VBCS Authentication for Anonymous users
Have a query with regards to securing the VBCS Web application which allows an anonymous user access SaaS.
We have created an application which allows anonymous users and using ‘Basic’ authentication we are calling SaaS REST end points. Since anonymous user needs access to these end points, we have selected ‘Allow anonymous access to the service connection infrastructure’ and have selected the option ‘Same as Authenticated User’. This does meet our requirement, however seems to pose security threat as anyone can open the browser’s network tab and get the proxy url.
Once the user gets the proxy url, it seem to allow the direct access to not only to the resource from request url, but also to any other resources that the basic authenticated user(service account) has access to.