12 Replies Latest reply on Sep 29, 2015 10:58 AM by TSGal

    Just found a nasty security flaw...

    hbrendel

      Since the beginning I'm hiding the status area in all of my solutions. All the functionality that is needed is built in the interface.

       

      I just found out that on Mac one can simply right-click the title bar and choose 'Customize Toolbar...' And voilà: the status bar appears... and it's going to stay.

       

      I don't know if it's been like that in earlier versions. I suspect that it is. Probably it's an OS thing, so I doubt that FMI can fix this.

       

      Now I need to revise all my solutions to add the script step 'Hide Toolbars' to all relevant scripts. I also have to empty the layout menu.

       

      Don't know how it is on Windows...

        • 1. Re: Just found a nasty security flaw...
          DamianKelly

          All the items in the menu bar call their menu name equivilants so with a custom menu set you can either hijack the buttons in the toolbars or simply disable them.

          • 2. Re: Just found a nasty security flaw...
            hbrendel

            All my solutions have custom menus, so with an empty layout menu there's technically no harm done. Except that my layouts are ruined... And users can resume paused scripts... and... and...

             

            None of my clients ever complained, so I suppose it's a hypothetical issue. It's nasty because I designed everything based on the preposition that the Status Area is NOT visible, NEVER.

            • 3. Re: Just found a nasty security flaw...
              ninja

              A curiosity from a PC user...no mac readily available...

               

              I do see that you hide the toolbar.  I don't see that you said that it is "locked".  Does that change the behavior?

              • 4. Re: Just found a nasty security flaw...
                ninja

                Just mocked it up on a PC...Set the toolbar to Hide and Lock.

                 

                I can't find a way to open it as a user when it is locked.

                If it isn't locked, I can open it from the little button on bottom left.

                 

                When lockesd, I can get the formatting bar, but not the main Status Toolbar.

                "Customize Status Toolbar" is also greyed out in the "view" dropdown as well.

                 

                Don't know if this helps at all...hopefully it does somehow.

                • 5. Re: Just found a nasty security flaw...
                  DavidJondreau

                  I can confirm the problem that the OP has.

                   

                  On OS X 10.7.5, FMPA 13 v1, I can Hide and Lock then bring up a context menu with the "Customize Toolbar" option that then shows the toolbar. I cannot easily rehide it (since it's locked and the context menu doesn't have that option).

                   

                  *Though I wouldn't say it's a security flaw. Definitely a bug, but security shouldn't fall under the toolbar's toggled status.

                   

                  Message was edited by: DavidJondreau

                  • 6. Re: Just found a nasty security flaw...
                    RubenVanDenBoogaard

                    Confirmed here as well OSX 10.9 FMPA 13v1  also tried FMPA 12.0v5 and there the option 'Customize toolbar' is also present, but it does not show the toolbar.

                     

                    definitive a security flaw in my book, a user can go to a different layout and alter data in layouts where he should not be able to go.

                     

                    Best regards,

                     

                    Ruben van den Boogaard

                    Infomatics Software

                    ruben@infomatics.nl

                    • 7. Re: Just found a nasty security flaw...
                      hbrendel

                      That's why I decided to make that menu empty.

                       

                      David is right. Not a security flaw any more, since I did that.

                       

                      And... you can hide it again with contextual menu option 'Hide Toolbar'. Would the user do that?

                       

                      I said earlier, that a user could resume a script, but the contextual menu is not available during a script pause.

                       

                      But still: 25pts of the bottom of the layout has disappeared from view. What if the essential buttons are there? And the zooming of the window is disabled? You could call it poor design but I name it a pain in the xxx.

                      • 8. Re: Just found a nasty security flaw...
                        Malcolm

                        And... you can hide it again with contextual menu option 'Hide Toolbar'. Would the user do that?

                         

                        If the toolbar is locked, the hide toolbar command doesn’t show the tool bar nor does it hide the toolbar. FileMaker have that under control. The bug is that they aren’t trapping the “Customize Toolbar…” command. It’s definitely an OS thing. FMI simply have to ignore the calls to “customize toolbar” when the status bar is locked and hidden.

                         

                        I said earlier, that a user could resume a script, but the contextual menu is not available during a script pause.

                         

                        That doesn’t matter. Once the toolbar is open it will stay open. The next time a script is paused the button will be accessible. However, that doesn't represent a security problem. The user was always able to press the enter button to resume actions when the script is paused and your programming should handle that. Don’t we all put our pause steps within a loop that has explicit exit conditions?

                         

                        ... snipped the mangled code...

                         

                        But still: 25pts of the bottom of the layout has disappeared from view.

                         

                        That drives me nuts too. That is worth a complaint in itself.

                         

                        What if the essential buttons are there?

                         

                        Really? You don’t use it as white space?

                         

                        And the zooming of the window is disabled?

                         

                        On my machine, window zooming works with mouse-click and drag and with the green zoom button.

                         

                        You could call it poor design but I name it a pain in the xxx.

                         

                        Data level security is set in User Account Privileges and the menu bar commands respect these. If the user is not allowed to delete, the delete button is dimmed, same for all the other commands. So, for those things, the appearance of the toolbar is not problematic.

                         

                        However, there are some things which are outside the scope of data security. A window that has a hidden and locked toolbar prevents the user from navigating to different layouts and prevents the user from navigating between records. Once the toolbar is visible the user has both forms of navigation open to them. I would like Layout navigation and Record navigation locks made accessible to the developer as script steps.

                         

                        Malcolm

                        • 9. Re: Just found a nasty security flaw...
                          DavidJondreau

                          Pauses in scripts? I haven't used those since we got modal windows. Now I exit scripts instead of pause, using a modal window whose layout calls a new script.

                          • 10. Re: Just found a nasty security flaw...
                            Mike_Mitchell

                            I would like to point out that, even if the toolbar is hidden, the user can resume a paused script by pressing the "Enter" key.

                             

                            This is really not a good "security" scheme. If you want to lock a user's actions, you shouldn't be relying on them not being able to resume a paused script.

                            • 11. Re: Just found a nasty security flaw...
                              hbrendel

                              We're in FM 14 now. It's still there... R-clicking in the window title area does not show 'Customize Toolbar...' anymore, but it shows 'Icon and Text', etc. Clicking on those items reopens the (locked) toolbar.

                              I'm just not telling my users...

                              • 12. Re: Just found a nasty security flaw...
                                TSGal

                                hbrendel:

                                 

                                Our Development and Testing departments are aware of this issue using FileMaker Pro 14 under Mac OS X.  This issue does not occur under Windows.  I have attached this thread to the original report.  When more information becomes available, I will post again.

                                 

                                TSGal

                                FileMaker, Inc.