Closed Bug 956795 Opened 12 years ago Closed 12 years ago

[IARC] developer can game the content rating by re-using a submission ID/security code pair from another app

Categories

(Marketplace Graveyard :: Developer Pages, defect, P2)

Product:
Marketplace Graveyard
Component:
Developer Pages
Platform:
x86
macOS
Type:
defect

Tracking

(Not tracked)

Status:
RESOLVED WONTFIX
Milestone:
2014-01-14

People

(Reporter: kngo, Unassigned)

References

Details

STR: 1. Get a content rating for an app, and receive a submission ID ("123") and security code ("bar"). 2. Go to the Edit Content Rating page for another app. 3. Submit "123"/"bar" in the submission ID/security code form. Expected: Does not work because the content rating was for a different app. Actual: Works since the submission ID/security code pair is globally valid. Solution Needed: Have a way to uniquely identify apps by sending an identifier to IARC and having the identifier sent back for us to perform a validation check.
Blocks: 929812
Priority: -- → P2
Target Milestone: --- → 2014-01-14
Does this actually block 929812? We don't have a quick fix or answer for this and it will take time to address. This also will cause problems for apps submitted through a different storefront than Mozilla.
Status: NEW → RESOLVED
Closed: 12 years ago
Resolution: --- → WONTFIX
You need to log in before you can comment on or make changes to this bug.