Authentication is the way your users let your application know who they are. When vulnerable, your application will take actions or show information to someone who shouldn't be allowed to have access.
Generally, these vulnerabilities allow someone to easily fool the system. The system will accept that they are an accredited user without needing to provide actual proof.
How to do it with OutSystems Platform
The recommended strategy is that you always use an HTTPS channel.
Specifically, for the following use cases, the corresponding actions are recommended:
Send passwords in clear text
|Send session ID in clear text|| |
Force session ID regeneration on login
To learn how to protect your OutSystems apps against other common types of attacks, check how OutSystems Platfom helps you develop secure applications.