I have an web application (Java-html5/js) which runs on our servers that is accessed simply by its URL, no login options or checks. I have been asked to secure it, but I have no access to its source code and I have not managed to contact the developer behind it. It is widely being used on the company, so there is no option to shut it down. The other applications on the network require authentication, so I can use those credentials for this app as well, by redirecting him from a another page. But once he logins, how can I stop him from just accessing the actual unsecured url?
Aucun commentaire:
Enregistrer un commentaire