Versions Compared

Old Version 11

changes.mady.by.user Unknown User (s.wartenberg)

Saved on

compared with

New Version Current

changes.mady.by.user Vincent Jansen

Saved on

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.

...

By default shortcuts can be accessed externally via the url (e.q. http://localhost:91/Runtime/server/start/<SHORTCUT_NAME>). When using shortcuts in combination with AQ_StartProject you should be aware that this shortcut can also be accessed externally. To prevent this from happening, you should set the property privateAccess to true. The reason for this is that via the AQ_StartProject, parameters are passed to the shortcut application and are picked up via the AQ_GetRequestParameters service. The AQ_GetRequestParameters does not distinguish on how parameters are send, by the AQ_StartProject service or the end user threw the URL. For more information about passing parameters via the AQ_StartProject, please read AQ_StartProject#Security.

...

AQ_GetRequestParameters

The AQ_GetRequestParameters service is able to retrieve parameters from the URL. You should treat these parameters as "dirty", which means you should validate these parameters before using them.