Apex Code Development You need to sign in to do that
Don't have an account?
Sites user permissions in relation to User object
Thanks in advance. I'm trying to lock down a script I wrote with a bug in it. You can trick my script into outputting a list of users instead of the list it's mean to do.
That problem is fixed, it was a code error I shouldn't have made in the first place, but the question I have now is this.
Is there a way to block the user object from being viewed by a site guest user? It's not listed in permissions, but I can very definately see a list of all users when I exploit my code. I want to disable this access so even if I miss something another time, this particular error can't happen again because of SF protections.
How do I manage the Guest User's ability to view the User table?