Security issue! Make applications unreachable from outside

mirela · May 7, 2020, 7:48pm

When i try to access the menu.php file directly from the url bar, it shows me a message “unauthorised user” since i haven’t logged in. But when i try to access in the same way another file of the same project, i can open it right away! No login required! What i want is to protect all of my files, so outsides won’t be able to access them without preregistration. How can i do it? I tried to deploy each application apart and have them assigned the login app as the initial app, in the deploy process…but no luck!

What should i do??

Looking forward to a response…
All the best

aducom · May 7, 2020, 8:23pm

Afaik you must set the use authorisation flag on each application. If you have generated the security model you will find the access rights in the generated application. If you set the authorisation yourself then you must pass some kind of flag in the global variables to signal the the login is ok. I mostly use the generated application, but in those other circumstance I have code in the init phase of each application (except the logon) like:

if ([glob_session_ok]!=[glob_token]) { sc_redir(‘mylogon.php’); }

in the onvalidatesuccess event of the logon I set the tokenvalue.