as long as your permission model is secure then letting them into that view won't give them access to something they shouldn't have access to....then it shouldn't be an issue for them to be there....but, the method outlined before will prevent it nonetheless if that's your wish :)
On Fri, Nov 17, 2017 at 9:17 AM, Thomas Miskiewicz <tmisk...@gmail.com> wrote: > ** > Well they don’t bave access to the things they shouldn’t have to but I > don’t want them to event get to those thing they don’t have access to... > > On Fri 17. Nov 2017 at 17:15, LJ LongWing <lj.longw...@gmail.com> wrote: > >> ** >> No, it's more of a factor of 'what is in the admin view what they >> shouldn't have access to'...and should you change permissions to those >> elements so that even if they make it into the Admin view, that they don't >> have access to the things they shouldn't have access to :) >> >> On Fri, Nov 17, 2017 at 8:57 AM, Thomas Miskiewicz <tmisk...@gmail.com> >> wrote: >> >>> ** >>> You mean separating the admin and user views into two different forms? >>> >>> On Fri 17. Nov 2017 at 16:55, LJ LongWing <lj.longw...@gmail.com> wrote: >>> >>>> ** >>>> Thomas, >>>> This is my favorite topic of 'security through obscurity'.....if the >>>> method that things are secured is by simply not 'showing them' to the >>>> user...or, putting them behind a curtain....then it's not truly security. >>>> I believe what Misi is saying is that by creating an AL that prevents the >>>> user from getting to this particular view, you are trying to secure it by >>>> putting it behind a curtain.....if there are elements on the view that you >>>> don't want the users to have access to, then they shouldn't have >>>> permissions to them....this would prevent them from wreaking any havoc >>>> because even if they had access to the view, they wouldn't be able to do >>>> anything they didn't have permission to do anyway... >>>> >>>> On Fri, Nov 17, 2017 at 8:47 AM, Thomas Miskiewicz <tmisk...@gmail.com> >>>> wrote: >>>> >>>>> ** >>>> >>>> Oh yea? Please elaborate. >>>>> >>>>> On Fri 17. Nov 2017 at 16:46, Misi Mladoniczky <m...@rrr.se> wrote: >>>>> >>>>>> If you have to rely on GUI functionality to do this, one could argue >>>>>> that your permission strategy is faulty to start with... >>>>>> /Misi >>>>>> >>>>>> Thomas Miskiewicz <tmisk...@gmail.com> skrev: (17 november 2017 >>>>>> 14:42:20 CET) >>>>>>> >>>>>>> ** Hello there, >>>>>> >>>>>> >>>>>>> I have *Form A* with *User View* and *Admin View*. How can I >>>>>>> prevent unauthorised access to the Admin View? >>>>>>> >>>>>>> If there is no configurable state of the art way maybe you have an >>>>>>> elegant idea how to achieve it? >>>>>>> >>>>>>> >>>>>>> Thank you >>>>>>> >>>>>>> Thomas >>>>>>> >>>>>> _ARSlist: "Where the Answers Are" and have been for 20 years_ >>>>>> >>>>>> >>>>>> -- >>>>>> sent from my Android-unit with K-9 Mail. >>>>>> >>>>> _ARSlist: "Where the Answers Are" and have been for 20 years_ >>>>> >>>> _ARSlist: "Where the Answers Are" and have been for 20 years_ >>>> >>> _ARSlist: "Where the Answers Are" and have been for 20 years_ >>> >> >> _ARSlist: "Where the Answers Are" and have been for 20 years_ > > _ARSlist: "Where the Answers Are" and have been for 20 years_ > _______________________________________________________________________________ UNSUBSCRIBE or access ARSlist Archives at www.arslist.org "Where the Answers Are, and have been for 20 years"
