ProcessMaker Forum | BPM Workflow Simplified

workflow simplified
https://forum.processmaker.com/

security bug in submitting dynaform

https://forum.processmaker.com/viewtopic.php?f=42&t=736262

Page 1 of 1

security bug in submitting dynaform

Posted: Thu Jan 10, 2019 3:05 am
by hekmati
hi everybody
I have a dynaform with some fields that are disabled or are in view mode and some other fields.
before somebody wants to submits form, he can edit value of disabled or view mode fields with browser inspect element tool and then submit the form. edited data submitted the database.
is it a security bug or something is wrong?

Re: security bug in submitting dynaform

Posted: Thu Jan 10, 2019 11:48 pm
by amosbatto
Yes, somebody could potentially do that.
To prevent the field's value from being changed in the database, you need to mark the field's "protected value" property:
protectedValue.png
protectedValue.png (18.42 KiB) Viewed 7206 times

Re: security bug in submitting dynaform

Posted: Fri Jan 11, 2019 1:02 am
by hekmati
Ok :D
thanks very much.
All times are UTC-04:00
Page 1 of 1
Powered by phpBB® Forum Software © phpBB Group
https://www.phpbb.com/