Profound Logic Forums

Is there a way to not show the url in the browser screen for applications run through Atruim.

There seems to be an authority issue.
From a url displayed such as:
http://1.2.3.4:1010/profoundui/auth/sta ... m_item=104

any user can change 104 to something else and if it's a valid number can call up the program, whether they have authority to the menu option or not.

It appears not having authority only prevents the user from seeing the menu options, but that can easily be bypassed.

The session controller uses the unique item number (104 on your case), and retrieves the program name to run. Before running the program it first checks the make sure the user has authority to run the program. The program will not be called if the user does not have authority to run it.

So Atrium only displays menu items that a user is allowed to run, and the session controller re-checks the menu item before the program is called. The user is unable to bypass this by changing the item number on the url.

We are able to bypass it. I can sign on with a userid that only has authority for one program, then change the item number in the url to any other valid item number, and the program runs. It's happening.

ah, I checked and there was a problem here. It was corrected last month in version 3.3.0 If you download the latest version this problem will be resolved.
Apologies for the confusion.

Ok, we are still at 3.1.8. I'll upgrade.
Thank you