Leaderboard


Popular Content

Showing most liked content since 01/17/2016 in all areas

  1. For the most part people come to FM Forums seeking advice or assistance. If given a little thought, your topic can really engage the reader to want to assist you in finding the best answer or solution. Step 1: Choose Wisely! By first looking at the topical nature of the forums you can see there are many different forums that cover a wide range of discussions. By way of self-curating the site, try to choose a forum that covers the intent of your topic. We realize that some items cross boundaries and that is ok, just choose a forum that fits the spirit of your topic. If it's wrong a moderator will move it to a forum that best suits the conversation. Step 2: Titles, Names, & Tags Be terse but informative. With your topic title, encourage your reader to want to read your topic. Don't be needy or demanding with "please help" post titles. We realize you've hit a brick wall or may be very frustrated or have a demanding boss. But take a breath - it will be ok. Then compose a topic title that draws them in. Add a tag or two, they will appear next to the topic, it can just be a simple word or phrase that tags the post to some FileMaker-centric topic. Step 3: No Need for Apologies It is not necessary to start your post with an apology to the reader regarding where you are posting or your current understanding of a topic. We are pretty nice here and won't fault you for trying. Step 4: Prerequisite In order for your reader to provide the best response, make sure your profile has been updated with the platform and version of FileMaker that you are using. Otherwise we will assume you are using the most current versions, and the advice given may not work in older versions. If your post is specific to a version / platform / deployment please inform the reader — we don't necessarily need your computer specs, just enough background so that the reader can envision your environment. Step 5: Goals Stating your desired goals, and what you are attempting to achieve in a simple statement will aid the reader as they read further in to the details of your conversation. Step 6: What have you tried? Outline your process and steps you have taken, to get to you the point you are at. It doesn't have to be overly verbose, an essay isn't necessary. Step 7: Format for Emphasis Use the WYSIWYG editor to format text as needed to provide details. You can reference generic terms such as table::field or use your own nomenclature but if the context dictates provide the reader clarity what things may mean if they would not be apparent to someone outside your organization, or industry. this is code from a calculation bullets lists Step 8: Pictures & Sample Files Admit it, you know you miss Show & Tell from kindergarten. Re-live a past life by providing a screen image of your solution. Provide the reader information and context. Use third party tools to draw arrows on your image if needed. Can you send a clone of your solution? - If you do please make sure confidential data is removed, and your boss says it is ok. If you are modifying a commercial version of software that you have purchased — we request that you not do post a clone of these files; as that would be most likely against your terms of service. In that case you can make and post a sample file that recreates the issue you are having. Step 9: A Sense of Humor Keep your sense of humor, and don't forget to smile. The site is visited by members of all skill levels, many are full time developers and consultants and generously volunteer their time and energy to the site. When the occasion calls for it give them your gratitude . A little levity never hurts. Also keep in mind that American English is not everyone's native language -- some things may not translate. If English is not your first language, just do your best. We really appreciate this! It gives us a little spring in our step.
    6 likes
  2. 4 likes
  3. Emerging Trends in Information Security Affect FileMaker Platform By Steven H. Blackwell March 17th 2016 The recently concluded annual RSA Security Conference showcased a number of important emerging trends in Information Security that likely will affect FileMaker Platform developers and Administrators of FileMaker Platform systems. In this BLOG entry, I will describe some of these and offer some observations about how they might apply to the FileMaker Platform. Multi-Factor Authentication (MFA) will increasingly become a standard requirement for Identity and Access Management (I&AM) in organizations of all sizes. This is especially true for connectivity by mobile devices. And it especially true for data hosted in the Cloud. As we saw recently, efforts to create a “two-factor authentication” system inside of the FileMaker Pro client product did not work out well at all. (http://fmforums.com/blogs/blog/112-eye-on-filemaker/) A true MFA system will require coordinated integration with FileMaker Server, wherever that server resides. The data are still the key asset. Outer perimeter defenses, while important, are secondary to protecting the data from the inside out. The data are the asset we most seek to protect, wherever the data reside. For the most part, they reside inside of the database itself. That’s why finely-grained Privilege Sets, strong I&AM, Encryption At Rest, and Encryption In Transit are all so important for FileMaker Platform deployments. Insiders are the new malware. And now, everyone is an Insider. Whether by inadvertence, by curiosity, by carelessness, or by malicious intent, those persons inside organizations and inside organizational supply chains remain a principal threat vector for compromise of digital assets. Any number of major recent data breaches over the past year or so started in the organizational supply chain apparently. Context-sensitive and content-sensitive conditional authentication of identity assertions will become more and more common. What does this mean? A trusted insider accessing data from inside a corporate LAN may trigger one level of authentication requirement. That same user when attempting access from outside the LAN may trigger multiple steps (factors) of authentication requirements. Moreover, access to more sensitive data may require additional authentication factors. And when the context changes mid-session, additional authentication challenges may need to appear. This again will require close integration with FileMaker Server. The need for cyber-insurance will increase dramatically. To mitigate the liability associated with data breaches, more and more organizations of all sizes are going to need to acquire cyber-insurance. Premiums will continue to rise. Organizations of all types and sizes face liabilities such as damage to brand reputation, civil judgments in suits brought by persons whose data are compromised, business interruptions, and–dare I even say it—cyber-extortion. The underwriting process for this will require a more stringent adherence to a range of Best Practices by those seeking the insurance. Small and medium-sized businesses, a staple of the FileMaker community, are perhaps least well equipped to survive a major breach absent this insurance. Regulatory attention to security breaches will increase at both the Federal and State levels. Additionally there will be concomitant increases in scrutiny about whether organizations have employed “reasonable” security practices. What constitutes such practices is sometimes unclear; however, in any given instance, the list may be extensive. The California Attorney General’s Office recently noted that there were at least twenty specific items that any organization should presume to employ in order to meet the standard of “reasonable” security practices. (These are the Center for Internet Security’s Critical Security Controls. https://www.cisecurity.org/critical-controls.cfm) The Attorney General’s report notes that in 2015 approximately 60% of Californians were victims of a data breach of one sort or the other. And the data involved are often the most sensitive type information, including financial data and health-care records. California is often a leading-edge indicator for regulatory actions, and it is entirely to be expected that other states will follow suit here. (https://oag.ca.gov/breachreport2016) So, where does this leave the FileMaker platform and the FileMaker Developer Community? First, developers and administrators need to be sure they have properly aligned the security requirements of their systems to business requirements. This includes such items as brand reputation, customer/client data privacy, civil liability protection, regulatory compliance (State and Federal and international as applicable), and business continuity. I will be having much more to say about this is coming weeks. Second, developers need to follow Best Practices for security in FileMaker Platform files. This includes granular Privilege Sets, Encryption at Rest, and File Access Protection. Third, FileMaker Server Administrators also need to follow Best Practices for deployment, including appropriate OS for servers, a rigorous backup regimen including the tested ability to restore from backups, and Encryption in Transit. Fourth, business unit managers at FileMaker Platform customers need training in Security Best Practices from the user standpoint. Likewise, they should assure that their employees have a similar awareness. Fifth and finally, but certainly not least, we need to encourage FileMaker, Inc. to continue to improve the security schema of the Platform, most particularly the introduction of Multi-Factor Authentication (MFA) and the introduction of additional controls over the behavior of various external API’s. This includes Apple Events, Active X, Execute SQL, PHP, XML, FMPURL, and PlugIns.
