1 Reply Latest reply on Sep 21, 2011 10:11 AM by philmodjunk

    Potential password reset security issue



      Potential password reset security issue


      FileMaker Pro



      Operating system version

      Windows XP

      Description of the issue

      Cannot delegate account administration authority without creating potential security risk.

      I want to reserve [Full Access] privileges for the database creator and delegate account management to an administration or coordinator account that has less than full access rights.  Setting up a script to use contact information contained in database records and scripts to create/enable/disable accounts and reset passwords requires allowing administrator account to execute script with full access rights.  Built in error checking prevents disabling the [Full Access] privilege account, but does not prevent resetting the full access account password.  I cannot find a way for the script to check the privilege set (of other user account) prior to resetting the password.  The administrator can therefore reset the full access account password and then log in using that account.