stupid. That’s like saying what’s to prevent the authorized user from emailing his credentials to a random person.