none
Security flaw-To use CSOM/Javascript code for Custom Office365(Sharepoint Online) application RRS feed

  • General discussion

  • Hi,

    I've developed custom application in Office365(Sharepoint Online) using CSOM/Javascript. Security team from client side has been reported one major issue to the our application that any end user can comment our CSOM/Javascript code and bypass the validation  or can update / insert into sharepoint list item using developer tool/ Console in Google Chrome(F12 Key).

    Also end user can write his own separate code in console of Google Chrome (Developer Tool / F12) and can update / insert  into Sharepoint List.

    Note:- End user has Add, Edit, View permission on all Sharepoint List.

    This is one major security flaw of the Sharepoint/Office365 to use CSOM /Javascript for writing code, to overcome this issue could you please provide me some solution.
    Your help would be greatly appreciated!!!  
    Looking for reply.


    Thanks,
    Mahesh Sherkar
    Web: http://Mahesh-Sherkar.com
    Email: mahesh.sherkar@gmail.com




    Thursday, April 23, 2015 6:19 AM