Security Issue

Larryh1115 · May 7, 2020, 8:10pm

[TABLE=“class: nmTable form_tab_id_blk_lnk_opn_desktop_security, cellpadding: 0, cellspacing: 0, width: 1074”]
[TR]
[TD=“class: nmLineV3”]Enable direct call by URL[/TD]
[TD=“class: nmLineV3”] [/TD]
[TD=“class: nmLineV3”] Yes No[/TD]
[TD=“class: nmLineV3”] [/TD]
[TD=“class: nmLineDesc”]Allow an application to be called by typing the URL directly in the browsers.[/TD]
[/TR]
[/TABLE]

Assuming x2 applications each on a separate server (ie: x2 separate urls)
If you try to call app2 from server2 ie: sc_redir(www.server2,app2)
And app2 in security you changed the answer to No,
It is treated as if you are running the URL directly in the browser.
Why?
I am not running it directly in the browser, I’m running it internally from app1

klwillis · May 7, 2020, 9:28pm

Running your application across servers requires the target server to grant privileges to the first. This does not appear to be an issue with SC.

aducom · May 7, 2020, 9:04pm

It’s a very important feature and avoids a lot of security issues.The idea is that the called application ‘knows’ that it has been called from another application. That only works within the same server as it’s depending on sessions. You can’t pass a php session over to another php application on another webserver.