Is there a way to link my form to a website where people can populate the information and it the data will be collected in qbase?

_anomDiebolt_
Qrew Elite
9 years ago
I assume you are in a testing mode as you are leaking contacts:

https://iglcloud.quickbase.com/db/bmn4gfynv

Also, you success page being hosted in your application could leak other dbpages through enumeration:

https://iglcloud.quickbase.com/db/bmn4gfyqi?a=dbpage&pageid=6

https://iglcloud.quickbase.com/db/bmn4gfyqi?a=dbpage&pageid=7

https://iglcloud.quickbase.com/db/bmn4gfyqi?a=dbpage&pageid=8

https://iglcloud.quickbase.com/db/bmn4gfyqi?a=dbpage&pageid=9
MichaelGraham2
Qrew Assistant Captain
9 years ago
I was actually just testing something and changed the internet role temporarily from Viewer to Participant. :)

How can I get round the pageid security. Other than link it to a webpage?
MCFNeil
Qrew Captain
9 years ago
There is not a good way, other than restricting a field access to a field that is on the reports on the dashboards, but open to the internet can also see all your code pages.
_anomDiebolt_
Qrew Elite
9 years ago
Perhaps use a second application to host the success page but have nothing else in that application? I would have to test if you can still reach the pages of the application hosting the form. QuickBase's permissions is not all that fine grained where you can control every possible type of access.

On the other hand someone would have to have deep knowledge of QB to exploit this - most hackers just go for the low hanging fruit trying to exploit unpatched wordpress, drupal etc sites.

Forum Discussion