-Edit & -Recid

BuddySystems · December 11, 2002

Am I correct that there is no way to do a -edit URL or Form without including the -RECID for the record you are editing?

If this is the case, considering that the recid is a serial number that developers have no control over, isn't it extremely easy to hack a URL and find data for other users?

Steve T. · December 13, 2002

As far as I know, you're right about the -recid being required for -edit but I'm not so certain about the ease of hacking a URL...

(2 minutes later...)

OMG!!! It was easier than I thought... I changed a record's data right through the URL! Of course, I tested it on an unprotected db we're still developing so there's no AP or WSD, but I was till shocked at how easy it was. Ironically, I'm going to use this trick for quick-editing data remotely until we finish the project and initate security. Thanx for the tip/warning/new tool.

Vaughan · December 13, 2002

The RecID is a very slippery number: it is not quite a serial number in that the series of numbers that FMP uses is not continuous -- there is a big break in the middle of the sequence of numbers.

Anatoli · December 13, 2002

Use protected chromeless HTML pages by forced frames and no one will be able to fiddle easily with URL

Sign In

-Edit & -Recid

Recommended Posts

BuddySystems

Steve T.

Vaughan

Anatoli

Create an account or sign in to comment

Create an account

Sign in

Browse

Site Support

Forums

Blogs

Marketplace

Activity

Important Information