SQL injections

janhagemeister · November 24, 2024, 2:15pm

I want to highlight a topic that is not widely known: FileMaker is vulnerable to SQL injections if the FileMaker SQL functions are used without parameters. I often see examples where FileMaker fields are directly embedded into the SELECT query.

With FileMaker’s SQL commands, it is possible in some cases to query entire tables from the outside, especially if the SQL result is displayed on the layout.

MonkeybreadSoftware · November 24, 2024, 2:34pm

That has been a topic years ago.
We need to remind fellow developers to be careful.

I also had a login form on the website and I recorded thousands of login attempts.

Topic		Replies	Views
Best Practices for hardening field names in ExecuteSQL Questions sql , executesql	12	424	October 14, 2022
FileMaker API Connector: A free and open-source starter solution for integrating FileMaker with any API or database Resources integration , api , data-api	4	437	December 30, 2023
Guidance on sending data from FileMaker to SQL server Questions scripting , sql	6	398	August 2, 2021
SQL With Calculated Fields? Questions	22	1421	November 3, 2021
CF for Returning ExecuteSQL results as JSON Sample files & code sql , json , custom-function	39	2386	June 29, 2023

SQL injections

SQL injections

Related topics