11 Replies Latest reply on Apr 12, 2016 12:05 PM by TSGal

    Add FMNET access to built-in Privilege Set doesn't prompt for password

    thornburg

      Product and version

      FMPA 13 & FMPA 14 with FMS13 and FMS14


      OS and version Mac

      OS X 10.10 (client), Windows Server 2012 R2 (Server)


      Description

      Generally, when making changing to anything in the Security dialog, one must enter a valid admin (Full Access) credential in order to exit the dialog & save changes.

       

      If you add or remove "Access via FileMaker Network (fmapp)" to/from one of the built-in privilege sets (such as "[Read-Only Access]", you can exit the dialog and save the change without being prompted for a password.

       

      Perhaps not a huge deal, since you need Full Access in order to enter the dialog in the first place, but it still seems like a bug.

       

      How to replicate

      Open a file, open the "Manage Security" dialog.

      Add or remove "Access via FileMaker Network" from [Read-Only Access] on the Privilege Sets tab.

      Close the dialog.

      You will not be prompted to enter the Full Access credentials.

       

      I only tested this with hosted files, because I don't really use local files.  I suspect it would work there as well.  Likewise I only tested with FileMaker Pro Advanced, because I don't use the regular Pro client.

       

       

      If this is intended behavior, please explain why it does this--it seems like a security vulnerability (albeit an extremely minor one).

        • 1. Re: Add FMNET access to built-in Privilege Set doesn't prompt for password
          TSGal

          thornburg:

           

          Thank you for your post.

           

          At first, I was unable to replicate the issue because I was using the Detailed Setup.  If I switch to the Basic Setup, then I am not prompted the second time.  This occurs for any changes in Manage Security.  For example, activating or deactivating the Guest account.  I tested this with FileMaker Pro Advanced 14.0.4 under Mac OS X 10.10.5, Mac OS X 10.11.2 and Windows 7, both local and hosted files.

           

          I have forwarded your post along with my findings to our Development and Testing departments for review.  When I receive any feedback, I will let you know.

           

          TSGal

          FileMaker, Inc.

          • 2. Re: Add FMNET access to built-in Privilege Set doesn't prompt for password
            thornburg

            I am using Detailed Setup, and am not prompted for password for changes to the built in privilege sets [Read-Only Access] or [Data Entry Only].  I didn't try changing [Full Access] (as I don't think you can change that access level).

             

            Activating or deactivating the guest account does prompt me.

             

            Mine OS version is 10.10.5 and FMPA is 14.04.

            • 3. Re: Add FMNET access to built-in Privilege Set doesn't prompt for password
              TSGal

              thornburg:

               

              My apologies.  I see what I was doing incorrectly.  I missed the the part about the "Privilege Sets" tab.  I was making the change to "Access via FileMaker Network (fmapp)" after selecting an Account and then editing the Privilege Set.  I can now replicate the issue, and I have updated my notes to Development and Testing.

               

              TSGal

              FileMaker, Inc.

              • 4. Re: Add FMNET access to built-in Privilege Set doesn't prompt for password
                TSGal

                thornburg:

                 

                My apologies for the late reply.

                 

                Testing says this is intended.  The dialog will only popup if any [Full Access] account is created/modified/deleted, or a non-[Full Access] account is changed to [Full Access] account.  This will avoid double prompting for the common cases of editing regular user accounts, while also allowing external [Full Access] users to not be given knowledge of a local [Full Access] account just to be able to administer regular user accounts.

                 

                TSGal

                FileMaker, Inc.

                • 5. Re: Add FMNET access to built-in Privilege Set doesn't prompt for password
                  thornburg

                  I guess if it's intended, that's fine... but based on that text, I don't think that "testing" understands the situation.

                   

                  "The dialog will only popup if"... part is clearly not true.

                   

                  If you make other changes to these accounts (than modifying extended privileges), the dialog will pop up.  If you modify any non-built-in account, it will pop up.

                   

                  Why is this very narrow case (editing extended privileges of either Read Only or Data Entry Only) the only one that doesn't prompt?

                  • 6. Re: Add FMNET access to built-in Privilege Set doesn't prompt for password
                    TSGal

                    thornburg:

                     

                    I have asked the Tester for clarification.

                     

                    TSGal

                    FileMaker, Inc.

                    • 7. Re: Add FMNET access to built-in Privilege Set doesn't prompt for password
                      TSGal

                      thornburg:

                       

                      Testing said that the condition here is modifying the [Full Access] account other than the privilege set.  In your case, the extended privilege is not specific to that account but to the privilege set, so there is no prompt.  In your case, as long as the non built-in account is not a [Full Access] account, there is no need to be prompted.

                       

                      TSGal

                      FileMaker, Inc.

                      • 8. Re: Add FMNET access to built-in Privilege Set doesn't prompt for password
                        thornburg

                        My mistake for saying "account" instead of "privilege set".


                        If that's the case, why does modifying a non-built-in non-Full-Access privilege set in the exact same manor prompt for the password?


                        Why are [Read Only] and [Data Entry Only] privilege sets exempt from prompt on adding FMNET access, while *any* other privilege set prompts for the full access password when the same change is made?


                        Why would you *EVER* want it to be possible to exit the security dialog (saving changes) without being prompted for a password?


                        This is a security hole, not a feature.

                        • 9. Re: Add FMNET access to built-in Privilege Set doesn't prompt for password
                          TSGal

                          thornburg:

                           

                          My apologies for the late response.

                           

                          You said:

                          > Why would you *EVER* want it to be possible to exit the security dialog (saving changes) without being prompted for a password?

                           

                          Development says this is done by design and it is still to avoid double prompting.  You should always have a password set for [Full Access] privilege account.  Then, password prompted in the beginning or in the end makes no difference.

                           

                          TSGal

                          FileMaker, Inc.

                          • 10. Re: Add FMNET access to built-in Privilege Set doesn't prompt for password
                            thornburg

                            No, it's not the same.

                             

                            Prompting on enter is important because we don't want people to be able to open the dialog and look at the permissions unless they are authorized.

                             

                            Prompting on exit is a security feature, because it prevents anyone else from making and saving the changes using my computer.

                             

                            Example:  I open the security dialog to make a change, and someone yells from the next room, "hey, come quick!".  Someone else walks over to my computer, makes a change, and saves it. 

                             

                            This should require the admin password in order to save the change.

                             

                            Yes, I should lock my computer before walking away, but that's no excuse for treating things like this as "intended behavior".


                            I'm also getting tired of hearing "to avoid double prompting" when we are already double prompted in 99% of cases.


                            Right now, I'm fighting with my boss to keep FileMaker as a main development & system tool here.  Responses like this, plus the constant crashing of the web interface in FM14 make my fight *much* harder.


                             

                            If the devs want to tell me it's being added to the "some day when we have spare time (ha ha)" list, that's fine, but don't act like it isn't a bug/defect/poor design.


                            (Not intending to direct this at you, TSGal, you've been very helpful in all our interactions, I'm not trying to shoot the messenger).

                            • 11. Re: Add FMNET access to built-in Privilege Set doesn't prompt for password
                              TSGal

                              thornburg:

                               

                              I have sent your comments back to Testing and Development for review.  When I receive a better explanation, I will let you know.

                               

                              TSGal

                              FileMaker, Inc.