    4 likes
  4. Security Vulnerabilities of FileMaker Platform API’s: An Update January 9th 2017 In an April 2016 entry on this BLOG titled The FileMaker Platform API’s Are Your Friends, Right? [http://fmforums.com/blogs/entry/1535-the-filemaker-platform-api’s-are-your-friends-right/] I discussed a number of FileMaker Platform security issues centered on the uncontrolled use of a number of external Application Program Interfaces (API’s). There are at least nine of these API, possibly more, if ExecuteSQL is included. The central thesis of that article was that these API’s provide unexpected attack vectors to compromise FileMaker Platform files. As noted at the time: Many FileMaker developers are not aware, however, that these API’s have the capability to access customer or client solutions in unexpected ways and to extract or insert data, to manipulate business processes developers embedded into these solutions, and to compromise the integrity of these solutions. Unfortunately, in the intervening nine-month time span, we continue to see cases where several of these API have been used for malicious purposes to compromise FileMaker Platform files’ business process integrity, to manipulate data, and to extract data. And many in the developer community remain unaware of this problem. In this BLOG entry, I will describe two of these API’s in greater specificity and detail, including describing a variety of attacks they can facilitate. This article will not discuss the ActiveX API that is available on Windows OS; however, developers should give similar attention to that approach. Developers need to be aware of these items in order to protect their files and those of their clients. The two API at the center of this focus are Apple Events and the FMPURL process. In the earlier article, I noted several elements about these that bear repeating here: [These API] cause particular concern because of their breadth and relative ease of use…. The Apple Events Suite has an extensive set of commands that can read and write data, read metadata, manipulate the UI, and trigger scripts. In addition, they can work outside the normal constraints found on layouts in a file. [http://thefmkb.com/5671] The FMPURL…can open a file and run a script in it. If the file is already open, then the script will still run. [http://thefmkb.com/5560] A few general comments about both of these API’s: · They are not platform-specific in the sense that just because a client organization is an all Windows OS environment that it is immune from an Apple Event attack. It’s the OS of the attacker that controls whether the API can be used. · There are some ways within Privilege Sets to constrain behavior of these API commands when they are applied on a file. The Export privilege bit can control the ability of Apple Events to extract data from a file. The Layout Access privilege bits can also constrain the ability to see contents of a layout. Likewise, Script Access privilege bits can control the availability of a script to either of these API. · These API often perform actions in unexpected fashions that fall outside the normal, traditional, and familiar FileMaker Pro User Interface behavior. This is part of what catches developers by surprise. —Apple Events— When a file is open, whether standalone or hosted by FileMaker Server, an attacker can send Apple Event commands to it causing it to perform a variety of actions, including: · Run any script to which the user has access, irrespective of whether that script is in the list of Scripts or whether it is attached to some UI element, such as a button. · Navigate to any Layout irrespective of whether that Layout’s name is in the list of Layouts or not. If the user’s Privilege Set has access to see that Layout, then its contents are visible whether the developer ever intended for the user to view the Layout or not. · Return various metadata about the file, including such items as Script Names, Value List Items, Layout Names, Field Names, etc. If a user’s Privilege Set does not allow access to the item, its name does not appear in the list returned. · Put data into any field in the database or extract data from any field, irrespective of whether that field is on the active Layout or is on any Layout for that matter. Here are several examples of these scripts, all working on a file named Our_Secret_Information.fmp12. tell application "FileMaker Pro Advanced" activate go to first layout end tell tell application "FileMaker Pro Advanced" activate do script FileMaker script "Relog_as_Admin" end tell tell application "FileMaker Pro Advanced" activate set somevar to name of every layout end tell tell application "FileMaker Pro Advanced" activate set somevar to name of every field end tell tell application "FileMaker Pro Advanced" activate set somevar to get data field "CreditCardNumber" end tell —FMPURL— The FMPURL command’s principal attack vector is that it can be used to run any Script in a file to which a user’s privileges has access. Similar to Apple Events, this occurs irrespective of whether that script is in the list of Scripts or whether it is attached to some UI element, such as a button. If the file is closed, the command first opens the file with supplied credentials, then runs any OnFirstWindowOpen script, and then runs the designated script from the FMPURL command. As a result of this behavior, a Halt Script step at the end of the opening script has the effect of blocking the running of the FMPURL designated script. Some developers have utilized this technique to block FMPURL calls to scripts in a file. However, if the file is already opened or if there is no opening script, then the designated script does run. Here is an example of calling a script, again in our file Our_Secret_Information.fmp12 being hosted at a server at IP address 0.0.0.0. fmp://0.0.0.0/Our_Secret_Information.fmp12?script= Relog_as_Admin —What Is the Significance Of This and How Do We Address This?— One of the many reasons we caution developers against embedding security elements such as Identity and Access Management controls into the data layer of FileMaker Pro databases is precisely because such elements are vulnerable to these API attacks. Think for a minute about that Relog_as_Admin script that presumably relogs into the file with a [Full Access] Account. If an Attacker can trigger that script and cause it to run, irrespective of what the developer might have intended, then the Attacker has full access to the file. This has actually happened. Or, suppose that a developer has made a “Developer_Only” layout in the file, removed it from the list of layouts, and left sensitive information on it. If the Attacker can navigate to that layout, and if it is not protected by settings in the Privilege Set, then the Attacker can learn the contents of the information on it. This has actually happened in numerous instances, including unbelievably, the appearance of [Full Access] level credentials left exposed on the layout! Likewise, suppose that a developer has made a so-called “Privileges Table” with various fields that purport to control whether a user can do such things as create records. Using the Apple Event Set Data command, an Attacker could likely change the values in these fields if they do not enjoy additional protection. More likely even, the Attacker could simply issue a Make New Record command and create the record. That is a process frequently used to thwart developer-imposed limitations on the number of records in a demonstration version of a vertical market solution. So, what can be done to manage this situation and to prevent these type attacks? In FileMaker® Pro 15, FileMaker, Inc. added a new Extended Privilege option in the Privilege Set called fmscriptdisabled. Developers must explicitly invoke this option; it is not a default option. What it does is to prevent Apple Events (Macintosh OS) and ActiveX commands (Windows OS) from activating scripts, just as the name implies. It has no impact on FMPURL or on other Apple Event commands that do not involve triggering of scripts. Some of the other items in a Privilege Set, notably Export and data layer modification elements, can control Get Data and Set Data Apple Events. If Export is disabled, then Get Data will not return data from the selected field. In tables where the editing privileges are restricted, likewise, Set Data will not add data to a field. Creation and deletion privileges behave in similar fashion. Remember, we are talking here only about Apple Events. Other processes may behave differently. Controlling API behavior is important; however, it is not the only security feature that developers must invoke to assure Confidentiality, Availability, and Integrity of their database systems. So, clearly what we need here is a way to block these API from interacting with FileMaker Pro files. FileMaker, Inc. is aware of these issues and has been working on new ways to address them. In the Product Road Map Webinar presented on November 30th 2016, FileMaker, Inc. noted that the next version of the FileMaker Platform will contain a number of additional security enhancements. I am authorized to say that one of those enhancements will be a new process for more closely and granularly controlling several of these API’s. At such time as there is any new version of the FileMaker Platform, I will have additional comments and analyses of the issues related to these API’s.
    3 likes
  5. Suppose you have a variable named $word, holding two numbers separated by a hyphen. After running: Set Variable [ $range; Value:Substitute ($word; "-"; " " ) ] Set Variable [ $rangeStart; Value:GetAsNumber ( LeftWords ( $range ; 1 ) ) ] Set Variable [ $rangeEnd; Value:GetAsNumber ( RightWords ( $range ; 1 ) ) ] Loop Exit Loop If [ $rangeStart > $rangeEnd ] Set Variable [ $enum; Value:List ( $enum ; $rangeStart ) ] Set Variable [ $rangeStart; Value:$rangeStart + 1 ] End Loop you will have a variable named $enum holding a list of all the numbers within the range.
    3 likes
  6. Thank you, Josh, for reconstructing this important thread and for posting it. What did we learn from this episode? Here is a summary: · What we call something matters. Calling a process 2 Factor Authentication does not make it so. · Manipulating the business logic layer, i.e. scripts, of the FileMaker Platform in an attempt to create additional security features requires an in-depth and nuanced understanding of how that layer performs, particularly in relation to external API’s or under the influence of such API’s. · More likely than not, an ersatz process will introduce additional vulnerabilities into a system, while at the same time retaining all the vulnerabilities the underlying elements that comprise the process have in and of themselves. · The business logic and data layers of a FileMaker Pro file are subject to manipulation by attackers in ways that result in the defeat of the ersatz process. The Platform has tools and features that diminish these risks; however, developers frequently do not employ these tools. · To paraphrase the late Will Rogers, “It’s not what you don’t know that hurts you. It’s what you know that isn’t so.” Steven H. Blackwell
    3 likes
  7. Since FM14 came out with the new button bars having the ability to calculate data on the fly on layouts for display purposes has been great - the fact that you can display data without a dedicated calculated field or extra relationships just to display a bit of information. So I am generating a document that prints a portal however the data is not connected to the portal in the traditional parent / child relationship - but rather it's showing related data for the given product kits. This invoice line item record is not "parent" to the portal of kit items. That presented a challenge - originally i had a convoluted way to generated this report using a virtual list but the it required a bit more effort to generate, so how to get totals to display properly in the portal row to multiply quantities - and to also show a total of items packed? One thought would be to put global fields in to the kits lookup table and then set them which would drive keys to the data tables via dedicated relatiohships just prior to generating the report, but that just felt awkward. Here is what I came up with. The row of 6 kits are what the customer ordered based on this there needs to be 108 pieces based on the piece count for each item in the kit multiplied by the quantity ordered. Example 6 x 12 = 72 as you can see by the first row in the portal. To get the value of the 72 I added a singe segment button bar to the portal and multiplied the 6 by the 12 pretty simple. This was all great but I also needed to get a total for the total items packed but that is based on yet another table not directly tied to the kit table. So by adding a second calculation button segment and this formulae I was able to get the necessary data. Hope you find this useful. Cheers.
