Pages

Security:

The below 2 statements were  found interesting to me while I was reading the pega LSA course 

"Obfuscation of URLs is not a guarantee that an attacker will never find way to form a URL "

"Obscurity is not security"


bottom-line is , define the  authorization policy that explicitly prevents the unauthorized access. 

-------------------------------------------------------------------------------------------------------------------


Security: Reports and attachments

How to define the Authorization policy for the delegated customer created reports?