This is a fairly general question regarding how secure one can 'lock down' access to a filemaker solution hosted via web direct. If I have a single file, which has been developed for an in-house team to access via FMP, and now we want to add the functionality to allow guest users (WITHOUT authenticating) to access a specific layout, and related table via web direct, in order to make applications for an event, to what lengths do I need to go in order to ensure that the web user cannot find their way to layouts, or more specifically to data that they shouldn't be allowed access to.
My plan is this:
1) Create a privilege set which only has access to the fields in the "web" table
2) Also only allow the "web" privilege set to edit a single layout
3) Remove all toolbars from the web direct layout with a script trigger on layout enter
Anything else I should be doing?
I'd really like to keep this all in a single file, if possible...