AnsweredAssumed Answered

Privilege Set - Available Menu: Minimum does not disable View go to layout in fmwebdirect

Question asked by DavidThomas_2 on Jan 12, 2014
Latest reply on Jan 14, 2014 by TSGal

Summary

Privilege Set - Available Menu: Minimum does not disable View go to layout in fmwebdirect

Product

FileMaker Server

Version

13.0.1

Operating system version

Windows Server 2008 R2 SP1

Description of the issue

Users using fmwebdirect are able to select any layout, even though minimum menu option chosen in Edit priv set.

Go to Layout is not disabled with either minimum or editing only.

There seam to be bug with disabling hierarchical menus as the Record Goto menu is also not greyed out.

Behavior is correct in Filemaker Advanced 13 and Filemaker Go 13

Steps to reproduce the problem

Set up a priv set with Available menu commands: minimum.

Hide toolbar script

Enable fmwebdirect on database extended privileges

using your favorite web browser (ie Chrome,Firefox etc) goto database.

Goto View menu go to Layout and choose any layout.

Expected result

Should be disabled as per other clients.

Actual result

Fatal security hole allowing users to jump to any layout they choose.

Exact text of any error message(s) that appear

No error message

Workaround

none - beside disable web access to the database

2014-01-13_115248.png

Outcomes