Security of searches

Hi all -

I haven’t found explicit guidance on this topic, so I thought I’d ask the community.

Are searches secure vs. the threat of a user manipulating requests?

In other words, say for the sake of the argument that I decided that only a specific set of users could look at some Things where a specific date field was more than 1 month in the future. Can’t do that with privacy rules.

So, I can set up a search with a compound expression. Easy - (Things’s date more than 1 month in the future) or (user type is “special”).

Now here’s the deal: can this be modified client-side? Can a rogue client ask the server to return all Things, irrespective of that date filter?


Privacy rules

1 Like