Restricting Developers from accessing tables of other applications

By Debasis Sahoo on 20 Sep 2017

It has been observed that developers can access the tables of other applications (where they do not have access) via writing sql statements in input parameters to advance query. This should have some sort of restriction to even view data. Issue stated here.

Kilian Hekhuis21 Sep 2017

In the post you link to, it is clear that this is database access via SQL, and tricking the platform at that. I don't think that can be prevented at all, without changing the way the Platform works.

Justin James21 Sep 2017

Sounds like the real problem is that you need to change your access so your untrusted developers cannot connect to environments that they should not have access to the data.


J.Ja