Zimbalwa izinsuku ezedlule ukuba sengozini kudalulwe endaweni yesikhulumi esithandwayo e-inthanethi yeCoursera futhi ukuthi inkinga ayenayo yayiku-API, ngakho-ke kukholakala ukuthi kungenzeka ukuthi abaduni babehlukumeza ubungozi "BOLA" ukuqonda izinketho zezifundo zabasebenzisi, kanye nokuphikisa izinketho zezifundo zomsebenzisi.
Ngaphezu kwalokho, kukholelwa nokuthi ubungozi obusanda kuvezwa bungadalula idatha yomsebenzisi ngaphambi kokulungiswa. Lezi amaphutha atholakale ngabaphenyi abavela inkampani yokuhlola ukuphepha kwesicelo Ukuhlola futhi ishicilelwe evikini elidlule.
Ukuba sengozini iphathelene nezinhlobonhlobo zezinhlelo zokusebenza ze-Coursera zokufaka izinhlelo futhi abacwaningi banquma ukungena ekuvikelekeni kwe-Coursera ngenxa yokwanda kwayo ngokushintshela emsebenzini nasekufundeni nge-inthanethi ngenxa yobhadane lwe-COVID-19.
Kulabo abangajwayelene ne-Coursera, kufanele wazi ukuthi le yinkampani enabasebenzisi abayizigidi ezingama-82 futhi esebenza nezinkampani namanyuvesi angaphezu kwama-200. Ubudlelwano obaziwayo buhlanganisa i-University of Illinois, iDuke University, iGoogle, i-University of Michigan, i-International Business Machines, i-Imperial College London, iStanford University kanye ne-University of Pennsylvania.
Izinkinga ezahlukahlukene ze-API zitholakele kufaka phakathi ukubalwa komsebenzisi / i-akhawunti ngesici sokusetha kabusha iphasiwedi, ukushoda kwezinsizakusebenza kukhawulela kokubili i-GraphQL API ne-REST, nokulungiswa okungalungile kwe-GraphQL. Ikakhulu, inkinga yokugunyazwa kwento ephukile ibeka phezulu kohlu.
Lapho sisebenzisana nesicelo sewebhu se-Coursera njengabasebenzisi abajwayelekile (abafundi), siqaphele ukuthi izifundo ezisanda kubukwa zikhonjisiwe kusixhumi esibonakalayo somsebenzisi. Ukumela lolu lwazi, sithola izicelo eziningi ze-API GET endaweni yokugcina efanayo: /api/userPreferences.v1/ [USER_ID-lex.europa.eu~[PREFERENCE_TYPE}.
Ukuba sengozini kwe-BOLA API kuchazwa njengezintandokazi zomsebenzisi ezithintekile. Ukusizakala ngokuba sengozini, ngisho nabasebenzisi abangaziwa bakwazi ukubuyisa okuncamelayo, kodwa futhi bakushintshe. Okunye okuncamelayo, okufana nezifundo ezisanda kubukwa kanye nezitifiketi, nakho kuhlunga imethadatha ethile. Amaphutha we-BOLA kuma-API angaveza amaphuzu wokugcina eziphatha okokuhlonza into, ezingavula umnyango wokuhlaselwa okubanzi.
“Lokhu kuba sengozini kwakungasetshenziswa kabi ukuze kuqondwe izinketho zabasebenzisi abajwayelekile ngezinga elikhulu, kodwa futhi nokuphambukisa ukukhetha kwabasebenzisi ngandlela thile, njengoba ukukhohliswa komsebenzi wabo wakamuva kuthinta okuqukethwe okwethulwe ekhasini lasekhaya i-Coursera ngokukhethekile umsebenzisi, ”kuchaza abacwaningi.
Ngeshwa, izinkinga zokugunyazwa zivame kakhulu kuma-API, "kusho abacwaningi. “Kubaluleke kakhulu ukufaka ukuqinisekiswa kokulawulwa kokufinyelela endaweni eyodwa, kuhlolwe kahle, kuhlolwe ngokuqhubekayo futhi kugcinwe kahle. Izindawo zokugcina ze-API ezintsha, noma izinguquko kulawa akhona, kufanele zibuyekezwe ngokucophelela ngokuhambisana nezidingo zawo zokuphepha. "
Abaphenyi baqaphele ukuthi izinkinga zokugunyazwa zivame kakhulu kuma-API nokuthi ngenxa yalokho kubalulekile ukuqinisa ukuqinisekiswa kokulawulwa kokufinyelela. Ukwenza kanjalo kufanele kwenziwe ngento eyodwa, ehlolwe kahle, futhi eqhubekayo yokulungisa.
Ukuba sengozini okutholakele kwalethwa kuthimba lezokuphepha likaCursera ngo-Okthoba 5. Isiqinisekiso sokuthi inkampani yawuthola lo mbiko futhi iyawusebenza safika ngo-Okthoba 26, uCursera wabe esebhala uCherkmarx ethi bazisombulule izingqinamba ngoDisemba 18 kuya kuJanuwari 2 kanti uCursera wabe esethumela umbiko wokuhlolwa okusha okunenkinga entsha. Ekugcineni, NgoMeyi 24, uC Coursera wakuqinisekisa ukuthi zonke izingqinamba zilungisiwe.
Naphezu kwesikhathi eside impela kusuka ekudalulweni kuya ekuqondisweni kokulungiswa, abacwaningi bathi ithimba lezokuphepha laseC Coursera liyintokozo ukusebenzisana nalo.
“Ubuchwepheshe nokusebenza kwabo ngokubambisana, kanye nobunikazi obusheshayo abakucabangayo, yilokho esikubheke ngabomvu lapho sihlangana nezinkampani zama-software,” kuphetha bona.
Umthombo: https://www.checkmarx.com