corsacca
commented
1 year ago By default the api to list out connections should be disabled so the viewer does not have access to all record names in the system.
Open corsacca opened 1 year ago
corsacca
commented
1 year ago By default the api to list out connections should be disabled so the viewer does not have access to all record names in the system.
corsacca
commented
5 months ago Pull Request created. On hold because of security considerations: https://github.com/DiscipleTools/disciple-tools-bulk-magic-link-sender/pull/100
enabling connection fields on magic links opens up a lot of discoverability from a logged out interface.
Discussion. This gives access to all records of the connection type. This is maybe too powerful. If we proceed, we need that to be clearly indicated (on each row where a connection field is used)