Meet other GoodData developers. Search our knowledge base. Attend live events.

GoodData

image.png

Hello everyone, everything good?

We are facing a security issue, infringing the data protection, where, through the cookie, the user can access other Workspaces because the GoodData admin user and password are fixed in the code.
We need to make sure that a user can only log in to their workspace.
Is there a way to assign or create a parameter when this user logs in so that he only accesses his Workspace based on the sdk that exists?
From the backend, we are using the code as shown in the figure below. Could you kindly help me?

Hi Douglas, I am a bit confused by your code. First issue is that you are mixing GoodData.UI versions 7 and 8: the `@gooddata/gooddata-js` is part of the version 7, the rest are version 8. Please use `@gooddata/api-client-bear` instead of the `@gooddata/gooddata-js` .

I agree that having the credentials hardcoded in the code is not safe, you should not do that, check how we handle it in <https://github.com/gooddata/gooddata-create-gooddata-react-app/blob/master/bootstrap/src/contexts/Auth/backend.ts|our application template>. For local development you can still use the `FixedLoginAndPasswordAuthProvider` with the values coming from your `process.env` but for production uses this is not safe.

Thanks for the reply <@U024Q0WD6VA>! We will verify the information you have sent us.