I didn’t realize this before. If you do not add the Security Restrct action to your Server Connects, then they are wide open for anyone to query. Add a Security Restrict at the top to keep them locked down.
I wrote about this if you want to join the discussion 
Maybe George or Teodor could merge these two, but I think the topics are slightly different as mine is just a tip to add the Security Restrict, and yours appears to be more about designing it differently. I prefer their granular design now, but I can also see the desire for the option to group them.
As for this topic, I didn’t realize I needed to add a Security Restrict action at all. Part of the confusion, I think, was because a lot of my actions needed the Security Identity to function and I got in the habit of setting “credentials” on all of my Server Connects. But recently I created some Server Connects that do not need the identity, and it was only when I started building them into my App Flows that I noticed they were not restricted.
This led me to add a Security Restrict to most of my Server Connects and that has shown another issue that needs fixing.
The server actions are not restricted by default. There are many cases where the data need to be displayed on the front end and doesn’t need any protection.
It’s up to you to restrict the server actions, which are supposed to be used in your admin panel / cms etc. and the ones that are not supposed to serve publicly available data.
I fully understand the logic between allowing something to be publicly available or not, but just wanted to let others know if they mistakenly thought they were locked down like I did. This one mistake could mean other app developers are accidentally exposing their data publicly.
It would be better to have everything restricted by default and require explicit roles/permissions to allow access (i.e. admin only, subscriber, public, etc.)
Just look at S3 as an example for why restricting by default should be the norm. There’s too many data leakages and mistakes that developers can make to not require explicit access.
1 Like