dhtmlxConnector is open to external access of other programs and any external user is allowed to change data in database.

Thus, adding some kind of session-based authentication is strongly recommended.

The built-in security manager allows limiting connector to certain operations.

 <!--- blocks Select action --->
<cfset grid.access.deny("read")>
 <!--- blocks Insert action --->
<cfset grid.access.deny("add")>
 <!--- blocks Update action --->
<cfset grid.access.deny("edit")>
 <!--- blocks Delete action --->
<cfset grid.access.deny("delete")>

By default, connector allows all operations.

Back to top