This discussion is archived
2 Replies Latest reply: May 8, 2013 1:40 AM by VC RSS

Security question (about processes)

Giedrius S. Newbie
Currently Being Moderated
Hello,

Lets say I have a page with button "SAVE", which submits the page. Also I have a after submit process which runs when user presses button "SAVE". Everything works fine.

Then I add condition to button "SAVE", so that not every user will see it. Lets say User1 sees this button and can press it and User2 does not see it so can not press it.

Question is: Is it possible for User2 to hack page so, that he submits page as "SAVE" and process, attached to this button is executed? I think that hacker could use javascript like "apex.submit('SAVE')" or any other ways.
If so, then I guess process, attached to button "SAVE" should also have the same condition as button? Or is it redundant?

This question bothers me for some time so I would like to hear your opinion.

Thank you,
Giedrius

Legend

  • Correct Answers - 10 points
  • Helpful Answers - 5 points