Scope: managed applications, mobile applications, and ordinary applications.
In the managed application mode, a client application (thin or web client) accesses 1C:Enterprise server through an open HTTP protocol. 1C:Enterprise server can be called by third-party applications in the same way as the client application normally does. Malicious users can gain unauthorized access to user data and hack into the server.
1.1. All server procedures and functions available for call from the client code pose a potential security risk. They constitute 1C:Enterprise server API. They usually include the following objects:
- Export procedures and functions located in common modules with the "Server" and "Server call" flags. Such procedures and functions can be called directly from the client.
For more information, see Restrictions on setting the "Server call" flag for common modules
- All procedures and functions of object form modules with compilation directives &AtServer, &AtServerNoContext. Such procedures and functions can be called from the client context after successful receiving of the form even if these procedures and functions are not export ones. This makes it possible to call the code in the context that was not expected by the developer.
For example, code of the Catalog. Employees.ItemForm form module:
&AtClient Procedure DismissEmployee(Command) If DismissalRegistrationDate > PeriodEndClosingDate Then RegisterDismissal(); EndIf; EndProcedure &AtServer Procedure RegisterDismissal() ... EndProcedureAn example of third-party code that calls directly the server procedure to bypass the verification provided by the form developer in the DismissEmployee command data processor:
FormParameters = New Structure("Key", SelectedEmployee) Form = GetForm("Catalog.Employees.ItemForm", FormParameters); Form.RegisterDismissal();
1.2. We do not recommend that server procedures and functions of form modules contain the code, which provides business logic and does not apply to client/server interaction and form attribute processing.
1.3. Pay special attention to server procedures and functions that use the privileged mode or placed in common modules with the Privileged flag.
Any configuration options for executing external code or arbitrary query texts on the server, which are not the application part themselves, are insecure.
External reports and data processors, COM objects, and external components are also hazardous. In particular, code of external data processors can directly access all common modules without the "Server call" flag, object modules and configuration object managers, and try to switch to the privileged mode.
Such options might be harmful to the server performance due to incorrect or malicious code: data corruption or data theft, hangs or stop of working processes due to looping, memory leaks, resource-intensive operations and queries, and other.
For more information, see Restrictions on execution of "external" code.
3. The client application (thin client or web browser) does not guarantee security of data transferred to the client side. This data can be easily intercepted and read by malicious software installed on the client computer.
Server procedures and functions must return only final calculation results to the form. Avoid transferring initial or intermediate data to the form. This data might reveal side, possibly private business process information.