1 Reply Latest reply on Feb 16, 2016 12:56 PM by Mike Duncan

    Global variables and Web Direct

    DavidJondreau

      There has been some discussion about the security/user management implications around global variables and FMP. Global variables can be changed in the Data Viewer under some circumstances. I understand fully that security must be dealt with in Manage Security...

       

      However, there are gray areas. I'd strongly prefer if some employees didn't see the records that belong to other employees. I'd like to prevent that. If ambitious employee, that already has access to the file, was able to figure a way out to see records they're not supposed to, it wouldn't be the end of the world. But I'd like to limit that. I would avoid using global variables in this case, if they were accessing via FMP.

       

      But if users are accessing via WebDirect, does the same concern about global variables being weak hold?

        • 1. Re: Global variables and Web Direct
          Mike Duncan

          In webdirect, all global fields and variables are maintained in a server side session. There is no way to monitor global variables without access via FMP at all, so I do not see how the same level of concern would apply.

           

          If someone has enough access to your server to snoop on those, wherever those might be, then I think you have much bigger problems than someone snooping on global variables