33
Views
8
Comments
Reactive - Security Warning  You're exposing a Server Action for public access
Question
Application Type
Reactive
Service Studio Version
11.10.1 (Build 35288)

Hi,

I am getting Security Warning as below

"You're exposing a Server Action for public access and without authentication. Consider removing the Anonymous Role from this Screen."

I am getting above warning for the screen that I want to be accessible to Anonymous uses also. Hence cant able to uncheck the screen. How to get rid of this warning? 



Thanks

mvp_badge
MVP
Rank: #72

Hi Rohan,

There is not really a way to get rid of the warning other then hiding it by right-clicking the warning and select "Hide Warning". 

Since your screen has the Anonymous Role checked, it means that the REST service that will be generated by the platform for your exposed Server Action will also not have any Authentication enabled for it.

Make sure to read the Reactive web security best practices.

Regards,

Nordin

mvp_badge
MVP
Rank: #72

It seems wrapping the Server Action in a Client Action will get rid of the warning, but afaik the generated REST service will still be exposed without Authentication.

https://www.outsystems.com/forums/discussion/56039/security-warning-when-using-server-actions-on-pages-that-allows-anonymous-access/

Regards,

Nordin