Fabrik security and Pre-filters

N

naeem.agh

New Member
Dear All,
I am a new fabrik user, and I have created a list with menu based pre-filters i.e. only the registered user can see their submitted records.

I was wondering if this is the right (secure) approach for displaying the records? Or can someone exploit the url with parameters to view the records of other users?

Thanks.
 
Menu based prefilters are not secure, no. They can be bypassed by just viewing the list with a standard component URL, with no Itemid.

For secure filters, you need to use prefilters on the list itself.

-- hugh
 
Or use Access Levels to allow access to records only if an administrator or this users userid matches the userid in the record.
 
You must log in or register to reply here.

Useful links

  • Create a Fabrik Account (Downloads)
  • Create a Forum Account
  • Fabrik Wiki
  • Fabrik 4 Changelog /Install /Upgrade
    • We are in need of some funding.
    More details.

    Thank you.

    Members online

    Total: 73 (members: 4, guests: 69)
    Back
    Top