[SERVER-69957] Test commands using a faked security token of a tenant and check that the requests cannot access the tenant's data. Created: 25/Sep/22  Updated: 15/Mar/23  Resolved: 15/Mar/23

Status: Closed
Project: Core Server
Component/s: None
Affects Version/s: None
Fix Version/s: None

Type: Task Priority: Major - P3
Reporter: Sophia Tan Assignee: [DO NOT USE] Backlog - Server Serverless (Inactive)
Resolution: Won't Fix Votes: 0
Labels: None
Remaining Estimate: Not Specified
Time Spent: Not Specified
Original Estimate: Not Specified

Assigned Teams:
Serverless
Participants:

 Description   

We need add some test cases to validate a faked security token cannot access the tenant's data.

A faked security token has a valid user name, db and tenant id but the sign is not valid. 



 Comments   
Comment by Janna Golden [ 15/Mar/23 ]

This work would be better handled in the [Signature Validation for Security Tokens in Serverless|PM-2609] project.

Generated at Thu Feb 08 06:14:53 UTC 2024 using Jira 9.7.1#970001-sha1:2222b88b221c4928ef0de3161136cc90c8356a66.