Exposing sensitive data to citizens over the web is inherently dangerous and security must be a primary concern when developing citizen account customizations. Please see the chapter Securing Universal Access for more information. We strongly recommend that all public facing applications undergo rigorous security analysis and testing before being deployed. We also recommend that you contact support to discuss unusual customizations that may have specific security issues.
Permission to invoke the server facade methods that serve data to citizen account pages is managed by the standard authorization model. Please see the Cúram Server Developer's Guide for more information. In addition to the standard authorization checks, each facade method that is invoked by a citizen account page must perform the following security checks in order to ensure the user associated with the transaction (the currently logged in user) has permission to access the data they are requesting: