Passing command through URL?

Steve Railsback · April 15, 2005

Greetings all

We're running FM 6 to publish a database online of student clubs. I learned today that we've been hacked. We think someone is passing add new record commands through the URL. Is this possible and can it be blocked?

Thanks!

-steve

Garry Claridge · April 16, 2005

A new record can be created with a "-new" in the URL with something like this:

http://myaddress/FMPro?-dbname=mydb.fp5&-format=-raw&-new

You can use the "Web Security" database to protect against this. Or, you could use PHP to "hide" the database.

All the best.

Garry

Sign In

Passing command through URL?

Recommended Posts

Steve Railsback

Garry Claridge

Create an account or sign in to comment

Create an account

Sign in

Browse

Site Support

Forums

Blogs

Marketplace

Activity

Important Information