I have a module A as end user module and B as service module. where B module has my all server actions, My A module have screens,
under the screen for screen data I have been using data actions. where we are not using outsystems users, we have our separate user database
so we need Anonymous role as checked. by using server action from module B it gives me below security waring, any solution on this
Security Warning:-You're exposing a Server Action for public access and without authentication. Consider removing the Anonymous Role from this Screen.
Hi @Sayyad Papamiya,
Please check this link:
https://success.outsystems.com/documentation/best_practices/security/reactive_web_security_best_practices/
or
https://www.outsystems.com/forums/discussion/66824/reactive-security-warning-youre-exposing-a-server-action-for-public-access/
Hope this helps you!!
Regards,
Rajat
Hi @Sayyad Papamiya
There is a one Option to Achieve this Requirements:
Approach: you can create a service action In B module and call server actions in this Service Action
Like this:
And call this Service action to Module A like this:
Note: You can only Resolve warning and its is not best practices suggested by outsystems
Thanks
Md Mansur
@Md Mansur ,
using a service action where you would normally use a server action, just to make the warning disappear is not a good plan / advice
@Sayyad Papamiya ,
If you deliberately choose to have all your screens open to Anonymous, then that warning is a consequence. It is there to warn you about the vulnerability, your goal should not per se be to make the warning go away but mitigate the vulnerability.
What do you put in place to make sure (parts of) your application isn't used by unauthorized users ?
Dorine