Servoy Forum

I am not sure if this is a security risk or just an error, but I have a solution that contains two modules ES_Authenticator and ES_Security, plus the main solution. The content for the two modules is broadly based on a test solution I produced where the modules are called GM_Authenticate and GM_Login. These two are not installed as modules in the current solution which has been restarted several times.

When this script is called:

Code: Select all

var branchlist = security.authenticate('GM_authenticate', 'getBranches', [username])

The branchlist variable returns an object and functions as if the modules (GM_Authenticate and GM_Login) were actually included with the solution.

SO my thoughts were is this a security problem where an un installed module can be called by a solution OR is this expected behaviour and should the Authenticator and Login process not actually be included in the main solution as modules ??

Cheers
Gordon

Gordon,

The security.authenticate() call uses an authenticator solution that is installed in the server.
The authenticator solution does not have to be a module, in fact in the smart client it can't even be used as a module because authenticator solutions are never sent to the smart client for security reasons.

Basically there is no module-relation between the calling solution and the installed authenticator solution.
The only reasons to include the authenticator as a module is for debugging in developer and for ease of deployment (import).

Rob

Hi Rob

The Servoy provided demo was done using Modules. I based my version on the Servoy example which is a pity because making the change will further delay the solution. Thanks for the reply anyway, as before security is important and I appreciate Servoy are trying hard to make this a top priority.

Gordon