While working on a client's mobile project we discovered that a previous dev team had used certain server actions in client actions.
(In doing so they are now treated and exposed as APIs by Outsystems making them accessible from anywhere by anyone with a registered user cookie)
These particular actions were build in a way that private information from other users could be retrieved by changing a simple parameter (which was immediately fixed and patched after discovery).
An idea regarding this was mentioned by a team member, to more easily recognize potential data-leaks like this. By adding visual indication somewhere (on the server action icon, or add them to a list somewhere). Showing which server actions are now exposed to the outside world, by being used in client actions, and should be checked to make sure there are no data leaks.
Yes +1
Would be nice to have something that tells me that the action needs special attention.
Changed the category to Service Studio
Changed the category to Frontend and the status to
Hi Eric,
We are working on ways to make this more visible. We are also optimizing data transfer so that only the information needed is sent to the browser. We'll have more details about this soon.
Cheers,Tiago Simões
Great news Tiago.
I'll be looking forward to the fix