Recent Blog Entries
14 for 14: Shortcuts for Quick Script Step Entry
By Daniel Wood in FileMaker WeetbicksThe new Script Workspace allows you to add script steps simply by typing them directly into a script. It will attempt to auto-complete your entry and find matching script steps. With a little practice and habit you can easily learn the best shortcuts to use to save you the most time when it comes to finding the specific step you want to add. In this article we provide a demo file that gives you a number of variations of shortcuts you can use for every script step, as well as going into detail as to how the auto-complete works.
Click here to read the full article…
14 for 14: Working With the Script Workspace
By Daniel Wood in FileMaker WeetbicksThe biggest feature overhaul in FileMaker 14 is that to the scripting area, now known as the script workspace. This is the biggest scripting change in years and with it comes a number of areas where you can gain in efficiency when writing scripts. In this article we document all of the areas of the script workspace and list as many features as we can find.
Click here to read the full article at FileMaker Weetbicks
14 for 14: The Power of the Placeholder
By Daniel Wood in FileMaker WeetbicksPlaceholder text is a great new feature in FileMaker 14. With it you can specify by calculation what label text is to appear in a field that is empty. You can also have complete control over the styling of that text. In this article we demonstrate how to setup a placeholder and some of its benefits over standard labels. We also show how placeholder text can be used as a powerful user interface tool for displaying virtually any calculated value direct on a layout without the need for fields or variables.
Click here to check out the full article at FileMaker Weetbicks
Introducing the FileMaker Weetbicks 14 for 14 Series
By Daniel Wood in FileMaker WeetbicksFileMaker 14 is here! To celebrate, FileMaker Weetbicks has written 14 articles all about FileMaker 14. Over the next few weeks we will be releasing these articles to the community. We cover all the cool new features (and some hacks!) and take things further as we usually like to do Stay tuned!
Click here to read the full article…
FileMaker 14 Platform Brings New Security Features
By Steven H. Blackwell in FileMaker Security BlogFileMaker 14 Platform Brings New Security Features
The newly released FileMaker 14 Platform contains a number of security enhancements, at least one of which has significant potential to strengthen Platform security and to close a significant vulnerability.
For many years users of FileMaker Pro on the Macintosh OS platform have been able to save database credentials in the Macintosh KeyChain. And with the advent of Windows 7, FileMaker Pro users have also been able to save credentials in the Windows Credentials Manager. We should note that is separate and distinct from Single Sign-On capabilities managed by External Server Authentication and Active Directory on the Windows OS.
All of this is convenient. However, it also presents a vulnerability, inasmuch as it allows anyone with access to a machine to access the hosted databases without having to know the proper credentials. It can also present unexpected results, because such stored credentials take precedence over any a user might enter manually. If database passwords are changed, then the stored credentials are no longer correct. This causes error messages to appear, often to the confusion of the users and server administrators alike.
In FileMaker® Pro 14, developers can block the ability to store credentials and to use ones previously stored. This is done at the file level in the File Options pane as shown below. By default the option to store credentials is blocked for newly created files in FileMaker Pro 14. For files initially built in earlier versions and then converted to version 14, the option is enabled by default. Developers must disable the ability to store credentials for files converted from earlier versions. This is a subtle distinction, but an important one. Developers should note this difference in behavior.
Another new feature is the introduction in several places in FileMaker Pro 14, and in FileMaker® Server 14 as well, of password strength meters. These meters are similar to the one already found in FileMaker® Pro 13 Advanced for the encryption password. The meter will tell the developer whether the selected password is Weak, Moderate, or Strong. Strong passwords are the most secure.
What constitutes a strong password? Generally in the FileMaker developer community there is a belief that longer passwords are more secure than shorter ones. This is not a correct belief. Length is an important attribute of password strength. However, it is not the only consideration. Complexity is another attribute, as is entropy. Complexity refers to the alphanumeric mix of characters in a password or passphrase. Entropy refers to the degree of uncertainty of a random variable that the password or passphrase exhibits.
Consider these examples:
Maryhadalittlelambitsfleecewaswhiteassnow is a 41 character passphrase. $$todonuts4meanddonutsto$foryou is a 32 character passphrase. However, the first one registers as Weak. The second one registers as Strong.
Another new security feature relates to the use of SSL for progressive downloading of container field contents in hosted files. In earlier versions, even if SSL for encryption of data in transit were invoked, contents of container fields were not encrypted in progressive downloads. FileMaker Server 14 now allows for the use of SSL for such downloads. This requires a custom SSL certificate; developers and server administrators configure this option in the Server Admin Console as shown below.
Another new security feature involves a change in the User Interface options for configuring security settings in files. In addition to the previously existing system, that remains fully in place in the new version, there is also a new, abbreviated version targeted at new users and at others not familiar with the legacy structure. The new system allows creation of Accounts and Passwords and linking to Privileges. The name of the new User Interface is Basic Security. The previously existing, legacy system has been renamed to Detailed Security.
Finally, there has been a significant change in the FileMaker Server Sample File from the one available in earlier versions. Prior to FileMaker® Server 14, the Server Sample File had been a completely open file that opened by default to the [Full Access] Privilege Set. This behavior introduced a significant security vulnerability onto installations of FileMaker Server. I discussed that vulnerability in the BLOG post found here: http://fmforums.com/blogs/entry/777-protect-your-filemaker-server-and-files-from-a-vulnerability/
I am pleased that in FileMaker Server 14, this vulnerability insofar as it relates to the Sample File has been closed. When the Sample File opens now, it is with a restricted set of privileges.