Hello all,
I am working on a project which is using smart client framework on front end and we actually having a security issue,
We are using a generic PHP page to handle calls between client side and database,
The problem is when we POST data to the PHP file, all the data are exposed to the client so they can easily understand how it works manipulate data and post,
My customer want to remove the SmartClient framework because of this but I am sure there is another way to communicate with a MySQL database without exposing the POST data to the user,
I read the documentation but didn't find anything, is there any way to fix my problem without having to change the whole application?
My client actually have a license with you guy's I can provide it if needed,
This is the syntax we are using in each asc.RestDataSource.Create controller:
Thanks for your help,
I am working on a project which is using smart client framework on front end and we actually having a security issue,
We are using a generic PHP page to handle calls between client side and database,
The problem is when we POST data to the PHP file, all the data are exposed to the client so they can easily understand how it works manipulate data and post,
My customer want to remove the SmartClient framework because of this but I am sure there is another way to communicate with a MySQL database without exposing the POST data to the user,
I read the documentation but didn't find anything, is there any way to fix my problem without having to change the whole application?
My client actually have a license with you guy's I can provide it if needed,
This is the syntax we are using in each asc.RestDataSource.Create controller:
Code:
operationBindings: [{ operationType: "fetch", dataProtocol: "postXML" }, { operationType: "add", dataProtocol: "postParams" }, { operationType: "remove", dataProtocol: "getParams" }, { operationType: "update", dataProtocol: "postParams" } ], disableQueuing: true, fetchDataURL: "data/db.php", addDataURL: "data/db.php", updateDataURL: "data/db.php", removeDataURL: "data/db.php" });
Comment