Goodday all ,
I got a warning that I am exposing a server action to the public.
I then
1.Called my screen action that gets user input from a widget
2. Called a Client action receiving user input and assign input to variable and also generating variable "X" (with JavaScript)
3. Call a Server action receiving Client action variables
4. Server action interacts with the DB
Now the warnings are gone.
I Just want to confirm by you pro's if this is now more secure to attacks or intercepting the variable "X" in Client Action.
Thank you ,
Jacques
Hi Jacques,
Here's some forum threads that may explain what your asking:
https://www.outsystems.com/forums/discussion/56039/security-warning-when-using-server-actions-on-pages-that-allows-anonymous-access/
and
https://www.outsystems.com/forums/discussion/66824/reactive-security-warning-youre-exposing-a-server-action-for-public-access/
Here's also OutSystems documentation about security for reactive: https://success.outsystems.com/Documentation/Best_Practices/Security/Reactive_web_security_best_practices
Cheers!