1 Reply Latest reply on Aug 21, 2015 10:36 AM by TSGal

    No login requested when direct url to my webdirect database - opens with full admin rights

    pcmedic

      Summary

      No login requested when direct url to my webdirect database - opens with full admin rights

      Product

      FileMaker Server

      Version

      14

      Operating system version

      Windows Server Data Center Editon

      Description of the issue

      opening a my database (created in FM Pro 14, hosted with FM Pro Server Windows) in a browser using Webdirect, it was not asking me to log in and taking me direct to my database with full admin rights. Closing the tab or window and then trying again, same result. Usually, it would prompt me to log in.

      Steps to reproduce the problem

      At first I suspected my password was cached in my browser (Chrome), so I tested the direct url to my database in Safari that had all history/cache cleared, same result, immediate access and not prompted to enter a password. I tested on another PC, same result. Access was provided at admin level. I replicated this in firefox. I double checked the security settings, guest was disabled, users assigned access all have passwords. I restarted my server and still no luck.

      Expected result

      Webdirect would request a password to be entered each time a new tab or window is opened and I click a short cut (or type in) the direct url to the database, for example 192.168.1.100/fmi/webd#database

      Actual result

      No password requested, immediately opens the database with full admin rights.

      Exact text of any error message(s) that appear

      No error message.

      Configuration information

      Hosting the database in the Google Compute Engine in a VM Instance running Windows Server Datacenter Edition.

      Workaround

      I changed my admin user password and that was what fixed the problem. After changing the password I tested all the above browsers and every time I was prompted to enter a password, therefore once again secure. This is a major issue and I am extremely worried it will happen when I make my database live in my business providing employees access to information they shouldn't have access to. Please investigate as a high priority.