Jump to content

  •  

Photo

Is securing a stand-alone FMP12 solution really that hard?


  • Please log in to reply
26 replies to this topic

#21 truelifeajf  novice

truelifeajf
  • Members
  • 79 posts
  • FM Application:13 Advance
  • Platform:Mac OS X Mavericks
  • Skill Level:Expert
  • Time Online: 1d 11h 59m 7s

Posted 31 October 2013 - 10:50 PM

My comments about "those selling seminars" are not directed at anyone in particular as I don't know anyone in that specific industry who sells security information. But if anyone is in that industry and felt it was directed at them then I apologise.

 

I still think it's a fair conclusion though. It's like the "life extension" industry... everywhere you look there are a bunch of products but no one can really give any data / examples on how their product is making people live longer. It's an industry largely based on distributing fear.

 

As I grapple with wanting to know more about security of my solutions, I tend to think the FileMaker security industry possibly suffers from the same issue.... a lot of scary questions but the answers aren't anything special.


  • 0

#22 Fitch  Imaginary friend

Fitch
  • Moderators
  • 4,037 posts
  • LocationPortland, Oregon
  • FM Application:13 Advance
  • FMGo:iPhone / iPod Touch, iPad
  • Platform:Cross Platform
  • Skill Level:Expert
  • Certification:7, 8, 9, 10, 12, 13
  • Membership:TechNet
  • Time Online: 16d 12h 51m 28s

Posted 01 November 2013 - 08:57 AM

There are probably only a handful of developers who know any more than you do about how to bypass a file's security (I'm not one of them). Other than that recent post that went slightly over the line, I have to say I agree with your statements and I appreciate your pursuit of this issue. I also appreciate Steven's POV that it can be a delicate subject when operating as we do in a closed-source platform that relies somewhat on security through obscurity. Your best bet is probably to invite him or others to give you an example back-channel, or if your IP is worth significant $$, hire him for an hour -- or hire a hacker to try to break in.


  • 0
Tom Fitch :: Portland, Oregon :: Fitch & Fitch: FileMaker consulting

#23 WF7A  Rich

WF7A
  • Members
  • 391 posts
  • FM Application:13 Advance
  • Platform:Cross Platform
  • Skill Level:Intermediate
  • Time Online: 1d 21h 8m 55s

Posted 30 November 2013 - 04:08 PM

(Just to throw this into the mix for someone to comment on)

 

Runtimes in particular--compared to standalone FMP files--are (supposedly) harder to hack.


  • 0

#24 Steven H. Blackwell  Humble Servant

Steven H. Blackwell
  • Moderators
  • 4,762 posts
  • FM Application:13 Advance
  • Platform:Cross Platform
  • Skill Level:Expert
  • Certification:7, 8, 9, 10, 11, 12
  • Membership:FileMaker Business Alliance, FIleMaker Platinum Member
  • Time Online: 9d 6h 33m 56s

Posted 01 December 2013 - 05:15 AM

There is no difference between a data file opened by the runtime engine than there is in the same file's being opened by FIleMaker Pro itself.  it is a FIleMaker Pro file in either instance.

 

The difference lies, not in the data file, but in the executable that opens them. The runtime engine has a number of design features found in the regular versions that have been disabled or removed.  But the files themselves can be opened with FIleMaker Pro and are subject then to the permission restrictions set for those files before the runtime engine was created.

 

I hope this clarifies this matter.

 

Steven


  • 0

Steven H. Blackwell
Platinum Member Emeritus, FileMaker Business Alliance
Platinum Member, FileMaker Business Alliance (2007-2011)
Partner Member, FileMaker Solutions Alliance (1998-2007)
Partner Member, Claris Solutions Alliance (1997)
FileMaker Certified Developer 7|8|9|10|11|12
FileMaker Authorized Trainer 9|10|11|12
_ _ ____________________________ _ _
http://www.fmp-power.com
http://www.filemakersecurity.com


#25 carlosnorvik  novice

carlosnorvik
  • Members
  • 61 posts
  • FM Application:11 Advance
  • Platform:Cross Platform
  • Skill Level:Intermediate
  • Membership:TechNet
  • Time Online: 1d 9h 46m 53s

Posted 06 January 2014 - 09:46 PM

Read the following link about keyless BMW being stolen, even security developed by a high tech company can be cracked by determined hackers.

 

http://www.networkwo...al-keyless-bmws

 

The analogy applies to FM and to  everything which tries to be secured, even to a primitive door lock.

 

There are some that are extremely easy, for example a file made in a famous word processor, secured by a pw against modification (read only w/o the pw) is easily modified in an open source word processor, I found that out many years ago and I just tried while writting this, surpisingly, it can still be done.


  • 0

#26 TKnTexas  intermediate

TKnTexas
  • Members
  • 57 posts
  • LocationIrving Texas
  • FM Application:13 Advance
  • Platform:Mac OS X Mavericks
  • Skill Level:Intermediate
  • Membership:TechNet
  • Time Online: 1d 16h 20m 22s

Posted 11 February 2014 - 07:30 PM

I had some runtimes that I created to use at my job, to make my work easier.  I forgot the passwords.  Using PASSWARE on my Win7 partition, I was able to strip out the passwords for all users defined in the runtimes.  Also worked on the *.fp7 files I had.  I had not removed anything prior to creating the runtime.  They were for my use only.  

Sidenote: my boss liked two of them and added Filemaker Pro 11 to the software tools used in our department so I could really develop the tools.


  • 0
Thomas Hill
Sparta Hospitality
Irving, Texas
Hospitality Accounting and Consulting

#27 Steven H. Blackwell  Humble Servant

Steven H. Blackwell
  • Moderators
  • 4,762 posts
  • FM Application:13 Advance
  • Platform:Cross Platform
  • Skill Level:Expert
  • Certification:7, 8, 9, 10, 11, 12
  • Membership:FileMaker Business Alliance, FIleMaker Platinum Member
  • Time Online: 9d 6h 33m 56s

Posted 01 April 2014 - 08:31 AM

 

I have said now about all I plan to say about this topic, at least for now. I may have more to say later in a different venue or perhaps here as well.

 

 

Here is some additional information:

 

http://fmforums.com/...-vulnerability/


  • 0

Steven H. Blackwell
Platinum Member Emeritus, FileMaker Business Alliance
Platinum Member, FileMaker Business Alliance (2007-2011)
Partner Member, FileMaker Solutions Alliance (1998-2007)
Partner Member, Claris Solutions Alliance (1997)
FileMaker Certified Developer 7|8|9|10|11|12
FileMaker Authorized Trainer 9|10|11|12
_ _ ____________________________ _ _
http://www.fmp-power.com
http://www.filemakersecurity.com





FMForum Advertisers