[FX.php List] * and login
Alex Gates
alex at gandrpublishing.com
Tue Oct 31 06:25:44 MST 2006
Hi everyone-
I've realized that my login can easily be compromised! Thankfully I
figured this out early in the development process.
If I enter * for username and * for password, it logs me in as the
latest registered user.
This is my search syntax:
$lookup=new FX($serverIP,$webCompanionPort,'FMPro7');
$lookup->SetDBData('Web_Cookbook_Dev.fp7','WebLogin');
$lookup->SetDBPassword('xxxxxx','xxxxxxxx');
$lookup->AddDBParam('Username', $username, 'eq');
$lookup->AddDBParam('Password', $password, 'eq');
$lookupResult=$lookup->FMFind();
$foundResult=$lookupResult['foundCount'];
I'm sorry if this has been covered - I searched the archives but I
didn't find anything.
Is there a way I can modify this search syntax so * can't be used for
username and password to log in?
Wow - I never realized this was a possibility... I just randomly tried
it this morning and was shocked at the result...
Thanks in advance!
Alex
More information about the FX.php_List
mailing list