You need to sign in to do that
Don't have an account?
Sites user permissions in relation to User object
Thanks in advance. I'm trying to lock down a script I wrote with a bug in it. You can trick my script into outputting a list of users instead of the list it's mean to do.
That problem is fixed, it was a code error I shouldn't have made in the first place, but the question I have now is this.
Is there a way to block the user object from being viewed by a site guest user? It's not listed in permissions, but I can very definately see a list of all users when I exploit my code. I want to disable this access so even if I miss something another time, this particular error can't happen again because of SF protections.
How do I manage the Guest User's ability to view the User table?