Announcement

Collapse
No announcement yet.
X
Collapse
  • Page of 1
  • Filter
  • Time
Clear All
new posts
Previous template Next
    #1

    tools security & 'DataSources' tab

    SmartClient Version: v11.0p_2016-06-10/EVAL Development Only (expires 2016.08.09_04.37.32) Licensed to: Isomorphic Software (#ISC_EVAL_NIGHTLY)

    Hello, in my deployment I've protected the /tools path so that it's accessible for admins only.
    The result is that the 'Server Logs', 'XML', and 'Admin Console' tabs are disabled.
    But the 'DataSources tab remains active, and a not-admin user can fetch and modify data. How can I disable that feature?
    Tags: None
    #2
    If your end users can fetch and modify data from DataSources in your application, they can do exactly the same things in the DataSources tab. It doesn't use any special privileges.

    If you're able to do something in that tab that you shouldn't be able to do, then you have a security flaw in your app you should fix.

    Comment

      #3
      Thanks for the clarification.
      Actually it's a cool feature. I examined it with an admin role so I got the wrong idea that it was having the right of doing anything.

      Comment

      Previous template Next
      Working...
      X