File Document when change guid it opens other user files.
0
Hi, Mendix I have used Download file document activity with show file in browser option. After open the file in browser in url when I change guid it opens other user files. If I use delete after download as true it works but when user refreshes the browser, file document not found. “http://localhost:8080/file?guid=16325548649220949&changedDate=1694604285395&name=filedocument.pdf&target=window” I want the sollution like restrict the user not to change the guid. If user changes the guid it opens previous downloaded files.
asked
Suresh Konda
2 answers
0
Hi Suresh,
I’m pretty sure you’ll have to restrict access using XPath constrains in the domain model security. Make sure that only that users only have access to their own documents by adding an XPath constraint with a path to the user from the FileDocument entity.
answered
Marius van der Knaap
0
You should use tools like Bizzomate Mendix Dev tools https://marketplace.mendix.com/link/component/120888 for your security testing. This gives you easy insight in what a regular user can do in your app if you have made security setup mistakes and the person knows a little javascript.