Azure DocumentDb continuation token -
i'm using continuation token iterate on result set in documentdb fine, intention expose continuation token , min/max page on rest api via hateoas links user can run through of results. there potential security risk returning continuation token or page ids? should obfuscate them? prefer keep session state in cosmos db , not have store results somewhere else pagination.
is there potential security risk returning continuation token or page ids?
in view, exposing continuation token can not cause security issues. continuation token differs authorization token, continuation token returned query when there additional results aside returned in response, clients resume query execution using continuation token previous query additional results, , continuation token returned previous query cannot used different query. if client continuation token not have valid authorization token , not know query, client can not results via continuation token.
Comments
Post a Comment