Versions Compared

Old Version 5

changes.mady.by.user Hugo

Saved on

compared with

New Version 6

changes.mady.by.user Hugo

Saved on

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.

...

  • Use Prepared Statements: To prevent SQL injection, use prepared statements. A prepared statement is a prepared statement is a precompiled SQL Query that can help prevent SQL injection attacks by ensuring that user input is treated as data, not executable code

  • Use the SQL escape parameter in Hash Variables: If the query is a hash variable, use the ?sql escape parameter, which ensures the query is handled safely, and the data is processed properly by the server.

    • For example, in List Builder > Data Store > Database SQL Query

      Code Block
      languagesql
      titleSQL
      linenumberstrue
      SELECT * FROM dir_user WHERE username = '#requestParam.user?sql#'


...

  • Turn on Data Encryption: To secure sensitive information such as passwords, credit card numbers, and other personal data, enable encryption at the database or storage level. This ensures that even if the database is compromised, the data remains unreadable without the proper decryption key.

References:

4. Additional Security Measures

...

Configure your app and server to use HTTPS, ensuring that data transmitted between the client’s browser and your server is encrypted and secure.

References:

Regularly Update and Patch Your Joget Installation

Keeping your Joget platform up to date is critical for maintaining a secure environment. Joget regularly releases updates to address security vulnerabilities and provide performance improvements. Ensure that you stay up to date with the latest releases and security patches.

References:

Backup Your Data Regularly

Regular data backups are essential for disaster recovery. In the event of a security breach, having a recent backup ensures that you can restore your app’s data to a secure state.

References:

Monitor Logs and Audit Trails

Implement logging and monitoring mechanisms to track access to sensitive areas of your app. Audit trails allow you to track changes made to forms, processes, and user data, helping to detect any unusual or unauthorized activity.

...

Conclusion

Designing and building a secure app using the Joget involves understanding and addressing security concerns both at the front end and at the back end. By implementing proper permissions for UI elements, protecting forms, preventing SQL injection, and securing data with encryption, you can safeguard your app and its data. Regular updates and proactive monitoring will help keep your app secure against evolving threats, ensuring a robust, safe, and trustworthy experience for all users.