DMXzone Security Provider ASP Support Product Page

Answered

Question on security of a page that uses div.data.show and div.data.hide

Asked 20 May 2014 23:53:56
1
has this question
20 May 2014 23:53:56 Steve Skinner posted:
I noticed that if I have one page that uses the bootstrap modal for login, and a DIV for content to show when logged on, and a DIV to show content when NOT logged on, you can still see the content that you would only be able to see when logged in by viewing the source of the page in the browser.

Is this intended? I was assuming that anything I bind to the @identity of the Security Provider Executor for div.data.show would NOT be visible without clearing the login security.

Am I missing a step that protects the content that is supposed to be shown only after login?

Here's my page:
aspadmin.scriptsource.com/securitytest3.asp

Before logging in, just view source in the browser and you can easily see everything in the region that is not shown because the login has not taken place yet. The opposite is true too. You can see the DIV content that is only shown when not logged in by using View Source in the browser.

Just trying to understand the nuances of how your new security tools work before I use them on sites where security is of the utmost importance.

FYI... After saving this question, I realized I assigned it to problems. I tried editing the message to change it to the Questions Type, but that doesn't work....

Replies

Replied 21 May 2014 09:00:31
21 May 2014 09:00:31 Teodor Kuduschiev replied:
Hello Steve,
If you have any dynamic data that is inside the data.hide/show regions it will be visible as: {{data.element.name}} and no data will be displayed.
The solution is to use an empty page with a login form on it and all of the data to be placed on another page, restricted with the security enforcer.
Replied 21 May 2014 15:52:29
21 May 2014 15:52:29 Steve Skinner replied:
Got it. Thanks!

Those are the kind of guidelines I was interested in regarding the security tools. A sort of "best practices" for using those features.

Reply to this topic