🚨Security
Last updated
Last updated
We can't stress enough the importance of considering security when using Helix tools.
Here are some key points to keep in mind when building Helix applications.
Application security covers a wide range of topics. While it's impossible to document every safeguard, this list provides an overview of the major considerations you should keep in mind.
Remember that your endpoints might be accessed externally, not just through your frontend. Savvy users could intercept these calls and replicate them using tools like curl or Postman, modifying parameters. Ensure your endpoints are well-secured and that you rigorously validate all input data.
When passing entity identifiers in the query string, consider using IdKeys or GUIDs. This approach makes it much harder for someone to guess an identifier.
Do not rely solely on obfuscating entity identifiers for security. Always verify that individuals have the appropriate rights to view or edit the data you are presenting.
Don't use the GET method when you are modifing data. GET's are less secure than other methods as they can be easily initiated from cross-site links.
