This may give you enough detail in the recover report to locate what changed. If you have received an error dialog from BaseElements that the file might be corrupt, or if you have any problems when generating a HTML Database Design Report, there are a couple of steps to go through, to try to find out where the problem is.įirst, you can run the recover process on the file to see if that reports any changes. As of version 3.0.9 the dialog will tell you which files are the issue, and direct you to this page for more information. The sample files confirmed that it was corruption related, and were enough that I could pinpoint when it happens. Well it turns out to be more common than I thought, as I’ve had a couple of reports already. In BaseElements 3.0.8 I added an error dialog for exactly this and just put a fairly generic “contact support” message in it, as I wasn’t sure at that stage if it was actually corruption related, and also I didn’t think this would occur very often. Count the before and after and you have an error capture where there is none. So when this runs, if there is an issue with one of the files, there will be fewer records in the found set afterwards. ![]() Then we have a second import that is using the setting “update matching records in found set”. In the case of BaseElements we start with a list of all of the files in the solution. A import with no error code means you need to know how much data SHOULD have been imported and you can compare it to how much data was imported. ![]() An error that gives you some sort of error code is fine, you can at least work around it or allow for it and manage it. One that seems to come up a lot more often than I’d like are FileMaker files that produce invalid XML, which makes it impossible for BaseElements to import.Įven more frustratingly lately I’ve been seeing bad layout data that doesn’t throw any sort of error, just silently fails on import. So I see lot of the options and permutations that are possible in various FileMaker files. Better protection: the new fmplugin extended privilegeįileMaker 19.2.1 aims at helping developers defend against this by blocking this type of access by default and allowing developers to make choices about which plugins they want to allow access to their solution from the outside.Īll files created with 19.2.I spend a lot of my time looking at the FileMaker Database Design Report for BaseElements. You risk an attacker guessing your script names (and open your file with sufficient privileges to run scripts if you use auto-login or ersatz security mechanism) and then run those scripts from any other file through the use of plugins. (We tend to prefer using the available FileMaker Server APIs for this). There are often good business reasons for such a construct whereby two files can exchange data and execute each other’s scripts without any type of connection. The same applies to SQL queries executed from plugins in the same fashion. It does not trigger the normal File Access protection mechanism. This works despite not having any pre-existing connection between the two files. When you are logged into the plugin_target file with privileges that allow you to run scripts, the script that runs from the source file will successfully execute the target_script in the target file. And the target file requires a Full Access privilege to use references to it, as you will see in the screenshot below. There is no file reference between them and no prior authorization granted in the target file’s File Access section. Here is the scenario: you have two files that unrelated in any way. ![]() It works without requiring prior authorization between the two files. They can do that without requiring a file reference from the source file to the target file. This is a risk to your solution, considering these plugins can do that from one file and target another file. ![]() We will use these two in our examples below. Some popular plugins with this capability are the free BaseElements plugin and the commercial MBS plugin, but there are many others. Plugins can trigger s cripts and use SQL queries to retrieve, add, and modify data. What Kind of Calls Are We Talking About Here? This change in behavior introduced with this feature fits with the overall security approach of disallowing actions until you explicitly allow them. The fmplugin feature helps protect your solutions from exposure to plugins making unwanted calls to your files. And it is an important security feature, so we wanted to make it gets a bit more coverage. In December 2020, FileMaker Pro 19.1.2 introduced a new feature that has not seen a lot of attention, judging by the lack of conversation and content.
0 Comments
Leave a Reply. |
Details
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |