3 Replies Latest reply on Dec 16, 2010 10:58 AM by TSGal

    Security. Server Console : duplicating a script schedule



      Security. Server Console : duplicating a script schedule


      FileMaker Server



      Operating system version

      Mac OS X

      Description of the issue

      This could be seen as a security issue :
      while duplicating a schedule that performs a FileMaker Script, the account name and password are duplicated as well, allowing any administrator that does not have a full access account to the file to have any script performed by the server.

      Steps to reproduce the problem

      create a schedule that perfoms a script (with a valid account/password)
      duplicate the schedule.
      In the new schedule, change the called script.
      You don't have to re-type the password.

      Expected result

      The password should not be duplicated, although I admit it's convenient in most cases.

      Actual result

      The password is duplicated with the schedule.

        • 1. Re: Security. Server Console : duplicating a script schedule


          Thank you for your post.

          If I had a schedule that was password protected, and a user duplicated the schedule, I wouldn't want the password removed from the duplicated schedule.

          Can you discuss this a bit more as to why this should change?  Perhaps a preferences setting?

          FileMaker, Inc.

          • 2. Re: Security. Server Console : duplicating a script schedule


            Let's take the example of a FileMaker consultant installing a FileMaker solution at a customer's, or now with FMSA 11 a super admin delegating administration rights to group administrators.

            In both cases, the 'delegate' has access to the admin console, but may not have full access on the file.

            Now, let's say that the solution is designed in a way that relies on server side scripts. The 'super admin' or 'consultant' can set up a scheduled script using his full access account.

            But anyone with access to the the schedules can now duplicate it and have it perform another script, even without giving the full access credentials.

            Hope I made it more understandable (:unsure:)


            PS : about security, this forum authentication system has some major issues. Sometimes it simply breaks, and when it does, it returns the password in the login field. And in readable format, of course.

            • 3. Re: Security. Server Console : duplicating a script schedule


              Thanks for the explanation, and it does provide a little more information. However, I do think if this was changed, there would be a security issue because other people could duplicate the schedule and make previously unauthorized changes.

              I encourage you to enter this suggestion into our Feature Requests web form at:


              When entering the suggestion, please give a real-life example with a good explanation to why this should change, or explain that this should be an additional setting for the reasons you laid out.  Let Development and Product Management (who read these web entries) discuss the pros and cons of this proposed change.

              FileMaker, Inc.