human

7y

I created a custom interface for an LMS that allows students to see their marks even if they haven't been 'shared' yet by their teachers. This is all done without accessing any unauthorized apis, as the LMS always returns all student marks and then hides the ones with a False 'shared' key. School administration caught me, so I've now shut it down. I have a meeting with the deans tomorrow. Any advice? (Again, this is all done using existing methods found within this LMS)

undefined

lms

caught

exploit

school

Ranter

Comments

1

Devintrix

4365

7y

Play it down, you only thought you were using "available" interactions and not trying to "exploit" anything. Making something convenient, use that you masked then stopped it as part of the defense to back that.
1

Devintrix

4365

7y

Under no circumstances should you do what I did and tell them to secure their shit better
1

human

230

7y

@Devintrix haha
2

Tored

468

7y

Say that you wanted to make a cooler UI, but you didn't know how to hide the not shred ones, as you are (of course) only experienced in UI design :D
0

commanderkeen

2091

7y

"School administration caught me" - well I'd say you caught them. Just don't tell them that. You should've emailed them about there bad architecture instead of making a cool ui if you did not want the possibility of trouble...

Related Rants

devRant © 2021 Hexical Labs LLC
Privacy Policy | Terms of Service