I want to add a 'doppelganger' function to a website for debugging purposes. By doppelganger, I mean an authenticated user can enter another username and thereon the website will treat the authenticated user as the entered user in every way.
For example, a user has an issue adding comments to a blog. A developer would enter the user's username and the website would let the developer try to comment as that user to try to replicate the issue.
Assuming I trust the authenticated user to use the tool properly, is there any security issues I should consider?
Assuming the tool is secure, is there any ethical issues that I should consider?
Aucun commentaire:
Enregistrer un commentaire