Web app accessible to everyone on a random day?

  • I need to jot down debugging steps for below scenario : "You are hosting a web app in your server which is accessible only to a particular set of people. But on an unusual day, all the people are able to access your web app. How would you troubleshoot this issue?"

    I can make some assumptions for example : 1. Auth API might be down. 2. Auth API returning incorrect response for unauthorized users. 3. Web app not maintaining session based on auth API response.

    What all other debugging steps should we perform on this scenario ?

  • Clearly an interview question.
    I will give you some pointers. You will need to both investigate and expand on them.

    • App change
    • Hacker change
    • Network changes
    • Webserver date issue
    • Security rule changes
    • Timezone/DST issues
    • Leap Year calculation issue
    • Authentication change in app
    • Existing bug in authentication
    • Year start/end Date Boundary
    • External provider authentication broken
    • It is after 03:14:07 UTC on 19 January 2038
    • Natural Disaster causing failover to unsecure setup

Suggested Topics

  • 2
  • 2
  • 2
  • 2
  • 2
  • 2
  • 2
  • 2