In my organization found a security gap in the application which is; when user click download I have a microflow which fetch the file and download it, they snap the network and they found the link which goes to the download logic in Mendix link https://myserver/file?guid=36563599474711234&changedDate=1535697200676&target=internal, then they tried to use proxy applications to predict the guid id to access unauthorized files, and unfortunately they succeeded, so is there a way to prevent access the link from outside Mendix application or any other way ?
asked
Mohamed Shahin
1 answers
2
Mohamed,
You must have a session before you can access the filedocuments. To secure the filedocuments you have to configure entity access on the filedocuments entity specializations. More info about the access rules can be found here.