    3 likes
  8. You can also use Export Field Contents and skip specifying the field. There are a few more ways as well, such as exporting 0 records using same path file name. All similar principle so it's which you like best. I like Export Field Contents; picked up from Comment, I suspect.
    2 likes
  9. Yet another option: sort the found records by the DeliveryRemaining field, ascending (or descending) and check the value of the last (or first) record.
    2 likes
  10. Good points, well-taken; but I can't shake the feeling that you're thinking like salesmen rather than like customers. Many people are "penny wise and pound foolish", whether we like it or not, and I used to make my living getting hired to cater to that and then guiding them to better decisions — but only if their decision to use FileMaker allowed me to get my foot in the door. It's nice if you can say, "Well, I really don't know if I want those people as clients" but I made a decent living off them, once, and now I'm not anymore. I agree FileMaker Cloud is a step in the right direction (taking your calculations at face value - I have a cold right now and can't really think through the figures myself at the moment.) Thinking back to when my clients were mostly small mom & pop businesses and nonprofits (and I was much busier as a consultant than I am today) I'm sure about half of them would have seen your reasoning. But for half of them, the appeal was that they could host FM on the old mac mini they had sitting in the corner and never have to think about it. The conceptual hurdle of dealing with AWS & EC2, for the non-computer-literate clients that it used to seem to me were FileMaker's bread and butter, is much more immense than it is to you and me. For the same reason that clients still insist on onsite visits even after TeamViewer and Skype have made physical presence 99.9% unnecessary, mom & pop operations also aren't going to cotton to offsite virtual servers with complicated administrative interfaces that they have to learn (when they can just barely figure out how to use word.) It makes them feel like they're now dependent on more things outside their control, and they don't like that. I can't imagine selling a virtual-server-based 5-seat-minimum system with monthly licensing to a lot of the people who I used to survive off of. They just wouldn't bite. Even if it was free they'd still think it was too complicated for them, it's too weird and abstract, and they'd be too worried about perpetual dependence on me keeping the server running. Whether it was true or not. The whole point was the FileMaker used to be for people who didn't want to have to become technically-adept computer geeks. AWS is precisely for technically-adept computer geeks, and it's a very beautiful thing for them, but that's who its for. The thing that sucks, to me, is, FileMaker doesn't necessarily have to be one or the other. There can be both a monthly cloud-based licensing model for teams AND a FileMaker-Go-for-desktop-type "thin client". Also, I know I've seen people cringe when I mention the software subscription model. I know it's worth it, and you know it's worth it, but Mr. McGintee whose little heath food store could improve its narrow margins running much more efficiently on on FMP only hears "I want you to keep paying forever and ever for something you used to only have to pay for once". Yes, I know the flaws in that reasoning. But that's what people hear. And I, for one, would really just rather be developing databases than trying to sell Mr. McGintee on whatever licensing model FMI has decided to adopt this year. Sucks dealing with human quirks, but until I can reliably score consulting gigs on planet Vulcan, these are the things we have to think about. If FM could find a way to increase their penetration in the enterprise realm, and I could get steady enough corporate gigs not to miss the small businesses who used to call me all the time, I'd have no complaint. And the funny thing is, I still get a fair number of calls for help from solitary users using one-person databases. It's that small business, the 3-5 person companies that used to be a rich vein for me, are where the demand seems to have completely been hollowed out. I hope to be pleasantly surprised, but I just don't see FileMaker Cloud bringing those kind of people back to the platform. And there used to be a lot of them. I've posted this elsewhere, but look at this Google Trends graph for search interest in FileMaker: Despite vast improvements in the program, interest (as expressed in google searches for information ) has dropped by 50% every 4 years. It's now declined to about 1/10th of its peak. That should scare the bejeezus out of anyone who makes their living this way, and I just don't think that decline was because of lack of a technically abstruse (to non-IT-professionals) monthly cloud-based licensing option. I firmly believe, based solely on my own experience then and now, that 10 years ago there was a huge, solid base of very small, funky business users that just aren't there anymore, and I would really like FMI to try to find a way to get them back. Not a way that sounds good to you or to me, but to THEM, something simple and uncomplicated yet still powerful under the hood (just like FileMaker used to be.) AWS support isn't that, regardless of price. And, again, it doesn't have to come at the expense of other options. They could offer thin clients on the bottom and all kinds of fancy licensing at the top, broaden their appeal on both ends. Oops, looks like I've ranted again. Apologies, I didn't mean to harangue you. But that graph above is what it all comes down to for me, and I find it very frustrating, because FMI's product marketing strategy seems to be alienating a formerly lucrative segment of their former user base, as if they must be sacrificed to attract a new segment - one which isn't proving itself at the same rate. It baffles me. I just think "FileMaker Go For Desktop" is a good step towards getting those lost customers back in the fold.
    2 likes
  11. There are some nuances worth mentioning here. For example, the default Filemaker find looks for words that begin with the search phrase. Highlighting the search phrase as pattern is more inclusive. Say you searched for "little" and the found record contains "Doctor Doolittle belittled his little friend". Highlighting the pattern "little" will result in "Doctor Doolittle belittled his little friend" - but the first two highlighted occurrences played no part in the search.
    2 likes
  12. This cannot be done by using find alone. Filemaker will find records that contain something. It will not do calculations or comparisons during the find. Now, there are two ways to accomplish what you want: a slow one, and a fast one: The slow method requires that you find the records that will participate in this (if you want to see the latest revision of all products, then do Show All Records at this stage) and sort them by the field in question, ascending. Then go to the first record and loop: If the product-code part in the current record matches the product-code part of the next record, omit the current record. Otherwise go to next record. Note: if you only want to see the latest revision of a single product, then it can be simpler (and much faster). Find the records of the wanted product, sort them, go to first record and omit multiple records using Get ( FoundCount ) - 1 as the number of records to omit. The fast method would require a structural change. At minimum, you need to split the field in question into two separate fields (that's always good practice, embodied by the maxim "one fact per field") . This would enable you to use the Fast Summaries method and omit an entire group of records (except the last record in the group) at once. You would also have to add a summary field that counts the records. Even better solution would have a table of Products, where each product-code would be unique, and a related table of Revisions. Then you could get the latest revision of each product by using a calculation getting the Max() or Last() revision number. Or show it directly from the Revisions table using a sorted portal/relationship.
    2 likes
  13. Hello Everyone, I've written a PowerShell script to allow you to get a free SSL certificate from Let's Encrypt to use with FileMaker Server. You can schedule this to run every few months and renew your certificate automatically. Now there's no reason to keep using that default certificate. Check out the post for instructions! How to Use Let’s Encrypt SSL Certificates with FileMaker Server | Blue Feather - FileMaker Developer, Android, Web EDIT: One compatibility note for everyone - While it looks like it's all compatible with FileMaker Pro 13-15, only FileMaker Go 15 is compatible. FileMaker Go 14 is unable to connect with these certificates installed. I'd recommend using FM Go 15 anyway, but it's something to be aware of if you're still using FM Go 14.
    2 likes
  14. I'll echo the recommendation for the scripted approach - but with a caution about not overdoing the script triggers. Where possible roll the field updates into the normal scripted flow. Script triggers have a tendency to fire even when you really wish they wouldn't and the extra maintenance can be a hassle.
    2 likes
  15. Okay, then. The first thing that needs to be clear here is this: if you want your report to show every day of the selected month, even if you have no records for that day, you will need a reporting table with 31 permanent records numbered serially and global fields for the month and year to report on. The relationship between this table (Days) and your existing table (Records) will be: Days:cDate ≥ Records::DateAdmitted AND Days::cDate ≤ RecordsDateDismissed where cDate is of course a calculation field = Date ( gMonth ; SerialNumber ; gYear ) Then you can count the related checkbox field in order to get the number of events that should be shown in each day's record. Your reporting script needs to look at gMonth and gYear and omit the appropriate number of records from the report (e.g. the last 3 records if it's February in a non-leap year).
    2 likes
  16. Hi John, One thing you can do is go to Manage > Themes and duplicate the Classic theme. YOu'll need to also then change all layouts to point to this new theme. You can then modify the new custom theme all you wish. Keep in mind that you may lose some of your fields' formats if you've set them 'outside' of the defined style and have probably even used 'format painter' on many fields (which can greatly impact your layout loads). You will find that a newer theme will lighten your solution's footprint but there might be some cleanup to do. Once done, you should be good to go. Hi Barbara!!
