4
 Followers
7
 Likes

Indicate potential dataleaks by indicating which server actions are used in client actions

Frontend
Working on it
expected delivery in Q2 2020


While working on a client's mobile project we discovered that a previous dev team had used certain server actions in client actions.

(In doing so they are now treated and exposed as APIs by Outsystems making them accessible from anywhere by anyone with a registered user cookie)

These particular actions were build in a way that private information from other users could be retrieved by changing a simple parameter (which was immediately fixed and patched after discovery).

An idea regarding this was mentioned by a team member, to more easily recognize potential data-leaks like this. By adding visual indication somewhere (on the server action icon, or add them to a list somewhere). Showing which server actions are now exposed to the outside world, by being used in client actions, and should be checked to make sure there are no data leaks.



Created on 19 Aug 2019
Comments (4)

Yes +1

Would be nice to have something that tells me that the action needs special attention.

Changed the category to Service Studio


Changed the category to Frontend and the status to

Working on it
expected delivery in Q2 2020


Hi Eric,

We are working on ways to make this more visible. We are also optimizing data transfer so that only the information needed is sent to the browser. We'll have more details about this soon.

Cheers,
Tiago Simões

Great news Tiago. 


I'll be looking forward to the fix

views
198
Followers
4