More in this section
Forums / Bugs & Issues / 9.6119.0 - Related data field for dynamic content type - no security trimming

9.6119.0 - Related data field for dynamic content type - no security trimming

The forums are in read-only mode. In case that you want to directly contact the Progress Sitefinity team use the support center. In our Google Plus group you can find more than one thousand Sitefinity developers discussing different topics. For the Stack Overflow threads don’t forget to use the “Sitefinity” tag.
1 posts, 0 answered
  1. Adam
    Adam avatar
    23 posts
    Registered:
    05 Apr 2013
    20 Sep 2016
    Link to this post
    When I create a content type and restrict its permissions (view, create, etc) to a certain role, or set of roles, users not in those roles can still see all of them. Also,  since the related data field is pulling from an api, this seems like a bad security hole. There's nothing preventing users from making those api calls themselves.
1 posts, 0 answered