-Edit & -Recid

BuddySystems · December 11, 2002

Am I correct that there is no way to do a -edit URL or Form without including the -RECID for the record you are editing?

If this is the case, considering that the recid is a serial number that developers have no control over, isn't it extremely easy to hack a URL and find data for other users?

Steve T. · December 13, 2002

As far as I know, you're right about the -recid being required for -edit but I'm not so certain about the ease of hacking a URL...

(2 minutes later...)

OMG!!! It was easier than I thought... I changed a record's data right through the URL! Of course, I tested it on an unprotected db we're still developing so there's no AP or WSD, but I was till shocked at how easy it was. Ironically, I'm going to use this trick for quick-editing data remotely until we finish the project and initate security. Thanx for the tip/warning/new tool.

Vaughan · December 13, 2002

The RecID is a very slippery number: it is not quite a serial number in that the series of numbers that FMP uses is not continuous -- there is a big break in the middle of the sequence of numbers.

Anatoli · December 13, 2002

Use protected chromeless HTML pages by forced frames and no one will be able to fiddle easily with URL

Sign In

-Edit & -Recid

Recommended Posts

BuddySystems

Steve T.

Vaughan

Anatoli

Create an account or sign in to comment

Create an account

Sign in

Similar Content

FMP 11 Advanced: Password protect individual records?

Image in Web Viewer won't show up in IWP

Instant Web Publishing Auto-Login + Passing Variable

IWP URL - editing the page that says "Check the URL you are using to access FileMaker WebDirect"

SuperContainer suddenly not worlking in IWP, FMPA 12

Browse

Site Support

Forums

Blogs

Marketplace

Activity

Important Information