    2 likes
  17. In a true transaction model you never delete a transaction, you compensate by making another if an adjustment is needed... Think accounting.
    2 likes
  18. Hey again. In a previous thread I suggested using javascript in a webviewer to return the difference between the server and client UUID lists in order to increase the sync check speed. It was much faster, but the code I used included an algorithm with quadratic time complexity, meaning that as the size of the lists increased the time that sync check took would grow exponentially. @GisMo helped test confirm that this solution would not scale well. However I think I've found a bit of javascript that solves this issue and will scale linearly. I've changed the script from the previous thread to use this new code instead. If you are using this javascript method for list comparison I highly recommend you change the sync check script to use this code. Simply open the new file, copy the calculation from set variable[ $url ] in "Sync Check Client", and paste it into your Set Variable[ $url ] step. Otherwise if you're using EasySync and struggling with sync check, give my solution a try! I've attached the new file below and linked to the old thread for continuity. Best, Josh EDIT: For anyone interested in a demonstration of just the algorithms' performance difference before updating sync check, I've uploaded a raw concept file. EasySync_JWH_SyncCheckMod_LINEAR.zip Linear_Array_Comparison.fmp12.zip
    2 likes
  19. I would start by defining the Recruiting Event field to validate as Unique. Then make your script: Freeze Window Set Variable [$Source; Value: Person::Source] Go to Layout ["RecruitingList" (Recruiting)] Set Error Capture [ On ] New Record/Request Set Field [Recruiting::Recruiting Event; $Source] Commit Records/Requests If [ Get ( LastError ) = 504 ] Revert Record/Request [ No dialog ] End If Go to Layout [original layout]
    2 likes
  20. Try: Set Variable [ $txt; Value:AnyTable::gTextfield ] # # OUTER LOOP Go to Layout [ “Questions” (Questions) ] Set Variable [ $i; Value:1 ] Loop Exit Loop If [ $i > ValueCount ( $txt ) ] New Record/Request Set Field [ Questions::Question; GetValue ( $txt ; $i ) ] Set Variable [ $qID; Value:Questions::QuestionID ] # # INNER LOOP Go to Layout [ “Options” (Options) ] Loop Set Variable [ $j; Value:$j + 1 ] Exit Loop If [ $j > 5 ] # Set Variable [ $option; Value:GetValue ( $txt ; $i + $j ) ] Set Variable [ $correct; Value:Left ( $option ; 4 ) = "[X] " ] # New Record/Request Set Field [ Options::QuestionID; $qID ] Set Field [ Options::Option; If ( $correct ; Right ( $option ; Length ( $option ) - 4 ) ; $option ) ] Set Field [ Options::IsCorrect; $correct ] End Loop # Go to Layout [ “Questions” (Questions) ] Set Variable [ $i; Value:$i + 7 ] Set Variable [ $j; Value:"" ] End Loop Note that this assumes more than one option can be correct. Otherwise it would be better to store the correct option's ID in the parent question's record.
    2 likes
  21. I am not aware of any system that can summarize millions of records on demand. The general idea is to denormalize some aspects of the solution. For example, you could pre-summarize the transactions from previous years, and supplement this by a "live" summary of this year's records. Hopefully, the reason why "sadly the stored values occasionally become inaccurate" is not modification of history records - otherwise you will need more help than any human can provide.
    2 likes
  22. For years, I have used Case() exclusively, because it does everything that If() does and more. In fact, I viewed If() as a legacy function, provided only for backward compatibility. Recently, however, under the influence of other programming languages, I have decided that the better practice is to use Case() only when there are multiple tests. This makes it easier for anyone reading the formula. I've never understood the "I may need to add more tests later" thing; how long does it take to double-click "If" and type "Case" over it? I am not aware of any differences in performance.
    2 likes
  23. The Brooms they "swap away crazy styling of the text". LOL So if you have copied and pasted some test in from an email or another source...and it has some weird styling... cleaning it can be a pain in the butt. I know this personally. I eat my own dog food. So I put in the broom!!! Yay baby!!! - Richard Carlton
    2 likes
  24. Here is a trick I use on popovers, since its difficult to place an object edge to edge on them without activating the scroll bars. select the object set fill to gradation pull the left and right gradation handles tight towards each other
    2 likes
  25. No, it's not a bug at all. The result of the Round() function is a number. A number does not have trailing (or leading) zeros. If you want to format the number to always display one decimal digit, you can use: Let ( r = Round ( final grade ; 1 ) ; Int ( r ) & SerialIncrement ( ".0" ; 10 * Mod ( r ; 1 ) ) ) which calculates a text result.
    2 likes
  26. The fields that you need to have in the Attendance table: • StaffID • Branch_Code • Hours_Worked (Number) • Hourly_Rate (Number) • cWage (Calculation = Hours_Worked * Hourly_Rate) • sTotal_Hours (Summary, Total of HoursWorked) • sTotal_Wage (Summary, Total of cWage) Once you have that in place, produce your report using a layout of the Attendance table, with three sub-summary parts: a leading sub-summary when sorted by StaffID; a leading sub-summary when sorted by Branch_Code; a trailing sub-summary when sorted by StaffID; and no body part. Place the staff name field/s from the Staff table In the leading sub-summary by StaffID part. Place the Branch_Code, sTotal_Hours and sTotal_Wage in the sub-summary by Branch_Code part. Place the sTotal_Wage field in the trailing sub-summary by StaffID part. Note: Rates can change over time. This is why you should have an individual Hourly_Rate value for every record in the Attendance table (you would probably look this up from the related record in the Staff table). The way you have described this - calculating a sub-total of hours for each branch and multiplying it by the hourly rate - would produce incorrect result when the rate has changed during the course of the period being reported or since.
    2 likes
  27. What you are suggesting is often referred to as a 'thin client'. To some extent FMI is trying to address the licensing aspect of this with their FLT (FileMaker Licensing for Teams). Under that licensing you get an FMS and a # of connections that you can consume with either Pro, Go or WebD. Not quite at the 50-100 USD range that you are suggesting, more like closer to 200 per user at that lower range of 5 users. But FMS is part of that. I must admit that I don't really get the "$299 x 4" is big bucks for a small business. The cost is never a standalone factor; it is compared to the value of your solution. Either the solution provides value over and beyond the total cost (your fee + licensing) or it doesn't. The size of the company does not really matter; it is the value that they think they can get out of it. It is not an expense but an investment, calculating the ROI is important before buying any system. Perhaps the conversation would go easier if you present it as a total cost without breaking it down into your fee and "oh, here's an additional cost"? Or help them calculate the ROI?
    2 likes
  28. I would think that if you issue unique IDs, you would keep track of them. Anyway, if you want to build a "secure" system, you need to learn some basic rules of security first. I don't need to guess. All I need is to read one of your IDs and I can generate close to 500 others that will pass your verification. For example, given your "937N493X814R" I can generate: 919N493X814R 928N493X814R 946N493X814R 955N493X814R 964N493X814R 973N493X814R 982N493X814R 991N493X814R 919N439X814R 919N448X814R .. and so on.
    2 likes
  29. To select a random number between 1 and 20 (inclusive), use = Int ( Random * 20 ) + 1 Very likely so. Hard to be sure without knowing the purpose (what happens after the selection).
    2 likes
  30. See if the attached demo helps: GenerateItems.fp7
    2 likes
  31. Just as an informational point. Our office moved from an older Mac Pro to the new model, and reports were that there was a noticeable drop in overall performance. It simply did not handle the constant bashing of 60 users very well. We are in the process of getting things ready to be deployed on a server grade server running Windows.
    2 likes
  32. Bruce was not being sarcastic, he was pointing out that you failed to provide us with enough information to help. Lose your anger, we are all volunteers and don’t deserve it. There are many ways to share your script. Here is the Help information on how http://fmhelp.filemaker.com/fmphelp_12/en/html/preview_print.6.6.html Please read this topic by Ocean West Anatomy of a Good Topic
    2 likes
  33. Substitute() is one of the few functions that's case-sensitive, so Substitute ( "filename.jpg" ; ".JPG" ; "" ) will not do anything. That's not necessary. You can nest multiple substitutes within a single Substitute() function call: Substitute ( Filename ; [ "-" ; "/" ] ; [ ".jpg" ; "" ] ) will return "SLT/098/00034" when Filename contains "SLT-098-00034.jpg". If all your file names have the same length, then: Left ( Substitute ( Filename ; "-" ; "/" ) ; 13 ) would do the same thing. If they're not, then you could use: Left ( Substitute ( Filename ; "-" ; "/" ) ; Length ( Filename ) - 4 ) to remove the last 4 characters, no matter what the length is.
