Security configuration in applications

Use security

With this option enabled, when accessing the application, an “unauthorized user” message will be displayed, preventing access to the application. Example of access with the security option active

When enabled, application access is only possible through the macro sc_apl_status or through security module.

Click here to access the macro documentation sc_apl_status.

In the development environment, the use of the above options for testing purposes may be suppressed, preventing the password being requested or access being blocked at each execution of the applications. To do this, disable the options “Enable security usage” and “Enable password usage” in the menu Configuration > My Scriptcase.

Security exit url

Defines which application the user will be redirected to after the “unauthorized user” warning.

Definition of the exit application.

Use password

When enabling the option, you will be asked to define a password for accessing the application.

Definition of the exit application.

When running the application using the active password, you will be asked for the password before accessing the application.

Definition of the exit application.

The password will be requested regardless of the “use security” setting or the use of the security module.

Request password only once

This option defines the behavior of the use password option.

When this option is enabled, the password will be requested only once per session.

When disabling, the password will be requested every time the application will be accessed.

Allow direct calling by URL

Allows an application to be called by typing the URL directly into browsers.

When disabled, when accessing the application by typing the URL directly, the invalid data error will be displayed. With this configuration, the application can only be accessed through a menu application, for example.

Definition of the exit application.

Enable CSRF

With this option enabled, the scriptcase prevents a malicious attack on a page where unauthorized commands are transmitted through a user the page trusts.

These attacks are known as a “Cross-Site Request Forgery” attack.