I’ve tried to see if this has been discussed before but couldn’t find anything. I’ve just realised that browsing to any of the PHP files in the dmxConnect folder shows JSON output of data. Is this a security risk? Should I be doing something in Server Connect to prevent this or is there a global setting (.htaccess in that folder, perhaps?) to stop this happening. I became aware as I’m working on a CRON job to automate something and so browsed to the script to test it and realised the issue.
1 Like
Well it’s not a security risk as long as you use this data on the front end … as it is the same data.
For your data, which is behind a login and requires a user to be logged in, simply add security restrict step in your server action, so the data can only be accessed by logged users.
That’s already been covered in the docs:
1 Like
Thanks @Teodor. I knew there would be a good explanation and I’m actually already using the security enforcer on my actions but went blank when creating a new action file which I don’t want to be secure and thought they would all be like that!
A ‘doh’ moment!
1 Like