It sure LOOKS like a bug…

[HazMatt]

Well, take a look at the attached screenshot. I'm developing an IWP interface for our customers and they will need access to the three files shown. "smpl_interface" is the one with all the layouts and scripts, etc. and the other two are basically just dumb data files.

The original issue I'm trying to solve is changing passwords in IWP (via the Reset Password script step) and I discovered that the two data files are not being updated. So, the next time a web user logs on, both data files open, but they open in the default non-IWP enabled guest accounts!!! I can even view data from the web browser through IWP even though these accounts have the "Access via Instant Web Publishing (fmiwp)" checkbox unchecked.

I'm pretty sure this is NOT intended behavior. I would like to see a whole bunch of labels when I log into the system in this situation.

FileMaker Server Advanced version 10.0.2.206 running on Mac OS X Leopard Server 10.5.8.

Edited January 20, 2010 by Guest
Fixed a minor typo.

[IdealData]

Do you get the same behaviour when hosting with FMPro?

[HazMatt]

I'll have to get back to you later on that. It shouldn't be too hard to pull the database files and setup a FMPro host, but I'll have to get organized to do it.

I should clarify that the crazy behavior in my first post happens when the user name / password combo does not match in the data files; in my tests, the files open properly when I ensure that passwords are all correct.

[David Jondreau]

Don't think this is a bug. I could be totally off base, security is not my strongest point.

Your interface file has file references to the data files. When you open the Interface, it opens the datas, attempting to do so with the same credentials.

Regardless of the Extended privileges you've given the data files, the data files will open when referred to by the interface, if you've got a valid account name/pass for the data file.

Which you do. You've named your interface privilege set account name "Guest". That's an account you have in your data files that doesn't require a password.

So, User logs into the Interface file, with Guest/ABC123. The interface file checks its references and attempts to open the Data file, using Guest/ABC123. But since the Guest account doesn't require a password, it opens fine.

Lesson? Don't use Guest as an account name.

Also, changing a password across files is tricky stuff. You've got to trigger a script in each of the data files, but you've got to capture the new password in order to pass it along.

Edited January 20, 2010 by Guest

[HazMatt]

Ahh, but I am not logging in via IWP using the account name "Guest"… I have it grayed out on the screenshot, but that's my email address. All my IWP logins will be email addresses.

The data files are indeed being opened using the account as specified in File Options. In the case of smpl_data, that is "Account Guest" and paygo_data just uses the canned "[Guest]" account. So the rest of your post makes sense to me.

However, I still do think this is a potential security issue, as there may be differing levels of security clearance based on whether you're logging on via the LAN (fmapp) or via the internet at large (fmiwp). In my case, I made the assumption that if a privilege set does not have the IWP extended privilege checked, it cannot be accessed through IWP, period. As evidenced, it sure can.

As for changing user passwords between multiple files, I finally did make that work using the Change Password script step in each file instead of Reset Account Password. I suspect that for some reason, the Reset Account Password script step is incompatible with IWP, at least when multiple files are involved.

So, I'm considering my problems solved for now; I don't anticipate seeing the problem in the screenshot now that I can reliably update passwords across files. :)