cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 

Hide authentication code in controller sap ui5

Go to solution
former_member685547
Discoverer

on ‎2020 Jun 16 7:18 AM

0 Kudos
372

Hi,

I have a custom sap ui5 app in which I have a condition check to test whether the user is authorized or not. I am making a odata call to check the authorization. But the thing is other developer can easily overwrite/change the authorization when he is in debug/developer tools mode(F12). This looks some kind of security threat for me. How to hide the security check code in my controller.js?

Know the answer?

Help others by sharing your knowledge.

Answer

Need more details?

Request clarification before answering.

Show replies
Show replies
View Entire Topic
former_member194549
Contributor
‎2020 Jun 16 8:11 AM

Hi,

never perform authorization checks in the frontend, because, as you have already mentioned, this can easily be bypassed.
Implement any authorization checks in the backend, which the user has no influence on!

Of course you can e.g. hide a create button in the UI if the user has no permission to create the object. In the back-end service, however, this authorization must be checked again before the object is created.

Regards
Simon

Show replies
Show replies
thomas_arnesen
Explorer
‎2020 Jul 01 10:25 PM
0 Kudos

As I always say; "Never trust user input".

Ask a Question