Jump to content
View in the app

A better way to browse. Learn more.
FMForums.com

A full-screen app on your home screen with push notifications, badges and more.

To install this app on iOS and iPadOS
  1. Tap the Share icon in Safari
  2. Scroll the menu and tap Add to Home Screen.
  3. Tap Add in the top-right corner.
To install this app on Android
  1. Tap the 3-dot menu (⋮) in the top-right corner of the browser.
  2. Tap Add to Home screen or Install app.
  3. Confirm by tapping Install.

SECURITY HOLE IN WC

timmy
in Other Internet Technologies

Featured Replies

This is a follow up to the thread:

http://www.fmforums.com/threads/showflat.php?Cat=&Board=UBB21&Number=19032&page=&view=&sb=&o=&vc=1

I'm writing this question here because i think the other thread was way out of my league. I'm looking for a dumbed down version.

Basically this is my understanding of the situation. If someone has access to your database, they can very easily view all the data in all of the fields in all of the records.

My situation is as follows:

I have many databases running which are accessed by many people who log in with usernames and passwords. I trust these people, so i'm not too worried about them "hacking" into other areas of the website. Also, i have a database running that anyone in the world can hit without a login or password. This database contains no sensitive data, so I dont care what people look at.

I believe that the problems with web security discussed in the other thread do not matter to me under these circumstances. People with passwords can be trusted not to "hack" the sensitive databases. No one without a password has access to the sensitive databases. Everyone has access to the public database, and I dont mind if people hack it, because the data is all there anyway.

Am i correct in thinking this?

thanks,

Tim.

RE: No one without a password has access to the sensitive databases.

Probably everyone has access to those databases. Give us URL and we will try.

I do believe people here will not try to destroy something or gain advantage. Definitely not me.

If you use Exact search and good password logic, it will be more secure, but hard to work with that db.

We developed Security Filter for our Windows server and we are probably 99% protected, maybe even 100%.

Yes, Timmy you are very close to correct.

Are you using the 'Web Security' database? This is quite good, however not the best tool to work with. It also does not do record security; even though a paper about this exists on the FM web-site.

The tool Anatoli has should also be very good. It will protect against any weak points of the 'Web Security' database.

Good Luck

Garry

Create an account or sign in to comment

https://fmforums.com/topic/9888-security-hole-in-wc/
Go to topic listing

Similar Content

Important Information

By using this site, you agree to our Terms of Use.

I accept

Configure browser push notifications
Chrome (Android)
  1. Tap the lock icon next to the address bar.
  2. Tap Permissions → Notifications.
  3. Adjust your preference.
Chrome (Desktop)
  1. Click the padlock icon in the address bar.
  2. Select Site settings.
  3. Find Notifications and adjust your preference.