In working with my Tech Service Desk team, we have uncovered a concern and want to know if there will be a fix for this. It was discovered that some saved links were not working and the version of the application was older. Further investigation, it was seen that they were saving a URL that had version descriptions/identifiers.
By removing this, the application synched with the most recent version. Problem solved.
However, when taking this parameter of versions#, and adding it, the user was now able to move through each versions without any problems . In some cases ( and I can now understand why it is happening), a particular saved version by the user, has some fields pointing to a different column, causing bad data to be saved.
I donāt know how to emphasis this any further, but the Application use can NOT be used in the state.
This is a serious compromise that my CISO will not let us continue and I am looking for help to better understand what is being done to correct this ASAP.
&version=#.###### add this to your url. This is a common security hack that was recognized as a significant problem from 2000 to 2010 and finally best practices where to test for this security issue.
In my instance, the users did not mean to save the link with the Version. It happened somehow and we had to figure out why updates where not going to them.
My comment here is this is a severe security breach as a tool unfortunately that needs to be fixed.
Understood. At the very least you should submit your findings to AppSheet Support.
However, I am trying to inject older version numbers into an app URL and cannot seem to force the app to the specified version for myself or any virtual user I have established. The user has, so far, been directed to the proper version.
Maybe you have found a gap? But then we will need more specific details on how you and your users are accomplishing access to the old app version.
However, we were able to demonstrate different features showing up. Mostly it is noticeable when the column numbers change and the error will message out inconsistent columns which breaks the app entirely.
When looking at error message in the logs it shows the different version numbers. We have cleared the cache with no effect. They can increment through the versions to see different versions that I had never launch/released for them to use. ( ie taking advantage of the āStableā version release)
Currently I have about 10 different apps, used by about 30 different users. Some apps used daily by about 18 users. I have test 3 of these, and all produce the same results ( I being the administrator). Only 1 the most used was tested by none administrators, just general users.
I have however seen a number of log errors recorded with different users, with different version numbers. These are likely saved links with the version in the URL.
Something I have only recently realized is that there is a difference between a Sync and data updates. A user must manually tap Sync to get version updates.
Obviously, this is an Enterprise level account. Iāll try the version injection on similar apps I have access to. I have a vested interest for my clients.
Double checked with my team. We were able to go back to various version to a point where I implemented a security solution to avoid access to specific data. ie. Use security filtering and user record data. As a result, this user had the current version where they could not see the data, then with the older version before this, they could then open and see ALL data that they should not be able to see. I am trying to work with Appsheet Support on this.
Also, opened a completely different app by the user, that was not flagged as a problem. Added the session ID and the ability to access old functions ( or loss there of)
I spent some time testing this on an Enterprise app for which I am a co-author. I I cannot reproduce the issue. Iāve tried with a couple different accounts with different app access - Edit versus User. Attempts to inject an old version always bring me back to the correct expected version - whether I start with the Editor browser link or copy a deep link within the app. See images below for only some of the attempts Iāve made.
I believe you have found an issue. We just havenāt found the root cause - an AppSheet issue or something else.
Itā's the same.
Could you share some screenshots similar to the ones @WillowMobileSys sent? This will help the AppSheet Team troubleshoot the problem
I think 2 of the 3 screenshots @WillowMobileSys did not use the Ampersand. The images I shared above have the URL. If you wish for more screen captures I can provide. I have sat with 3 staff members in office to go over their computer and was able reproduce the problem. It might be related to our environment, but it is multiple different Apps different data sources.
This is a standard user (MAC in this instance). First capture is the current version with a single data element related to the user. The second screenshot is moving back the pre-dates the release of adding security feature to allow the user to only see their department.
