Hi all, I am curious to hear your best practices regarding security when anonymous users are enabled. The application I am working on has anonymous users enabled and I want to set some security rules, but I'm not sure what's the best way to do this. To clarify the question and answer(s) here an example situation: I have an entity called Registration and anonymous users are able to create these. At a later point in time I want these users to be able to do some followup actions with their Registration, so I use deeplink to give them access again. (edit: addition) I create a random hash which is saved in the Registration object. The deeplink has that random hash as parameter, by which I retrieve the correct Registration again. This is where a problem arises: I can't set a path to user XPath, so anyone is - theoretically - able to gain access to all Registrations. I understand anyone with access to the deeplink URL can access the Registration, but I am mostly curious as to how this should be handled database/XPath-wise. What are your best practices when dealing with situations like this?
Willem van Zantvoort
I assume that when an anonymous user does something with registration it leaves it's email adres so that a deeplink can be sent to him if he wants to change something about the registration. If not you should create a deeplink that the anonymous user needs to copy if he ever wants to make a change to the registration. Because then you could create an ID and make sure that that ID is part of the deeplink as a parameter. Then you could use that ID in the deeplink process to find the registration object of that user. This way it only can change his registration object and no other registration objects.
I do not think you need to worry about someone hacking the database to try to retrieve other registration objects so long as the deeplink does the retrieve of the object. Yes they could forge deeplinks and feed those to the application. But if your hash value is big enough I wish them luck, and these attempts could be picked up easily. You could even create a fail safe mechanisme that when a deeplink is not found you log the IP so you can block that IP adres by adepting the deeplink starting microflow so that it check an IP table first.