    2 likes
  34. Better security = +10 Better WAN/network performance = +10 Adjusted file caching ( fast open times ) = 5 I suppose it's all use-case stuff. But the release seems stable and fast so far. Not to be understated.
    2 likes
  35. I don't think you're doing the update justice. The scripting undo alone will make you smile many times over. I've used it for the a few months now even in beta and I could never go back to not having that. The ESS adapter too should be scored higher because it will allow FMI to deliver updates to ESS features without having to rev the whole product. And you are missing significant pieces of functionality from your list: - significantly improved script workspace: it's subtle but once you worked in it for a few weeks you'll never want to go back to 14 - wildcard and SAN SSL certificates - full admin console support for creating the SSL CSR and importing the cert - top call logging on FMS --> this is a MAJOR sleeper bit of functionality - improved network performance - touch ID for Go and iBeacons
    2 likes
  36. I agree with LaRetta: you clearly have a structural flaw. It seems you need three tables here, let's say: Students -< Assessments >- Deficiencies In the Deficiencies table you would have fields for both a threshold and the phrase to return when the threshold is reached or exceeded. In the Assessments table, you would have a field for the individual numerical assessment and a calculation field to return the corresponding phrase if the assessment is equal to or greater than the corresponding threshold. And in the Students table you would use the List() function to collect all the returned phrases from Assessments. Thus you would avoid the need to hardcode data into field names and calculation formulas. Still, as quick fix for your current structure, try the following calculation: Let ( phrases = List ( If ( Functional math deficits >=1 ; "functional math" ) ; If ( Functional reading deficits >=1 ; "functional reading" ) ; If ( Functional written language deficits >=1 ; "functional written language" ) ; If ( Impaired Theory of Mind >= 1 ; "theory of mind" ) ; If ( Difficulty reading social cues >=1 ; "social skills" ) ; If ( Difficulty sitting attending >= 1 ; "learning behaviors" ) ; If ( Lacks functional living skills >= 1 ; "functional living skills" ) ; If ( Lacks functional play skills >= 1 ; "play skills" ) ; If ( Lacks independent leisure skills >= 1 ; "independent leisure" ) ; If ( Is over 14 lacking vocational skills >= 1 ; "vocational skills" ) ; If ( Student has challenges with expressive language >= 1 ; "expressive language" ) ; If ( Student has significant delays in receptive language >= 1 ; "receptive language" ) ; If ( Gross motor deficits >= 1 ; "gross motor skills" ) ; If ( Fine motor deficits >= 1 ; "fine motor skills" ) ; If ( Need for schedule >= 7 ; "use of visual schedule" ) ; If ( Need for work systems >=7 ; "using work systems and task strips for independent routines") ) ; Substitute ( phrases ; ¶ ; ", " ) ) This will return a comma-separated list of all the phrases whose corresponding field has passes the listed threshold. The problem with your approach, using nested Ifs, is that the calculation exits at the first test that return true. Thus it would have never returned more than one phrase.
    2 likes
  37. Hi Kathryn, welcome to FMForums! None of this should be necessary if you are properly structured. Can you attach your file or provide us a copy of your relational graph? It seems you have questions as FIELDS when questions should be records. If questions were records then one field in the Questions table could handle this translation for you. So until we know what we are working with, we can't really assist you. In general, your calculation should be using Case() instead of If() so it can handle multiple tests. However, that truly is not the best direction ... the best direction is restructuring. We can help you with it. :-)
    2 likes
  38. [ Edit: 3/16/2016 - With the help of some other people, we have been able to recover, or recreate some of the original images from original thread. ] Security is always a big topic when it involves data, or people, or possessions. Recently, over on the FileMaker Community, there was a very beneficial discussion regarding security. Unfortunately, that discussion was the victim of a necessary action...and was deleted. It was deleted, because the discussion was tied to a video that, as was determined throughout the thread, was not beneficial to the overall community of FileMaker users and developers. When that video was removed, the discussion vanished with it. This post is specifically targeted at recompiling that discussion, because at it's core represents an important message that is necessary to convey and support. That is, creating ersatz security systems can introduce security vulnerabilities. In my experience, I have only seen 1 (one) approach that increased security while adding a 2nd factor of authentication. And it was complicated and not easily set up...and in the end, comes with it's own set of drawbacks. One of the main things I took from the below discussion ( and it's a long discussion!! ), is this: What is the point of attempting to add a layer of security that does NOT increase security?! If the approach does not INCREASE security, why would you market the approach as a security technique?! The answer to that is the reason why the video that launched the discussion was deleted. While I had much internal debate about the best way to republish the info from this discussion, in the end I decided ( with much input from others ), that just posting the discussion in it's entirety was the best thing. And in doing so, know I have, as do those that gave their input, nothing but respect for all those involved in the discussion. So that is what follows. One very important note: the discussion is one of learning. And I truly believe that no one involved in the discussion came out looking 'bad'. One could say, 'well yeah Josh, you didn't end up being wrong in the thread, so you don't care'. I assure you, I have been wrong in MANY discussions. In fact, I had a similar discussion with Wim Decorte in another thread several months before this one. As I researched, and tested...I learned not only was I wrong, I learned I NEEDED to change something in my development. Without any further introduction, here is the thread: Original Discussion Thread from Community.FileMaker.com, a Video with an interview with well-respected developer Taylor Sharpe: ================================================================= Date: August 12, 2015 at 5:42 PM ( Date of Original Video Post ) Title: Free Video>>> Two-Factor Authentication w/ Taylor Sharp ================================================================= November 27, 2015 at 8:20 PM by Taylor Sharpe Thank you for your interest in this video. It is an additional tool to the suite of FileMaker Security tools to help improve security. This video shows you how to enhance an already implemented security plan to make it even better by adding hardware verification. This tool has minimal impact on staff and uses tools currently available in FileMaker 14. This video shows how to use hardware verification as the 2nd factor authentication similar to how Google and Apple currently implement it. This tool makes use of the current security standard of verifying hardware with Persistent ID as well as FileMaker tools including a start up script and email or text messaging notifications. Additional advice: In conjunction with two factor authentication, you should make sure you already are following the FileMaker security guidelines. Security is one of the cornerstones of a good solution and you should make use of least privileges necessary for users, appropriate password guidelines, consideration of external authentication services such as Active Directory and Open Directory, client-server SSL encryption with 3rd party authentication, Encryption at Rest, backups (yes, that too is a part of security), and physical security. Caution: This 2nd factor authentication is only designed to work in conjunction with the other FileMaker security tools to enhance security and you should not rely solely on this as a single factor of authentication because it is only a hardware verification. Security is a constantly changing field. If you follow FileMaker’s Security Guidelines, you will have a robust and secure server. Additional security tools like this should be considered, as well as documentation of security controls in a security plan. There are additional tools available such as token passing, plugins with higher level encryption, biometrics, etc., that go beyond what is included with FileMaker that may have merit. At a minimum, you should evaluate your server’s security with some type of review or audit on an annual basis. I wish you all the best and encourage you to make sure an appropriate amount of time is allocated to security when you are developing your solutions. DEMO FILE: Can be found at <sample file> ( link removed ). It is UU encoded, but ready to go with full access for Admin user account and no password. Feel free to make use of the sample file to copy scripts or layouts as you may need. Appropriate credit would be appreciated. Thanks. ================================================================= November 28, 2015 at 7:50 AM by Wim Decorte To be very clear: it is NOT true 2-factor authentication since it relies on the user already been authenticated and allowed into the solution before the 2nd factor comes into play... ================================================================= November 28, 2015 at 2:16 PM by Taylor Sharpe It might be a bit of splitting hairs, but not inaccurate. You are in FileMaker in-so-much as you are logged in and being processed by a start up script for further validation. But a regular user can't escape the script. The way to meet Wim's definition of Two Factor authentication is to have some other program perform that two factor authentication prior to FileMaker's credentials or FileMaker add this security feature and it reside outside of FileMaker scripting and before getting logged in (boy that would be nice, FileMaker, Inc.!). The assumption I was working with is that people are limited to FileMaker tools and you cannot avail yourself of those tools without being inside of a FileMaker solution to run the 2nd factor script. This means things like turning auto abort off. And it is a security improvement over single factor authentication, but it is not invulnerable. For example, someone with Full Access will be able to enable the script debugger and this is a reason to be very limited on who has Full Access and make sure those passwords are strong. Tim Dietrich's FM Authenticator and others have done similar Two Factor authentications with FileMaker, but they all use a startup script like this one and are therefore subject to the vulnerability Wim points out. Just keep in mind that this can be an improvement to security assuming you have fully implemented the FileMaker security guidelines already and this is an ADDITIONAL tool, not an exclusive one. For example, it would be a bad idea to use this 2nd Factor authentication and tell people that they only have to use User ID's, but no passwords. Thank you for the comment Wim. It is good that we all understand how security works and where its