Questions and discussion about developing processes and programming in PHP, JavaScript, web services & REST API.

Moderators: ArturoRobles, ArturoRobles

Forum rules: Please search to see if a question has already asked before creating a new topic. Please don't post the same question in multiple forums.
By QuangDo
#825424
Hello,

We are using ProcessMaker Community version 3.3. We plan to give users from different departments PM_FACTORY permission to create workflows and triggers on their own. I noticed end user can inject any PHP code into triggers. That means if someone has a good programming skill, they can exploit the system. For example, they can read/write data in the database with SQL statements. They can get file content on the server using PHP code.

1. Is there a way to limit trigger permission or user's access to trigger?
2. Does anyone have experience handling this issue in your organization?
3. Can Enterprise edition handle this issue?

I appreciate your help. Thank you.

Can anyone know what is the issue?

Unable to create workspace

I have the same issue. Any solution? Thanks alex[…]

Install in ubuntu

Dear All, In our dev environment we did an upgrad[…]

Get data from oracle database.

How to display all data in a table from oracle DB […]