UniGui Security Problem in General Posted June 22, 2023 UniGui Application somtime send session id in GET http request. For example in Demo/Desktop/Grid-ActionColumn/gaction.dproj when app start, in Chrome Network Tab will see: http://localhost:8077/HandleEvent?IsEvent=1&Obj=O13&Evt=data&_S_ID=uBPn5su9LR10CD0C5AA&_dc=1687432446596&options=1&page=1&start=0&limit=25 I got comment from my user that this could have security problem, they recommend that session id should be in POST body instead. I also notice that almost all "HandleEvent" are using POST except some using GET like this one. I guess that it may come from UniDBGrid. Please advice what can be a solution for this problem. Thanks, Jim Sirikolakarn
UniGui Security Problem
in General
Posted
UniGui Application somtime send session id in GET http request.
For example in Demo/Desktop/Grid-ActionColumn/gaction.dproj when app start, in Chrome Network Tab will see:
http://localhost:8077/HandleEvent?IsEvent=1&Obj=O13&Evt=data&_S_ID=uBPn5su9LR10CD0C5AA&_dc=1687432446596&options=1&page=1&start=0&limit=25
I got comment from my user that this could have security problem, they recommend that session id should be in POST body instead.
I also notice that almost all "HandleEvent" are using POST except some using GET like this one. I guess that it may come from UniDBGrid.
Please advice what can be a solution for this problem.
Thanks,
Jim Sirikolakarn