Security issue: change password

Deriving from the Graphical User Interface (GUI), by default, a user (none admin) profile does not seem to have the permission to alter anything related to his own profile settings (e.g., Password ), However the above-mentioned activities can be performed despite the imposed restrictions (when using for example Burp software). It seems that we are not able to set any further restrictions on entities wich belong to the system module. If you would for example change the security of the attribute password for a user this is not possible. Do I miss something of is this really a restiction in Mendix. Does anybody have some suggestions how to avoid this vulnerability?     
1 answers

I would suggest you submit a bug report through the support portal. I've done that years ago, perhaps if more people submit reports it will get priority to be changed.

For projects for which this is an issue, I've implemented a workaround: since you cannot change the write access a user has, all you can do is ensure this data does not get committed. To do that, add a before commit event handler to the Administration.Account entity (this assumes that all your normal users user Accounts and only MxAdmin uses System.User). In the event handler, use a Java action (see below) to check if the password has changed. If so, return false (this ensures the data is not comitted), otherwise return true.

This works, because through the client API, a user cannot commit without events. You do need to be careful that the user doesn't have access to microflows which commit an Account object without events.


Java code to check if a password has changed (input System.User object, output boolean):

List<? extends IMendixObjectMember<?>> changedAttrs = user.getMendixObject().getChangedMembers(getContext());
for (IMendixObjectMember<?> attr : changedAttrs) {
  String attrName = attr.getName().toLowerCase();
  if (attrName.equals("password")) {
    return true;
return false;