This website uses Cookies. Click Accept to agree to our website's cookie use as described in our Privacy Policy. Click Preferences to customize your cookie settings.
Accept
Reject
Preferences
Log in to ask a question
Log in to ask a question

Appsheet URL has version identifier that general users can manipulate

Posted on 04-27-2023 07:38 AM
WillVerkaik
Silver 1
Silver 1
Reply posted on --/--/---- --:-- AM

In working with my Tech Service Desk team, we have uncovered a concern and want to know if there will be a fix for this.  It was discovered that some saved links were not working and the version of the application was older.   Further investigation, it was seen that they were saving a URL that had version descriptions/identifiers. 

By removing this, the application synched with the most recent version.    Problem solved. 

However, when taking this parameter of versions#, and adding it, the user was now able to move through each versions without any problems .  In some cases ( and I can now understand why it is happening), a particular saved  version by the user, has some fields pointing to a different column, causing bad data to be saved.   

I don't know how to emphasis this any further, but the Application use can NOT be used in the state.

This is a serious compromise that my CISO will not let us continue and I am looking for help to better understand what is being done to correct this ASAP.

2 41 1,203
Topic Labels
41 REPLIES 41

Posted on --/--/---- --:-- AM
SkrOYC
Gold 5
Gold 5
In response to WillVerkaik
Reply posted on --/--/---- --:-- AM

I understand what you say, although I still wait for your insight about this breaking Security Filters or not

0 Likes

Posted on --/--/---- --:-- AM
WillVerkaik
Silver 1
Silver 1
In response to SkrOYC
Reply posted on --/--/---- --:-- AM

Oh.. total agree with you on the security filters.  I have been able to leverage about 3mil records in Bigquery and filtered out using Security filters to only specific users.  These records are to only be 'visible' by specific users.  It took many developer versions to make this right.  Now all those are open to anyone to expose to the details much of which trully are confidential to individual users.   I have been able to demonstrate this on several other solutions as well that uses Security Filtering.  Other challenges are custom actions that move data.  The formulaes are different and cause some data integrity issues. 

I thought that I would just add another column to do as you pointed out to 'break' the data connections, but the user can just go further back.  

The last alternative I am thinking is to use the 'Deploy' feature.  I am not fully comfortable with it yet, but it appears to create a brand new instance and avoid having a history of versions ( not unlike making a copy  and use that ).  Seems very tedius, but options are limited at this time.  

There is a setting for number of version maintained.  I shorten it to only 5 (version? days?).  Does not seem to work as I thought it would.

Top Labels in this Space