-
-
-
- Security measures
- Security considerations
- Data encryption
- OTP
- Anonymization of personal data
- Using robots.txt
- Field properties concerning security
- Developing user groups securely
- Security considerations for user interface
- Secure file organization
- Securely using the request
- Cross Site Scripting (XSS)
- Scrambling of testdata
- Permission settings
Security considerations for user interface
The following page is about security consideration while developing the user interface of an application
Common mistakes
- Hiding fields by using sections
Fields can be put on sections that are hidden to (some) users. The user is unable to see this field in this layout. Be aware that as long as no read permission has been set for this field, the user can still view this field through other means. They can for instance:
1. Export the content of the 'hidden' field
2. Get the content of the 'hidden' field through the REST-API, if this is configured.
3. Search on this field if it is a secondary search field.
In short, always configure read permissions properly. Never use sections to handle permissions. - Hiding fields using a class template
In case a class template is used to represent data, some fields can be omitted from the template. Users who view this template will not be able to see the contents of these fields. This is not a proper substitute for configuring read permissions. See point 1 for the possible ways users can circumvent this ommission. - Hiding fields using CSS
Never do this!