Is there a way to Disable Chrome/Edge/Firefox Developer Tools for Perspective pages. The concern is that if we are using component level security, some information might become available through the developer tools.
No. The browser belongs to the user. If you don't want data exposed, don't send it to the browser in the first place.
1 Like
Could you elaborate on your concerns?
Say for example, there is a URL on a view that should only be visible for user with appropriate credentials. Is there a way that the URL get exposed under the Developer Tools.
Even if they knew the URL, but they don't have the proper permissions, they won't be able to access it. Of course, this is assuming you properly setup security.
Crafting a URL based on secure information is a bad idea in general. As @andrews has already suggested, the "secure" way to manage something like this is to create a URL which directs to a resource on which you've properly applied Security Settings (right-click the View node in the Project Browser and select "Security Settings").
That being said, there are times when you might need to parameterize a URL with some value - perhaps you want to to something like this where you parameterize the page with the employee ID of another employee:
my.gateway.local:8043/data/perspective/client/MyProj/administration?employeeId=b1cb353d-bb7d-4aa7-a364-ba4612e8f2cb
That URL would indeed be visible in the DOM, but you should be applying security to how that employeeId is supplied, by most likely hashing the employeeId value and unhashing the parameter of the Page which uses it.
1 Like