AnsweredAssumed Answered

Security hole in WebDirect

Question asked by MarkusNoser on Feb 4, 2014
Latest reply on Feb 13, 2014 by CamelCase

Summary

Security hole in WebDirect

Product

FileMaker Server

Version

13

Operating system version

Webbrowser

Description of the issue

In the URL of the WebDirect Site, everyone can see which layout is actually shown. With a little guess and try the user can gain access to secret layouts.
In my eyes it is a big security hole.
To use unguessable names for layouts is not a solution.

Steps to reproduce the problem

Stay at version 12 with IWP.

Outcomes