weak points are. ================================================================= November 28, 2015 at 6:28 PM by Wim Decorte I don't think it is splitting hairs; it's about calling things what they are. We certainly don't want people going around saying that FM does support 2FA when it does not. I'd hate to be part of a security audit where someone proclaimed that FM does 2FA based on this or a similar approach... As to the level of security: while a user can not escape out of a script by simply pressing ESC, there are ways to stop scripts so relying on a scripted security system does not usually enhance security but rather introduces potential vulnerabilities. ================================================================= November 29, 2015 at 2:47 AM by Taylor Sharpe <Post deleted by Taylor Sharpe> ================================================================= November 29, 2015 at 7:38 AM by Wim Decorte Very disappointed in this reaction. Since when is a difference in opinion "inappropriate and unprofessional"? And I do not appreciate the insinuation that I am not a professional or worthy of working for Soliant Consulting, nowhere in my replies did I ever attack your integrity or the company you work for. If 2FA is a requirement then I would suggest using technologies that do have full & native 2FA: like logging into the OS through 2FA and then use EA for access to the FM application. I do withdraw from this conversation, not because I'm being told to by you, but because once a respectful debate over differing opinions is not welcome, then I do have nothing further to contribute. ================================================================= November 29, 2015 at 7:12 PM by Josh Ormond I am very surprised at this response, having seen the response before it was deleted. The problem that Wim is pointing out is a real issue. We can call something 2FA, but if the person is IN the file after the first factor, for compliance reasons and technical reasons, it really is not 2 Factor Authentication. Because the 1st factor allowed them in, and you can't from there stop them from accessing the file. Simply put, one can easily stop the script from running and add their device as an approved device and access everything in the file. I don't see how that is increasing the security of the file. It only gives a false sense of security. Which leads to larger problems. This file, having never seen it before, took me no more than 15 secs to authorize myself to access the file from any device I want, using nothing more than the tools provided in the file. I only need one-factor to get in now...anytime I login. If one where to promote their solution as a compliant solution using 2FA, they could be opening themselves to hefty fines. As Wim said, if 2FA is required, you need something that prevents you from getting into the file with 2 factors. Though I do like Tony White's response to this discussion in another place: Maybe we should call it "1+1 Factor Authentication". ================================================================= November 29, 2015 at 7:58 PM by Tony White Thanks Joshua Ormond for the shout out. Here is the twitter perma-link to the thread. https://twitter.com/tonywhitelive/status/670721676464779264 I implement security that uses the built in tools and at the same time am open minded to creative ways of adding to security...as long as they successfully address defined use cases. Know the rules and know when you can extend them... On a separate thread I proposed the idea of a security contest with a monetary price. https://community.filemaker.com/message/517290#517290 Interesting topic. Lots of considerations to factor in when coming up with best practices. ================================================================= November 29, 2015 at 8:22 PM by Taylor Sharpe Joshua, I deleted my own response and not FileMaker because I was offended by Wim and the way I worded the response was not professional. My bad and apologies to Wim. I think there can still be a good discussion. Two Factor means that two methods are being used for authentication. Providing additional requirements on what makes another factor a real factor or not does not make it not another Factor even if it is not as robust as other possibilities. Wim does bring up a point about why it is not as robust as other 2nd factor authentication implementations because the 2nd factor is done within the solution and not before you are in the solution. The solution I provide in the video uses the tools available from FileMaker. Within the constraints that FileMaker scripting tools provide us, it is a good security control. That is not to say going outside of FileMaker's tools or asking FileMaker to build a second factor authentication into the application would not be better, but those are not tools readily available to most of the users here. The solution provided improves security and it is a second factor of authenticating even though Wim correctly points out the 2nd factor is done within the solution. The point I am making is that implementing this 2nd factor authentication, even with its limitations, is better than not implementing it. There are a lot of OS level two factor authentication solutions including not only User ID/password, but tokens, or VPNs that would be required before you would have access to the FileMaker solution. They may be worth some discussion here too. But those are beyond what is trying to be addressed in this type of solution. ================================================================= November 29, 2015 at 9:40 PM by Josh Ormond I get the attempt. The concern I have with it is, it required only 1 factor for me to be in the solution and using it. If I didn't provide an email, it let me use the file anyway. Without ever requiring factor 2. In Tim's solution for what he also called 2FA, at least the user was left in a low-level account. But even with that, I could edit and hack the file to pieces. Simply because I could get in. Authentication itself is the process of deciding if someone has authorization for access. Two factor authentication is at it's core really supposed to happen before the person gets in the file. FileMaker doesn't provide a second access control for logging in. Though I do wish they did. It should be a feature request. For reasons exactly like this, the data is at risk once the person is in the file. Even worse, for something that is script driven, I can stop the script from running and there is no trace that I even logged into the file. I'm not hear to add fuel to an argument. Simply to voice a warning that for even a fairly new user, the approach can be easily circumvented...and when it comes to compliance, users/owners/database admins, need to know that. I would hate to see someone get hit with fines because they assumed an add-on security method was "safe". For compliance, there are other ways to secure the file and the data. Security 'add-ons' typically don't add any security. Just another layer of steps to get in. I say this simply because I have see too many solutions that owners thought were 'safe'...to which I was in reading them sensitive data while they were still explaining how to login the 'right way'. And I'm glad to hear why you deleted the post. Both yourself and Wim are worthy of greater respect. ================================================================= November 29, 2015 at 11:00 PM by Taylor Sharpe Josh... I gave you a file with Admin and no password. This is a completely OPEN Admin with Full Access and no password. Of course you got in. You would not have gotten in with one where it automatically logged you in with Admin and Full Access. So you would not have gotten past the first factor, let alone the 2nd. This database was left open as a development tool. Hacking it is as simple as opening it up because it defaults to the Admin with no password. You did not hack into it and your comments to this effect are not helpful to people reading this discussion. It implies you have some ability to defeat this solution when properly implemented and you have not provided any information to show that you have those skills, making me doubt that you can. But I will be glad to provide you a hosted solution properly implemented and be glad to give you a shot at it. OK, that aside, Tim's solution did get you in with a low level User Account instead of whatever account you are in. The reason I went the way I did was because this is supposed to make things easy on staff instead of dealing with multiple logins and multiple passwords. The goal was to improve security while making it easier on the staff. This solution adds significant security with very minimal impact on staff. No it is not a perfect solution, and no control in a database ever is and you are should have many controls in a secure system. Most security plans identify hundreds of controls in every solution. You have to have multiple layers of control from least privileges to encryption. This 2nd Factor is NOT a sole security tool. It is used to enhance security with minimal impact and be easy to implement with the tools FileMaker provides. This control as a 2nd Factor authentication is not perfect and is designed to work in coordination with other security controls. If you know about security plans, you know that most controls have some weaknesses. But you do not dismiss a control that is generally effective because where one control may not stop an intruder, another one will and it is the combined effectiveness of controls that makes the security. Removal of an imperfect control can weaken a security plan and removal of controls has to evaluate whether their imperfection is beneficial compared to not being there at all. I still stand behind this being a simple solution that enhances security with minimal effort and using tools already provided by FileMaker. I challenge that those of you dismissing such a simple control that benefits security are lacking in good security judgement unless you are providing some improved alternative. ================================================================= November 29, 2015 at 11:19 PM by Josh Ormond I am not dismissing it completely. If some choose to use it, that is part of their own risk assessment. I do challenge the name. Primarily because I can prevent the 2nd factor from ever firing, very very easily. I am aware of how you set up the file, and it's intent. I will assure you my test was thorough. I have tested several of these types of security measure. In some cases businesses decided to continue to use it. It was simply a user "trust" mechanism. In the meantime, we secured the file by other means. Some left it as is. Some abandoned it completely. That would be the owner's decision to make. I will also step of of the conversation. I think there is just a core difference in the thought about what increasing security means. Which is at the heart of the matter. I hope for the best for you. ================================================================= November 30, 2015 at 8:50 AM by Wim Decorte Taylor Sharpe wrote: “I challenge that those of you dismissing such a simple control that benefits security are lacking in good security judgement unless you are providing some improved alternative.” An improved alternative was already mentioned earlier: do the multi-factor authentication upstream from FileMaker. These security implementations