Well they don’t bave access to the things they shouldn’t have to but I don’t want them to event get to those thing they don’t have access to...
On Fri 17. Nov 2017 at 17:15, LJ LongWing <lj.longw...@gmail.com> wrote: > ** > No, it's more of a factor of 'what is in the admin view what they > shouldn't have access to'...and should you change permissions to those > elements so that even if they make it into the Admin view, that they don't > have access to the things they shouldn't have access to :) > > On Fri, Nov 17, 2017 at 8:57 AM, Thomas Miskiewicz <tmisk...@gmail.com> > wrote: > >> ** >> You mean separating the admin and user views into two different forms? >> >> On Fri 17. Nov 2017 at 16:55, LJ LongWing <lj.longw...@gmail.com> wrote: >> >>> ** >>> Thomas, >>> This is my favorite topic of 'security through obscurity'.....if the >>> method that things are secured is by simply not 'showing them' to the >>> user...or, putting them behind a curtain....then it's not truly security. >>> I believe what Misi is saying is that by creating an AL that prevents the >>> user from getting to this particular view, you are trying to secure it by >>> putting it behind a curtain.....if there are elements on the view that you >>> don't want the users to have access to, then they shouldn't have >>> permissions to them....this would prevent them from wreaking any havoc >>> because even if they had access to the view, they wouldn't be able to do >>> anything they didn't have permission to do anyway... >>> >>> On Fri, Nov 17, 2017 at 8:47 AM, Thomas Miskiewicz <tmisk...@gmail.com> >>> wrote: >>> >>>> ** >>> >>> Oh yea? Please elaborate. >>>> >>>> On Fri 17. Nov 2017 at 16:46, Misi Mladoniczky <m...@rrr.se> wrote: >>>> >>>>> If you have to rely on GUI functionality to do this, one could argue >>>>> that your permission strategy is faulty to start with... >>>>> /Misi >>>>> >>>>> Thomas Miskiewicz <tmisk...@gmail.com> skrev: (17 november 2017 >>>>> 14:42:20 CET) >>>>>> >>>>>> ** Hello there, >>>>> >>>>> >>>>>> I have *Form A* with *User View* and *Admin View*. How can I prevent >>>>>> unauthorised access to the Admin View? >>>>>> >>>>>> If there is no configurable state of the art way maybe you have an >>>>>> elegant idea how to achieve it? >>>>>> >>>>>> >>>>>> Thank you >>>>>> >>>>>> Thomas >>>>>> >>>>> _ARSlist: "Where the Answers Are" and have been for 20 years_ >>>>> >>>>> >>>>> -- >>>>> sent from my Android-unit with K-9 Mail. >>>>> >>>> _ARSlist: "Where the Answers Are" and have been for 20 years_ >>>> >>> _ARSlist: "Where the Answers Are" and have been for 20 years_ >>> >> _ARSlist: "Where the Answers Are" and have been for 20 years_ >> > > _ARSlist: "Where the Answers Are" and have been for 20 years_ _______________________________________________________________________________ UNSUBSCRIBE or access ARSlist Archives at www.arslist.org "Where the Answers Are, and have been for 20 years"
