jimhoyt

IWP Browser back button goes to the wrong place - security issue

Discussion created by jimhoyt on Feb 14, 2013
Latest reply on Feb 14, 2013 by BowdenData

Filemaker 12 Server/Advanced on Mac or Windows, using Instant Web Publishing (IWP) for user access.

Any web browser.

 

Clicking the browser back button goes somewhere you've never been. This is a security issue and needs to be addressed.

Filemaker is placing things in the browser history that have no relationship to the data being viewed.

Even if the back button can be controlled so that you are logged out would be better than what it does.

 

Here is the relationship graph:

Back Button Graph.png

 

In the list of families, select one.

Back Button 1.jpg

 

Then select a child.

Back Button 2.png

 

 

In the child's record, click the browser back button.

Back Button 3.png

 

 

You will get this message:

Back Button 4.png

 

 

When you click OK, you get this result!

Back Button 5.png

 

 

In IE, you can see what is going on. For some unknown reason, Filemaker IWP puts a totally unrelated record ID in the history.

So it takes you there instead of back to the previous screen, ( the Family page ).

Back Button 7.png

 

THIS IS A SERIOUS PROBLEM! Consider that this might be a court record and an attorney is looking at one case, and ends up seeing information from another case.

And that is exactly what I am doing in the real application.

 

ANYBODY HAVE AN IDEA?

 

FILEMAKER TECH SUPPORT?

 

Outcomes