LinkBack URL
About LinkBacks
Authentication outside SugarCRM e.g. AJAX
Hi All,
I've started using AJAX for a few specific purposes in editing specific fields in SugarCRM. My SugarCRM system is inside the firewall, so I've just hard-coded table updates. But this quickly becomes a huge security hole, especially for installations on hosted internet servers.
I've seen several topics in the Forum with people proposing more broad use of AJAX for editing all fields. More generally, I have seen many questions about being able to include SugarCRM files and access global variables from outside the context of SugarCRM. It's easy when you're modifying SugarCRM code or writing a logic hook.
So I'd like to get a better understanding of SugarCRM authentication in different contexts including AJAX. I'd also like to get a better understanding of the different contexts that exist - that is the different ways to write php pages that can access SugarCRM data and code variables.
I have not previously paid much attention to this, so this could be a solved issue, but I don't recall any posts saying that. I've also resisted learning SOAP up to this point and this may be solved there.
Is this already covered in the Wiki or Developer's Guide or by the SOAP API?
Is the community that is using AJAX also within the firewall or are you building authentication into your AJAX php pages?
What's the right way to write a php page called by AJAX so that it ties into SugarCRM authentication before accessing critical data?
I think a discussion of this topic would be valuable given the increasing volume of code getting posted that may get propagated to users with different assumptions and start causing pain.
Phil
Reply With Quote
Bookmarks