are never done in a vacuum and all angles should be considered, not just how the behaviour can be mimicked in FM. The first thing to be open about with the customer is that FM does not do native multi-form authentication. So the alternatives are: - discuss with the client how 2FA can be done before the solution gets launched and how it can be combined with things like External Authentication for the FM solution. This keeps all authentication strictly at the FM security level and does not add any vulnerabilities. - discuss the security risks of the FM scripted approaches to mimic 2FA and if those are acceptable given the risk appetite of the client and the compliance requirements. If neither are acceptable to the client then FM is probably not the right platform for the solution. ================================================================= November 30, 2015 at 9:38 AM by Taylor Sharpe Josh, I don't think really do understand. But I am more than willing to eat crow if I have misspoken and certainly willing to learn. So I have hosted the file on my development server at <link removed>. Please let me know when you are able to get in and how you did it. Thank you, Wim. I concur with you that an "upstream" approach can be a good one to implement two factor authentication. And most everyone has some type of upstream security even if it is as basic as a User ID and password to get into a computer, but many companies do a lot more such as some form of 2 factor authentication, VPN connection, tokens, etc. I also agree with you Wim, that FM does not have native multi-form authentication at the application level. But that is something us developers can't control, and something I would encourage FileMaker Inc. to consider in future versions. It would be a nice security improvement tool. However, within the tool set available to FM development, the 2 Factor authentication described above works and improves security, and will have a smaller hurdle to implement than most of the suggestions you have made. My goal was to keep things simple with the tools available inside of FM to improve security, and I have met that challenge within those criteria. ================================================================= November 30, 2015 at 9:41 AM by David Zachary I’ve been watching this thread with interest and a degree of amusement. My post may not have any substantive benefit to the thread, but it makes me feel good. It reminds me of when Bill Clinton was going through his impeachment hearings. During an interview he was asked "was it sex?" and straight faced he replied "it all depends on what your definition of 'is' is". This thread has gotten to that point - what is the definition of 2FA? Clearly there are different opinions. Having both parts of a 2FA system inside of a FileMaker solution, while technically 2 factors, is like having an alarm system on your house to compliment the door lock. You feel secure but somebody fast enough with enough skill can still break in and grab something valuable quickly. You've got 2 security measures but still got robbed. The better solution is to have an electrified fence and a moat around your house - everything of value is protected by measures not directly connected to the house. FileMaker security should be the final line of defense, not the first and not the only. Calling a system that has both factors inside of the target database as supporting 2FA is dodgy unless all parties are using the same definition of what 2FA is - while you say its 2FA, any client that has to follow government or corporate-defined 2FA specifications will likely disagree. I'm not going to repeat what others have said (too much), but FileMaker does not natively support a 2FA system. You have to do it elsewhere. If your data requires that level of security, you need to look at supplementing the security infrastructure outside of FileMaker, long before an intruder gets to the FileMaker-level. Thankfully Stephen Blackwell isn't on here much anymore. He would have probably had a stroke by now. His views on custom-developed security methods are well documented. Back to watching from the sidelines. ================================================================= November 30, 2015 at 10:09 AM by Josh Ormond I understand both the intent of what you are arguing for, and have in the past felt the same way. However, I think you misunderstand me. FileMaker's own built-in security is in itself the strongest security you can get with FileMaker. By turning on EAR, securing the physical server, setting up proper privilege sets and users, and limiting the ability to edit/create/delete privilege sets, and by using Extended Privileges, and in many cases using EA...you are secure and safe with your data. With that, without the user name and password, one can NOT get into a hosted file remotely. That is one of the great parts of FM security. And you know that part as well. What I am saying...the average user can stop your second factor, very easily...so it does not enhance the security. I have seen so many poorly implemented security add-ons in FM. Because the developer or user was trying to imitate another security functionality. It looked like they were enforcing 2FA...but in reality not even one of the users actually ever completed the 2nd factor. In essence, it feels like putting a second deadbolt on your door, but putting the lock handle ( normally inside ) on the OUTSIDE. It doesn't do anything, other than give some more strength to the door...so someone would have a more difficult time kicking in the door. But if someone already has the key for the other deadbolt...they simply spin the lock handle and walk in. Zero added security. In this case I need to nothing other than stop the script from running. So with a log in, I can log in from ANY device. Not to mention there are serious problems with Get ( PersistentID ) on Windows, so it's simply not reliable. ================================================================= November 30, 2015 at 10:19 AM by Taylor Sharpe OK, Josh, this moves us forward some and thanks for the comments. How about this, what if I put a non-Full Access User account in that File. Are you able to defeat the 2nd factor? For example, I just added a "Josh" account with no password and it is set for the privilege set "Data Entry Only", but has no authorized devices. Also, I'm interested in learning more about the problems with Get ( PersistentID ) on Windows. ================================================================= November 30, 2015 at 10:32 AM by David Jondreau “without the user name and password, one can NOT get into a hosted file remotely." That is the whole point of 2FA. You can put all the locks on the doors you want, but if your user leaves the key under the mat, your file is compromised. 2FA is not some miracle security feature. It simply is a philosophy that to improve security, users should have 2 of 3 different things: something they know (username/pass); something they have (a specific cell phone); and/or something they are (a fingerprint). Yes, the line between some of these categories is blurry, but the point isn't to get involved in a semantic debate of whether a fingerprint is something you are or something you have. The point is to improve security. I have not watched Taylor's video (I hate watching videos). But I have looked at the sample file, which in my opinion, doesn't do a great job at improving security since the only user account is full access. But it's a sample, for developers to look at, so it's not a real world scenario. And maybe there's more in the video. Regardless, the point is the file already requires a username and password. Taylor is *already* doing the minimum of requiring one factor (something you know). He is adding on an additional "factor" of a device. Is the implementation effective? I'm not sure, but I certainly don't see where the criticism of the underlying principle is coming from. ================================================================= November 30, 2015 at 10:46 AM by Josh Ormond 6 Months ago, I would have written the same thing you did. However, having seen a similar 2FA system implemented and relied on in a medical environment, unless there is something else involved does not meet some of the compliance standards. Penalty fees are typically based on the number records. I have seen customers get fees into the $10s of thousands of dollars as a result. That is the primary reason for the strong reaction. If a customer wants to use it, that's up to them. I'm not opposed to it, as long as the purpose is to simply increase security. The reference to leaving the key out is a user thing. I am referencing the developer actions. The user behavior is a separate issue from file security. ================================================================= November 30, 2015 at 10:49 AM by Josh Ormond With the current setup, the data-entry account can't even fire the startup script. So even with an authorized device, one could not get in. ================================================================= November 30, 2015 at 11:01 AM by Taylor Sharpe Oh, you are right, Josh. I didn't give the Data Entry fmapp extended privilege set. I have fixed that now. ================================================================= November 30, 2015 at 11:18 AM by Richard Carlton Very interesting. Taylor, ideally you wouldn't spray the table of secure data on screen... but I guess that makes the hack that much more interesting. LOL! I guess we have Taylor's 2nd authentication. So the challenge now is to stop the script and get access to the file... or otherwise spoof it with Taylor's info. Josh, if you know how to hack this... that would be alternately cool... and also scary to see. Its not immediately obvious to me how to stop the script engine. I am genuinely curious how you do this. I think for the point of the exercise... we should assume EAR is enabled... and so reading network traffic with a packet analyser won't work. - RC ================================================================= November 30, 2015 at 11:29 AM by Taylor Sharpe Richard, yes, I didn't mean to mess that up for Josh, but it is fixed now so the Josh account can get in and I did it to confirm it works. And, yes, EAR has been done, SSL 3rd party encryption is on, and using FileMaker Security (not AD/OD). Running on FMS 14.0.4 on a Mac OS X 10.11.1 Mac Pro Black Cylinder. ================================================================= November 30, 2015 at 11:41 AM by Richard Carlton Ok... well... let's make it fun. I'll put up $200 for anyone who can hack the file and get into it in a meaningful way. Read only access would be good enough... to be able to read another layout with data on it. To Win, you must be able to do a screen share to demonstrate how you hacked the file... and I get to interview the winner. Then you get the $200 USD. - RC ================================================================= November 30, 2015 at 12:40 PM by Josh Ormond Dangerous. You are going to owe me $200. Note, not only did I get in, I authorized myself for future log-ins, and altered other data. And if I wanted to be nasty, I can lock everyone out by hosing the PersistentID. Did you want to see the Device Access also? ================================================================= November 30, 2015 at 12:43 PM by Josh Ormond Here are the approved devices also. Note