REFERENCE LIBRARY
This is something we see more than we’d like and it involves placing a little too much trust in your end users. You see, in the WebApp Framework, you build your user interface by placing a number of Web Objects like forms, buttons, etcetera. The thing is that, hiding or disabling the object does not mean it’s not actually there or inaccessible. With some simple DOM manipulation or console magic, a malicious user can display information he’s not meant to see or perform actions he’s not allowed to perform.
This is why you should never rely solely on hiding or disabling certain elements of your interface. Instead, always make sure to perform the necessary checks on the server to see if the user is allowed to perform a certain action.
In DataFlex 2021, we’ve taken a number of steps to make this process more accessible out of the box, but for older versions you can have a look at the Redaction Library which seeks to accomplish similar functionality.
