Hide/Secure data connection?

How do you prevent someone from viewing the source code of a page and going directly to the data source? Like this …

https://dashboard.wlstudiotheatre.ca/dmxConnect/api/Temp/tablesort.php

In this case I really don’t care if someone goes directly to the data source but even in protected pages the source code is available of course. Nothing prevents anyone from seeing the raw data?

Hello Brad,
You can follow the documentation explaining how to protect your data source files:
https://wappler.io/docs/#Secure-Data-APIs

Hi Brad,
I’m using your website to test “Data Bindings SEO” on Google’s search engine and I’ve found this result very unusual and I’d like to know if is a behaviour that you expected or not (I’ve hidden in the below screenshot the user details for the privacy, but if you search your website on Google you’ll see the real results):

Why are these sensitive user data displayed? If I open the page “maillist.php” is redirected to the login page, so I think there is something anomalous… it just to understand if App Connect has some limitations in terms of security (here in Europe we need to be GDPR compliant… the fines in case of loss of sensitive data are very high).

Hello Michelle,
App Connect has no limitations regarding security… if your server action has no protection applied and is publicly accessible, then it is accessible for the Google bot as well…
This is not related to extension, it is related to how you work with your data.
It is the same as uploading an Excel spreadsheet to your website without protecting it - its data will be crawled by the google bot.

More - you can disable google bot to crawl your site/parts of the site, using robots.txt so even if you left some data publicly accessible it won’t be crawled and displayed.

I think that the website was crawled by Google when Brad didn’t had the Security Enforcer applied to the page, but perhaps @Brad could answer this himself.

Ok Teodor but I would like to know from Brad the origin of this anomaly … just a bad configuration?
Wappler is a product designed for people with low capacities in development, so I think it is useful to know the behavior to be kept to avoid “millionaire fines”.

Michele,
We provide a tool which allows you to work with dynamic data. We provide tools to protect your data.
Wappler has nothing to do with how and for what kind of data you are using it, nor it has something to do with GDPR. The product you produce and run is your responsibility…
Blaming App Connect/Wappler for leaving your data not protected is the same as blaming PHP when you don’t apply page restrictions using it.

Sometimes I don’t understand you Teodor, I just reported an anomalous “public” situation, I don’t think I offended anyone… and I think you have no idea what GDPR is (and I suggest to Brad to remove the pages with sensitive data as soon as possible from the various search engines).

If the above analysis made by Patrick is correct, I think is necessary to indicate in the documentation to pay close attention to the protected data to avoid these situations

So what should this statement mean?

And yes I know pretty well what GDPR is :slight_smile:

It is already explained in the documentation.

Ok Ok Teodor, I’ve known you for several years and I know it’s better to close this post here :grin:.

I can assure you that was before all the security enforcer stuff was added. Most of that data doesn’t even exist. I’m not worried about it at all. It has always been great on projects done with the Dreamweaver extensions.

1 Like