Once data from 4D database tables exposed through 4D Mobile is integrated into the Wakanda catalog, you need to restrict access to certain "sensitive" resources.
Unlike 4D applications, with Web applications you cannot use the interface to control the data exposed: for example, just because a field is not displayed in the form does not mean that it is inaccessible to the user. HTTP requests and the use of JavaScript can allow malicious users to potentially obtain any information from an insufficiently protected Web server.
The purpose of this section is not to list all the security measures to take with 4D Mobile applications but to provide you with leads to help secure the data exposed in a minimal way.
- Protection of 4D Mobile accesses to the 4D database: You must control 4D Mobile (via REST) connection requests. You can use either:
- Control 4D Mobile exposure on the 4D side: Each table, attribute and method can be exposed (or not) through 4D Mobile. Only expose the data and methods that are strictly necessary; for instance, there is no need to expose any unused fields.