AnsweredAssumed Answered

Security Issue with Linked Files

Question asked by DavidLake on Feb 27, 2012
Latest reply on Feb 29, 2012 by DavidLake

Title

Security Issue with Linked Files

Post

I ran into something new today after 20 years of using FMP.

I have a remotely hosted solution with multiple tables.  Security profile of "User" allows for no deletes in any table and no new records.  I trigger either of these events with a script set to run with full permissions.  All of the other r/w permissions are pretty open. 

Basically my business rules are built into scripts and the table/data layer is generally free from profile level limits.  I also use the field controls on the layout to permit/protect fields from edit.

I have an advanced user who created his own database on his local machine, and linked to my hosted solution using his "User" profile.  He then created layouts in his new file using the fields from the ::hosted solution where he could then change the values of nearly any field in any of the hosted tables.

Effectively this bypassed my business rules/scripts and layout level access/locks on entering fields.

Can this "linking" be easily prohibited?

David

Outcomes