To continue with this content, please log in with your Data Access ID or create a new account.
Cancel Data Access ID
You may not be authorized to see this content. Please contact Data Access Europe for more information.
Cancel Data Access Europe
You are not authorized to see this content.
Cancel Data Access Europe
Next lesson:
Interference of the browser cache

5 Common WebApp Mistakes

Lesson 4: Not validating user actions on the Server

This is something we see more than we’d like and it involves placing a little too much trust in your end users. You see, in the WebApp Framework, you build your user interface by placing a number of Web Objects like forms, buttons, etcetera. The thing is that, hiding or disabling the object does not mean it’s not actually there or inaccessible. With some simple DOM manipulation or console magic, a malicious user can display information he’s not meant to see or perform actions he’s not allowed to perform.

This is why you should never rely solely on hiding or disabling certain elements of your interface. Instead, always make sure to perform the necessary checks on the server to see if the user is allowed to perform a certain action.

In DataFlex 2021, we’ve taken a number of steps to make this process more accessible out of the box, but for older versions you can have a look at the Redaction Library which seeks to accomplish similar functionality.