Skip to main content

 

 

 

Template:OutSystems/Documentation_KB/Breadcrumb_New_Layout

 

 

Template:OutSystems/OSLanguageSwitcher

 

 

 

OutSystems

Protecting OutSystems Apps From Authentication Vulnerabilities

Authentication is the way your users let your application know who they are. When vulnerable, your application can take actions or show information to someone who shouldn't be allowed to have access.

Generally, these vulnerabilities allow someone to easily fool the system. The system can accept that they are an accredited user without needing to provide actual proof.

How to do it with OutSystems Platform

The recommended strategy is that you always use an HTTPS channel.

Specifically for the following use cases, the corresponding actions are recommended:

Use case Actions
Send sensitive information in clear text Use HTTPS, enable HSTS (see Enforce HTTPS Security)
Send session ID in clear text Use HTTPS, enable HSTS (see Enforce HTTPS Security)