-
-
-
- User interface versions
- Building blocks for user interface design
- Adding styles with a css
- Surrounding page
- Changing snippets
- Creating a custom login page (pre 3.4)
- Creating a custom login page
- Using velocity templates within the blueprint
- Create your own web pages
- HTML delivery requirements
- How to customize system mails
-
-
- Introduction to security
- Secure development
- Security certification
- Field properties concerning security
- Developing user groups securely
- Security considerations for user interface
- Secure file organization
- Securely using the request
- Cross Site Scripting (XSS)
- Other options concerning secure development
- Security analysis
- Secure deployment
- Secure application management
- Scrambling of testdata
- Anonymization of personal data
- Using robots.txt
- Permission settings
- Security measures
- Data encryption
-
- Search Engine Optimization
- OTP
- User Interface migration guide
- User account management
- Instructies voor implementatie van visueel editen van nieuwsbrieven
- Login as another user
- Support
- More information about moving to User Interface Version 4.0
- Standaard page layout
- Sections moved to layout
- Aanpassingen in release 2024-7
- Media library
- Aanpassingen in release 2024-10
- Analytics and Matomo
- Registration forms
- How to change names of classes and fields?
- Responsible Disclosure Policy
- How to upload a blob in Velocity?
- Aanpassingen in release 2024-2
- Instances
- Google Analytics
- Street and City helper (postcodecheck)
- Responsible disclosure-beleid
- Postcode check service (straat en huisnummer) kosten
- Expressions
- Regular Expression Reference
-
Security considerations for user interface
The following page is about security consideration while developing the user interface of an application
Common mistakes
- Hiding fields by using sections
Fields can be put on sections that are hidden to (some) users. The user is unable to see this field in this layout. Be aware that as long as no read permission has been set for this field, the user can still view this field through other means. They can for instance:
1. Export the content of the 'hidden' field
2. Get the content of the 'hidden' field through the REST-API, if this is configured.
3. Search on this field if it is a secondary search field.
In short, always configure read permissions properly. Never use sections to handle permissions. - Hiding fields using a class template
In case a class template is used to represent data, some fields can be omitted from the template. Users who view this template will not be able to see the contents of these fields. This is not a proper substitute for configuring read permissions. See point 1 for the possible ways users can circumvent this ommission. - Hiding fields using CSS
Never do this!