![]() ![]() Third, for the MBS Plugin, you can use Plugin.SetFunctions function to limit the list of functions to the ones you need. Not to mention creating new scripts which they can trigger anything anywhere. Second point means if an user has the chance to modify a script, they could write anything there, including calls to sabotage, steal or delete data. But you pass values as parameters and not put them in the SQL directly, right? Same for text used in SQL statements, where user can enter SQL commands in text fields and they are executed. Or other cases you may need to remove brackets to remove function calls. But what if they enter a plugin call instead? Well, using GetAsNumber first may help to convert input to a number first and strip function calls. your user enters a number and you multiply it. You make sure you limit the plugin features to those you need.įor the first point, well you can let the user enter a calculation and use Evaluate to get the result.You do not allow databases on servers with user accounts who can edit scripts or layouts.You do not simply pass user entered text to evaluate or SQL function in FileMaker.All functions you may use yourself to do backups to remote locations in your scripts.įor all your solutions you must make sure that: They all may offer functions to delete files, to upload files via FTP or to encrypt files. ![]() Whether you use our MBS Plugin or a few of the others available.
0 Comments
Leave a Reply. |