Hi,
I’m trying out the scheduler in order to decide if I can use it for a project. One question arises: how is it secured against evil data manipulation? My event data is stored in a database, and the scheduler uses posts to insert/update/delete datasets. I think anybody could call the event.php and use the connector in it. I have searched at this forum and in documentation, but found nothing about this topic.
Thanks for any helpful answer.
Server side of scheduler based on Connectors lib
docs.dhtmlx.com/doku.php?id=dhtm … r:security
Basically it has not any access checks by default, but they can be easily added ( and strongly recommended for production ). You can place a line at top of connector file, which will check user access ( by reading some data from the session for example )
While client side can be configured to block some operations, in any case the main security check must be placed in server side code before data saving, because client side code can be altered without significant problems.