Make Uplink Functions Unavailable To Client

david.wylie · March 27, 2019, 3:19pm

Is there any way to create functions in uplink code without wrapping them in

@anvil.server.callable

making them essentially invisible to the client but still usable by server side code?

I might be being oversensitive here, but this particular function is dangerous and I don’t want any possibility for a client to be manipulated to be able to call it. Just makes me nervous…

Am I being unnecessarily paranoid?

owen.campbell · April 1, 2019, 8:48am

I’ve just used a secret as a function parameter when I’ve need to do this. Wrong/missing secret in the arguments raises an exception.

david.wylie · April 1, 2019, 9:09am

Interesting - nice idea, thanks.

shaun · April 1, 2019, 2:23pm

Moving to Feature Requests. It would definitely be an improvement if we made it possible to specify that an anvil.server.callable function was available only to the server code. We’ll add it to our prioritisation process.

@owen.campbell’s approach sounds like a good way of achieving the intended effect in the meantime (thanks Owen).

y.yamazaki · March 22, 2022, 7:24am

Is there any update on this feature request? I also need to avoid clients from accessing an uplink function which handles highly sensitive data.