Thomas, This is my favorite topic of 'security through obscurity'.....if the method that things are secured is by simply not 'showing them' to the user...or, putting them behind a curtain....then it's not truly security. I believe what Misi is saying is that by creating an AL that prevents the user from getting to this particular view, you are trying to secure it by putting it behind a curtain.....if there are elements on the view that you don't want the users to have access to, then they shouldn't have permissions to them....this would prevent them from wreaking any havoc because even if they had access to the view, they wouldn't be able to do anything they didn't have permission to do anyway...
On Fri, Nov 17, 2017 at 8:47 AM, Thomas Miskiewicz <[email protected]> wrote: > ** > Oh yea? Please elaborate. > > On Fri 17. Nov 2017 at 16:46, Misi Mladoniczky <[email protected]> wrote: > >> If you have to rely on GUI functionality to do this, one could argue that >> your permission strategy is faulty to start with... >> /Misi >> >> Thomas Miskiewicz <[email protected]> skrev: (17 november 2017 14:42:20 >> CET) >>> >>> ** Hello there, >> >> >>> I have *Form A* with *User View* and *Admin View*. How can I prevent >>> unauthorised access to the Admin View? >>> >>> If there is no configurable state of the art way maybe you have an >>> elegant idea how to achieve it? >>> >>> >>> Thank you >>> >>> Thomas >>> >> _ARSlist: "Where the Answers Are" and have been for 20 years_ >> >> >> -- >> sent from my Android-unit with K-9 Mail. >> > _ARSlist: "Where the Answers Are" and have been for 20 years_ > _______________________________________________________________________________ UNSUBSCRIBE or access ARSlist Archives at www.arslist.org "Where the Answers Are, and have been for 20 years"
