Questions and discussion about developing processes and programming in PHP, JavaScript, web services & REST API.

Moderators: ArturoRobles, ArturoRobles

Forum rules: Please search to see if a question has already asked before creating a new topic. Please don't post the same question in multiple forums.
By QuangDo
#825424
Hello,

We are using ProcessMaker Community version 3.3. We plan to give users from different departments PM_FACTORY permission to create workflows and triggers on their own. I noticed end user can inject any PHP code into triggers. That means if someone has a good programming skill, they can exploit the system. For example, they can read/write data in the database with SQL statements. They can get file content on the server using PHP code.

1. Is there a way to limit trigger permission or user's access to trigger?
2. Does anyone have experience handling this issue in your organization?
3. Can Enterprise edition handle this issue?

I appreciate your help. Thank you.

Hi, I have around 100 variables in master process […]

Install in ubuntu

Nov 8, 2014 — You can install applications d[…]

Hi, The form.setOnchange() method does NOT work w[…]

design

Hi, You can easily change your forms like this eve[…]