Anonymous users can only change own data

Check ID

DOM_0003

Category

Security

Summary

Anonymous users should not be able to change any data in an app except for data that belongs to them. Without this restriction hackers can change the data of other users.

Options

This check does not have any options.

Pass

Anonymous users only have read/write access to entities that have the following XPath constraint: [System.owner='[%CurrentUser%]']

Fail

Anonymous users have read/write access to entities that are not constrained to themselves.

PreviousUse read only attributes in XPath constraints NextAnonymous users cannot change unlimited length strings

Last updated 1 year ago