2

I have a smartdevices application that was created to be read-only (users cannot add, update or delete anything).

I already removed all the actions from the WWSD's, Panels, etc. but via browser someone can access the .aspx generated by Genexus and perform and add, update or delete operation.

The question is, how can I make the smartdevices application secure if the .aspx is needed for the app to access the REST services?

What are the absolutely minimum necessary files (extensions .aspx, .rsp, etc.) that I must copy to the webserver?

Marcos Crispino
  • 8,018
  • 5
  • 41
  • 59
Marc M
  • 37
  • 2

1 Answers1

1

Take a look at this article: Security recommendations for Smart Devices Applications

In particular, disable the External Usage properties for these Transactions (Insert, Update and Delete options), as shown in this image:

External Usage Properties

Marcos Crispino
  • 8,018
  • 5
  • 41
  • 59
Pablo Mazzilli
  • 88
  • 4
  • Hi, thx, i'll check the material, in advanced is possible do not allow access to the application via web browser ? Its mean only allow access to the host via SD app ? – Marc M Apr 24 '15 at 17:22
  • Hi everybody, now I understood, the better situation is enable GAM and put the Integrated Security as none for the objects (wwsd, panels, etc ) of the APP that will be need public, thx. – Marc M Apr 28 '15 at 19:10