security bug in submitting dynaform

Questions, suggestions and discussion around ProcessMaker 3 documentation
 Reply
User avatar

security bug in submitting dynaform

By hekmati
 Thu Jan 10, 2019 3:05 am #822331
hi everybody
I have a dynaform with some fields that are disabled or are in view mode and some other fields.
before somebody wants to submits form, he can edit value of disabled or view mode fields with browser inspect element tool and then submit the form. edited data submitted the database.
is it a security bug or something is wrong?
User avatar

Re: security bug in submitting dynaform

By amosbatto
 Thu Jan 10, 2019 11:48 pm #822358
Yes, somebody could potentially do that.
To prevent the field's value from being changed in the database, you need to mark the field's "protected value" property:
protectedValue.png
protectedValue.png (18.42 KiB) Viewed 7220 times
 Reply
 Return to “Documentation”
How to Export Gmail Emails to Office 365 Account

To export Gmail emails to an Office 365 account, y[…]

READ MORE
ProstaBiome Customer Reviews

ProstaBiome Review 2024 - Yes, ProstaBiome is gene[…]

READ MORE
ProstaBiome Advantages

The Benefits of ProstaBiome for Prostate Health I[…]

READ MORE
What services does your NFT marketplace development company offer?

Non-fungible tokens (NFTs) have surged in populari[…]

READ MORE
VIEW MORE TOPICS