How to tighten up Web security

Chong-ho (Alex) Yu, Ph.D., MCSE, CNE

Problem:

What should I do to tighten up Web security for FMP

Solution:

Your first line of defense is to use Web security instead of File sharing security. However, if you accept the default of Web security in FMP 4.x, this approach will not work at all. As shown in the following figure, the default of Web Security is openning all databases to all users with all types of permission. The first thing you should do is to delete this record in the Web security database (FMP 5.0 does not have this problem).

Second, you should be careful about granting the right of "deleting records" to users. For example, some users may be garnted the right of deletion to certain records only. When displaying records that the user should not be able to erase, the Web master may hide the "delete" button. However, in the URL box of the browser, the user can replace "find" in the query string with "delete." If he has the permission to "delete," it will work even though there is no "delete" button to press.

The workaround is either removing this right from the users or dividing sensitive and insensitive records into different databases.

Third, once a user login a database via a Web browser, the browser remembers the user until he/she quits the browser. If the user does not close the browser, another person who gains access to the computer can continue to the session left by the previous user. Hence, it is advisable to insert a close window script into the "submit" button as the following:

<INPUT TYPE="submit" NAME="-Edit" VALUE="Submit" onclick="window.close()">

When the user clicks on the "submit" button, he/she would be prompted to close the browser and thus the next user (if any) will not gain access to the database.

close web browser


Navigation

FMP Tips Contents

Other computer tips

Search Engine

Credit/Copyright ©

Simplified Navigation

Table of Contents

Contact Me