I am developing a Shopify application with rail and to find out which store it is accessing , Using query-string. It looks insecure because users can change the URL to enter somebody else's settings.
Here's an example:
I click on the Priority link on my app and get redirected and get a page of the settings related to the store: example.myshopify. Com
What is it to prevent the user from changing that customization and entering the store they do not keep themselves?
Should I use authentication gem () and to prevent spoofing attacks, should each user create a username and password?
Interesting There was a live production shoppiece store store that you did what you did. When I got an app like this, I informed shopping and they immediately wrapped the app developer. He learned his lesson very quickly and hoped that he would be very embarrassed.
The Shopify Partner Account (free to acquire) provides you a good API token and provides related secrets to your app that you can use to ensure that you Merchants who are trying to access the app are found, / P>
- There is actually a store that installs your app and,
- have the right to use your app
You really want this It must out.
No comments:
Post a Comment