Closed Bug 956795 Opened 10 years ago Closed 10 years ago

[IARC] developer can game the content rating by re-using a submission ID/security code pair from another app

Categories

(Marketplace Graveyard :: Developer Pages, defect, P2)

Product:
Marketplace Graveyard
Component:
Developer Pages
Platform:
x86
macOS
Type:
defect

Tracking

(Not tracked)

Status:
RESOLVED WONTFIX
Milestone:
2014-01-14

People

(Reporter: kngo, Unassigned)

References

Details

STR:

1. Get a content rating for an app, and receive a submission ID ("123") and security code ("bar").
2. Go to the Edit Content Rating page for another app.
3. Submit "123"/"bar" in the submission ID/security code form.

Expected:

Does not work because the content rating was for a different app.

Actual:

Works since the submission ID/security code pair is globally valid.

Solution Needed:

Have a way to uniquely identify apps by sending an identifier to IARC and having the identifier sent back for us to perform a validation check.
Blocks: 929812
Priority: -- → P2
Target Milestone: --- → 2014-01-14
Does this actually block 929812?  We don't have a quick fix or answer for this and it will take time to address.  This also will cause problems for apps submitted through a different storefront than Mozilla.
Status: NEW → RESOLVED
Closed: 10 years ago
Resolution: --- → WONTFIX
You need to log in before you can comment on or make changes to this bug.