[FX.php List] The web password in FX
Gjermund Gusland Thorsen
ggt667 at gmail.com
Thu Jan 25 06:04:49 MST 2007
my cwp accounts can only create and update records.
To turn off delete for the cwp user is essential,
along with logging who makes which changes.
ggt667
On 1/25/07, Gary Sprung <gary at gnurps.com> wrote:
>
> All,
>
> I have been wondering about the importance of the Filemaker password used in
> FX in the case of a shared hosting service. In that circumstance, the web
> directory is the top level. You don't get access to levels about the
> directory your hosting service gives you, so you cannot put your password
> into a file in a directory that is inaccessible to the web. So if an
> intruder can get to your PHP files, then they can get your password. Right?
>
> With that in mind, how critical is it to have a complex password; or a
> password at all? Perhaps the much more important consideration is the
> privileges granted in Filemaker to that account/password used by the
> PHP/FX/Filemaker system. One of course limits access to only relevant
> layouts; does not allow editing of scripts, or perhaps not even executing;
> XML extended privileges only; etc. But the password itself... Isn't it no
> more secure than your web directory is secure?
>
> Regards,
> Gary
>
>
> --------
> Gary Sprung
> GNURPS Consulting
>
> gary at gnurps.com
> www.gnurps.com
>
> Landline: 720-565-9933
> Cell: 303-859-9331
>
>
>
>
> _______________________________________________
> FX.php_List mailing list
> FX.php_List at mail.iviking.org
> http://www.iviking.org/mailman/listinfo/fx.php_list
>
>
>
More information about the FX.php_List
mailing list