Hello Experts,In my application I have shown user information on the dashboard screen. I have shown 4 four columns in the table on the screen. I have used user table in the aggregate which contains password as well. will it cause any security issue ? is it possible to manipulate password from the dashboard screen even it is in hash ? Important: I have not used password column in the table. still aggregate will fetch password data or not for that specific column inside the aggregate ? Please share your thoughts on the same to improve security of the application.Please find the attached snapshot as a sample page.
Thanks in advance.
Hi Ajit,
It will not fetch the value of password column if it is not in used any where on the screen.You can also verify it using inspect network tab as shown below. Password will be "" always.
RegardsKrishnanand Pathak
How can I check the payload and response parameters ?
You can do that in the DevTools of the browser.
Open inspect -> Newtork tab -> search with aggregate or action name -> select the action-> select response or payload tab or any other tab. If you don't see any action in network tab then just refresh the screen without closing inspect tool. You can take reference from below screenshot.
Hi @Ajit Kurane
To enhance your application's security, you can also use an advanced query which will return only the columns you need to use in your screen, implement proper authentication and authorization and consider data encryption to the passwords.
Some links for you to read about these topics:
Advanced queries
Authentication vs. Authorization
Encrypt Password
Kind regards,
Tami