Hi Guys,

As I'm developing an app, making use of the fmp protocol to invoke other databases, I was left wondering.

I use username/passwords to invoke scripts from another database using the fmp protocol, and if no username/password is specified it asks for one. But, if  the user logging in is known and has the correct password, they could invoke any scripts they have access to in the database they're invoking. Note that I don't expect endusers to specify what script to invoke. I do this using scripts, the end user has no idea they're going from one DB to another.

But it left me wondering. If someone created their own little local database, they can effectively invoke any script (as long as the user they're logging in with has access to invoke scripts using urls) that lives in the database if they know the correct name of the script. I know, it's very unlikely they'll be able to guess the names, or that they'll be able to retrieve a list of script names, but having worked in IT for well over 20 years mostly as a Network Engineer with a lot of security focus, I just can't help but wonder if there's a way for me to control what scripts can be invoked using a url.

I know that the OnWindowFirstOpen always gets invoked if used, and that would be the place I would probably test. But afaik I can't retrieve the script stack, therefore can't check what script gets invoked after the OnWindowFirstOpen script.

Is there a way, in the DB being invoked, to retrieve the script specified in the fmp url? If I can retrieve that script name, I can create a list of scripts that are allowed to be invoked by fmp. I realize I have to be careful when renaming those scripts of course.

Starting in FileMaker® Pro 16, users cannot call scripts using FMPURL unless and until their Privilege Set is explicitly set to allow them to do so.  Look in the Extended Privileges section.

 

 

Steven H. Blackwell

Yeah, but that's an all or nuthin' approach. I like a bit more granular control. Out of all my hundreds of scripts, only a handful are used with the fmp protocol. It makes sense to restrict fmurlscript to only those.

But can I? It can't be done through priviliges, at least not as far as I can see.