2
 Followers
5
 Likes

Indicate potential dataleaks by indicating which server actions are used in client actions

Service Studio
New


While working on a client's mobile project we discovered that a previous dev team had used certain server actions in client actions.

(In doing so they are now treated and exposed as APIs by Outsystems making them accessible from anywhere by anyone with a registered user cookie)

These particular actions were build in a way that private information from other users could be retrieved by changing a simple parameter (which was immediately fixed and patched after discovery).

An idea regarding this was mentioned by a team member, to more easily recognize potential data-leaks like this. By adding visual indication somewhere (on the server action icon, or add them to a list somewhere). Showing which server actions are now exposed to the outside world, by being used in client actions, and should be checked to make sure there are no data leaks.



Created on 19 Aug (4 weeks ago)
Comments (2)

Yes +1

Would be nice to have something that tells me that the action needs special attention.

Changed the category to Service Studio


views
45
Followers
2