I just discovered the awesome Library for created Serration includes. If I want to be make they are secure and not accessible by hackers/non-users,
If your API action files retrieve data that shouldnât be public then yes, you should add Security Restrict to them. And yes, the server actions can be called directly in the browser if the URL is known. There is an icon in Wappler to do exactly that:
I add a Security Restrict to almost all API action scripts. Itâs only the ones which literally provide data which is completely public that I wouldnât add it.
@sitestreet thanks for the reply. That I am aware of, however my question is specifically referring to the âLibraryâ where âincludeâ API Server Actions can be âincludedâ within other API Actions.
Aah, sorry. I didnât pick up on that in your post.
I add the Security Restrict to the API action scripts which will mean any libraries included in them will be secure. However, I donât know if they can be directly accessed so Iâll let someone from the Wappler team comment on that. Maybe itâs worth adding Security Restrict to those, too? Iâve not tried that but I canât see why it wouldnât work.
@Teodor do we need to add Security Restrict to âLibraryâ include API Server Actions? I have Security restrict already added to the API which the include will be added to.
Library actions are not publicly accessible other than to API actions from what I can see. So securing your public âAPI actionsâ is all thatâs required.
Thanks @scalaris once again for your help.
Library actions can be found under /dmxConnect/modules/lib/ but tests show that if the actions are called directly they do not output anything or perform database changes
