No announcement yet.

Security bug?

  • Filter
  • Time
  • Show
Clear All
new posts

  • Security bug?

    I've finished todevelop my application,
    I'm using the security module,
    After the login I use 'select xxxxx from xxxx where user = 'xxxx' so every user only can see their own records

    I am so worried because of the following:

    In the login form I store the login name in a session variable, after cheking that the password is correct, that works with no problem
    After login in everything works fine,

    The problem is when the user access directly to the URL application istead of the login form
    Normaly: login -> menu -> Aplication X

    What user does, is access directly toAplication X,writting it directly in the URL or from his 'favourites' witout executing the login form
    Because there is a global variable there in the OAplicationInit event, SC see that this global variable is not set, and AUTOMATICALLY open a screen to allow the user to enter it and ask it in a screen, so everyone can put there the login without entering the password,

    I am very worried about it,

    Can anybody helpme?

  • #2
    Re: Security bug?

    hi, i am not an expert on SC, but i believe you are seeing the variable input box which you can see when developing. make sure that particular application has security set true in the settings. you should not get that input when deployed, if all apps are set correctly. you are correct to have found that with your testing. perhaps someone with more experience here can tell you exactly what to do.
    peace, Jamie


    • #3
      Re: Security bug?

      Thank you very much,
      Next few days I will test in a real environment