Skip to main content

 

 

 

 

 

 

 

 
 
OutSystems

Protecting OutSystems Apps From Authentication Vulnerabilities

Template:OutSystems/Documentation_KB/ContentCollaboration
  • Edit
    Collaborate with us
    Edit this page on GitHub
  • Authentication is the way your users let your application know who they are. When vulnerable, your application can take actions or show information to someone who shouldn't be allowed to have access.

    Generally, these vulnerabilities allow someone to easily fool the system. The system can accept that they are an accredited user without needing to provide actual proof.

    How to do it with OutSystems Platform

    The recommended strategy is that you always use an HTTPS channel.

    Specifically for the following use cases, the corresponding actions are recommended:

    Use case Actions
    Send sensitive information in clear text Use HTTPS, enable HSTS (see Enforce HTTPS Security)
    Send session ID in clear text Use HTTPS, enable HSTS (see Enforce HTTPS Security)