I had a user who reported a potential security issue in my app - he claimed that he saw backend data other than that being displayed on the browser.
Here’s an example to illustrate.
I have this data type X that currently all logged in users can “view all fields”.
Data type X
Field 1
Field 2
Field 3
Fields 1, 2, 3 are proprietary data that is used in some computation. The result of the computation is then shown on the browser.
The user claims that apart from the result, he also saw Fields 1, 2, 3 being sent to the browser.
Is that even possible? (I viewed the page source but couldn’t find anything.)
When I disabled “Viewed all fields” for users, I’m not able to perform the computation.
How do I hide Fields 1, 2, 3 from the frontend user but still allow them to be used in a workflow?
P.S. Omg, I just realized I have loaded Fields 1, 2, 3 into custom states - that’s probably why! Does that mean sensitive info should not be used in custom states? Any workaround for this? Thanks!
that is totally correct. Custom states, Options lists, Default DB Values, are not something that should be used with sensitive data. Whatever you have that should be secured, you have to put into database.
Hi there, @jayy… if you don’t have the proper privacy rules in place, a tech-savvy user can use, for example, the developer tools in Chrome to see data you aren’t showing on the front end but that is still being returned from the server.
To the best of my knowledge, the best way to handle the situation you described is to hide the sensitive data via a privacy rule and use a backend workflow to access and manipulate that data while ignoring privacy rules on the backend workflow. I will be interested to see if someone comes along with another suggestion, but again, that is how I believe you need to handle this situation.
Just don’t freak out and be realistic - there is no point in trying to uber-secure every tiny piece of stuff. So secure what really needs to be secured. Before I create a new data type I ask myself a question - what will happen if every person on the world will know it?
Is it a problem ? Can that person do something with that ? etc.
And then based on that either I go with simple Options list or I burden myself and create a db table just for that piece of data.
