When we check the data fetch actions in payload in network section we noticed that all screen variables values are is being included in the Request Payload. This is same even when the server data action being called has no use for any of this data. For example, I have a "Fetch from other data sources" that simply returns a site parameter value but when I look at the DataAction request/response in Dev Tools I'm seeing all of the screen variables included in the request. Is there any solution that we can Encrypt on client side so its should not visible on payload.
Here I am passing input parameter (eg:: userName) for Encryption action but its should not visible in the payload or it should be Encrypted please help me with this
Hi Sudarshan,
I think this is a known problem with Reactive (or not a problem depending how you look at it). For one, the value of all Screen Variables can be inspected client-side by using the browser's dev tools. It's not only in the network tab you can see them, so the fact they're sent to the server isn't a problem in that respect. Secondly, server-side there's no way to effectively inspect unused client variables, so there's also no security problem there. The only downside to sending all the client variables is performance, but limiting the number of client variables is a good practice anyway.
Encrypting it client side will be pure "security theater". Any data on the client side would be visible before you encrypt it. The only way to have data be 100% secure on the client, is to encrypt it on the server *before sending it to the client*. And that means it can never be used by the client, except to send it back to the server.
J.Ja
If your concern is limited in exposing those sensitive data on the network, this article might help. Do note though that in the process of encrypting the data from client can still be intercepted as Justin and Kilian mentioned.
If you need more than this client-server encrypted which I experienced in some banking customer, you might consider AppShield which one of the major feature is code obfuscation. This comes with an additional cost.
John