i'm trying password protect page contains confidential information.
upon clicking link, user shown pop-up dialog enter password. if successful, redirect user page. otherwise, display "wrong password".
the thing is, can overcome if user copies url , add "/exec#confidentialpage" end of url.
any suggestions?
if @ possible highly discourage implementing own authentication system , instead rely on google login secure data. see https://developers.google.com/appmaker/security/secure-your-app. short recommendation to:
- create google group contains users want access data.
- create role in app maker contains group
- restrict access both data , view members of role.
this more secure password based approach #1 it's implemented google (implementing own auth correctly hard) , #2 have list of has access data in form of google group.
Comments
Post a Comment