Hello everyone,
I have a problem in developing a secure application in 1C platform, version 8.3.15.1534. The problem consists in the fact that, if I publish a configuration through IIS, I receive all kinds of errors from the platform, on the web, when trying to access a somewhat different web address that the intended one (detailed in the pictures). This automatically reflects in bad application security and it is not a very good approach in developing a secure application.In the attached pictures, you'll notice what I meant with a different web address. These errors that the platform returns, can be resourced by bad intended people, in hacking my application.
Another point that I haven't yet managed to figure out, is when accesing a published configuration via a web browser. The last user that logged into the application on the web, will have the username automatically completed (it is stored) on relogging from the same computer. This makes things less feasible when developing a secure application that can be used in an ad-hoc network, for example.
Can someone please help me in publishing a configuration, or installing and configuring the 1C service, that does not allow these kind of 'backdoors' ?
Quick mention. The first image is a valid wsdl, the rest of the images shows the mentioned problems (except the username one which is just explained above).
Thank you,
Lucian Rada.
The 1C:Enterprise developers forum
