How to process data on the server side in 1C?

N

Nurasyl Aldan2020-10-05 02:27:55

1C

Nurasyl Aldan, 2020-10-05 02:27:55

Hi all!
I am new to 1C programming.

How on the server side to process incoming data and write to the database?

For example, on the client side, you can do this:

&НаКлиенте
Процедура ПередЗаписью(Отказ, ПараметрыЗаписи)
  Объект.Наименование = СокрЛП(Объект.Наименование); // Это позволяет обрабатывать и записать в базу данных, только обработка происходит на стороне сервера.
КонецПроцедуры

&НаСервере
Процедура ПередЗаписьюНаСервере(Отказ, ТекущийОбъект, ПараметрыЗаписи)
  // Здесь я хочу обрабатывать данные и записывать.

  Объект.Наименование = СокрЛП(Объект.Наименование); // Это ничего не делает, не обновляет поле формы и не внесет изменения в базе данных.
КонецПроцедуры

I'm concerned about the issue of security, server side data processing is safer.

Reply

Answer the question

In order to leave comments, you need to log in

3 answer(s)

D

Dmitry Kinash, 2020-10-17
@nurasyl

This does nothing, does not update the form field, and does not make changes to the database

It actually updates, but it's useless, since the data from the form attribute named "Object" has already been transferred to the real object, which is available in the BeforeWriteOnServer() procedure under the name "CurrentObject". After the write transaction is completed, the database is read into the props on the form and everything is updated (since, in addition to the server procedures of the form, the object can be changed before writing in the procedures of its object module and in subscriptions to the write event). If you don't have 10 minutes to read a chapter in the tutorial on working with objects, then at least read the description of the procedures used in the Syntax Helper (place the cursor on the name of the procedure and press Ctrl+F1).

I'm concerned about the issue of security, server side data processing is safer.

This is wicked bullshit. If you do not have access rights to the data, then you will not receive them either on the server or on the client. If you have admin rights to the SQL server, then the encryption of the client-server channel and all access restrictions are just zilch.

An experienced programmer can write their own client application for the purpose of hacking

The maximum that your hacker is capable of is to inject code into the 1C web client, but to work with the server, he will still need to have a login / password, and everything he can do from the patched client will still be limited on the server by the settings of rights and profiles security. And if he has the necessary rights, then nothing needs to be patched.

I want to receive data from the client and process it on the server side.

This is how it all happens. On the client, work is done with the visibility / accessibility of form elements and primitive calculations in the spirit of "if you buy 5 pens for 100 rubles, then you will pay 500 rubles."

K

Konstantin Nagibovich, 2020-10-05
@nki

To determine the "place" of code execution, there are OnClient, OnServer, OnServerWithoutContext directives. Understand them and understand how to perform processing on the server.

I'm concerned about the issue of security, server side data processing is safer.

Why did you decide so?

K

Konstantin, 2020-10-05
@fosihas

Safer what...?