in both of these screen shots, the Persistent ID isn't not even the one from my machine..it still lets me in. ================================================================= November 30, 2015 at 12:53 PM by Wim Decorte Ha, you beat me by about 10 minutes. In case someone wants the data in excel... Information copy.xlsx ================================================================= November 30, 2015 at 1:31 PM by Taylor Sharpe OK, good job Josh and Wim, in breaking the 2nd factor. I guess this means you got around the Allow User Abort Off, which I am not sure how that is done. Would you like to share with us how you did that step? I just want to learn more about this and kudos to both of you. Lets just make this a learning thing. Thanks. ================================================================= November 30, 2015 at 1:41 PM by Wim Decorte Working on that. But at the risk of sounding unduly snotty: this kind of info needs to be part of bigger message that is being worked on; so "not yet". For now the focus point is on not trying to roll your own security using tables and scripts. Stick with the native FM features. Your first factor works like it should. ================================================================= November 30, 2015 at 1:43 PM by Richard Carlton Hi Josh, I wouldn't say $200 if I didn't mean it. LOL. Hell, I frequently give cash away to presentations to make sure people are not sleeping. :-) Please arrange to call me to discuss. - RC ================================================================= November 30, 2015 at 1:46 PM by Josh Ormond Will you be at DevCon next year? Maybe we can show you in person. Definitely not something I would post in a public forum. The main thing is that anything you allow me to do in the privilege set is the only thing that determines what I can and can not do. Scripts do not prevent anything. Obscurity does not prevent anything. ================================================================= November 30, 2015 at 1:48 PM by Taylor Sharpe wimdecorte wrote: “Working on that. But at the risk of sounding unduly snotty: this kind of info needs to be part of bigger message that is being worked on; so ‘not yet’.” Take your time... I just want to learn and make sure others are learning too. Your input is appreciated. ================================================================= November 30, 2015 at 1:50 PM by Richard Carlton Frankly...this is an excellent conversation. I like it... as it allows for valuable knowledge sharing. Just telling people "don't do it"... isn't always the best way. - RC ================================================================= November 30, 2015 at 2:03 PM by Josh Ormond This is a good, brief read. And also has a link to Stephen Blackwell's info on the FMPug site. http://fmforums.com/blogs/entry/830-an-exploit-based-approach-to-providing-filemaker-platform-security/ ================================================================= November 30, 2015 at 2:04 PM by Wim Decorte Richard Carlton wrote: “Just telling people ‘don't do it’… isn't always the best way.” Yep. The "why" has been covered many many times however. Steven Blackwell has talked about this at many devcons for instance. ================================================================= November 30, 2015 at 2:18 PM by Taylor Sharpe Yes, what was stumping me was I understood how Wim got in looking at tables. I didn't understand how Josh saw the actual layouts since he posted a picture of it. Anyway, I've changed the Security "File Access" to require full access privileges to use references to this file. So that would fix that vulnerability and it is a good point to remind people about before moving a database into production. And Wim reminds us that Mr. Blackwell shows us this technique at Devcon and he did this past summer too. It does make you wonder if that should start to become a default setting on new files. ================================================================= November 30, 2015 at 2:19 PM by Taylor Sharpe oh, when I reposted it with the fix, I removed Josh and created Wim with no password. ================================================================= November 30, 2015 at 2:25 PM by Richard Carlton Yah...that security setting needs to be more prominent. I remember people doing this in the FM 5 and 6 days. ================================================================= November 30, 2015 at 2:43 PM by Richard Carlton Cash Payment Made $200 to Josh!!! I always make good on our contests. ================================================================= November 30, 2015 at 3:33 PM by Wim Decorte Richard Carlton wrote: “Yah...that security setting needs to be more prominent. I remember people doing this in the FM 5 and 6 days.” Agreed. The whole security interface needs to become more intuitive and complete. Note that closing this particular hole does not make the scripted 2nd factor safe though I'm traveling this week so I won't have to play with this anymore until the end of the week. ================================================================= November 30, 2015 at 3:45 PM by David Jondreau I can think of at least 3 ways in. I'm not sure what Josh and Wim have been up to, but one was File Access. The second I'm still playing around with and it may be similar to Josh. The third is a much bigger deal. ================================================================= November 30, 2015 at 5:48 PM by Richard Carlton Yeah... the File Access Trust features should have been enabled. Thats low hanging fruit. The rest of these are more interesting. - RC ================================================================= November 30, 2015 at 6:15 PM by Matt Petrowsky What I've got to say is tangential to the immediate topic, but I've been wanting to say it for a while. I've been stewing on this whole "ersatz" security thing for quite a while. While I will fully agree with advising the general developer population about not creating their own login system, there are times and places where it's warranted. In particular, if you are wanting to use FileMaker as a development tool for end-user solutions where you really don't want to deal with FileMaker's account limitations. To that end. I'm posting a PDF I just created about the security model I use on systems where I DO create my own ersatz login system. Poke holes in it and tell me where you think it might fail. I think it's pretty robust - since it simply emulates the whole login system of most modern software. Please review and send feedback. I can start another thread, but I see that the people who are here now will see this and provide me with feedback. The biggest argument I have against the "FileMaker security only" proponents is that just because you can get into a FileMaker file does not mean you can do whatever you want within the file - especially, if you know how to limit the risk exposure. I make the analogy that if I can go to your web site and see some stuff then it's no different than opening a FileMaker file and being able to see some stuff. Moving from one level of access to another always boils down to one line of code somewhere. I look at FileMaker the same way. I can let you into my file, but I won't let you do or see anything I don't want you to. Check out the attached PDF and tell me what you think. https://dl.dropboxusercontent.com/u/1211710/Secure%20FileMaker%20Login%202015-11-30.pdf ================================================================= November 30, 2015 at 6:46 PM by Taylor Sharpe Good read, Matt. I've just been through it once and it seems very thorough. I'll have to chew on it a bit to see if I can think of other things. While sticking with FileMaker security is the safest and easiest, I know there are some times when we need something different. While this seems very foreign to FM, it actually is rather common in SQL engines to have stored User ID's and hashed passwords and maintain privilege sets, etc. One real benefit of FileMaker is how strong and simple their built in security is integrated into a solution and how much harder it is to do in other systems where security isn't built in. Thanks for the PDF, Matt, and I'll be doing some more reading on it. ================================================================= November 30, 2015 at 8:46 PM by Josh Ormond Lots of good stuff there Matt. There are probably a few ( very few ) developers in the community that I think could execute something that is very secure. But I have only ever seen 1 such system as of yet, and it was way outside of normal thought. And unfortunately, from a developer that is not longer active anywhere and their email is defunct. When I had seen the file 6 years ago or so, I was too much of a newbie to know exactly what I was looking at. The issue, even for the best of developers, that I see is...in 6 months, you have changed your approach for things slightly. It requires a complete rework ( or reminder ) of your security settings to ensure you don't open a hole. With any restriction that is imposed via script, it can be completely circumvented and data viewed/stored outside of the database. It's clearly something that is on the mind of any developer of any platform. But all one needs is the privilege set to allow the user to view data. I definitely see a great need for a more robust security scheme. I would like to see native 2FA in FileMaker. That is at the top of my list. Outside of that, FM security and Extended Privileges, and External Authentication have served me for almost everything I've needed. ================================================================= November 30, 2015 at 9:57 PM by Wim Decorte Matt Petrowsky wrote: “The biggest argument I have against the "FileMaker security only" proponents is that just because you can get into a FileMaker file does not mean you can do whatever you want within the file - especially, if you know how to limit the risk exposure.” Hi Matt, In that "knowing" lies the conundrum, right? To loosely quote Mark Twain: "It is not what you don't know that hurts you, it is what you know that isn't so". I think the overall discussion would be much easier if more people acknowledge that scripting your own security solution introduces more risk potential, not less. Risk can be mitigated but it relies on a very solid understanding of the behaviour of FM on all levels, not just the security level. Every new and changed FM feature behaviour bears the risk of blasting a hole in the ersatz model. That acknowledgment is what I do not find enough in these discussions. There is a long-standing myth that pretty much any ersatz security model is just as secure or even more secure than the native security features. And that is simply not so. As this thread has proven. I am on the road right now so I have not had a chance to review your document. Will do so and then return to this thread. ================================================================= November 30, 2015 at 11:04 PM by David Jondreau I have some warnings to give, but am not going to post publicly. I'm trying to send a private message, but it's not going through. I'll try again after posting this... Taylor, you've made some changes to the server since this afternoon. That's the first step. To answer the original challenge: The easiest answer is simply to use ExecuteSQL() in the data viewer. Using one statement to grab the table schema, and another to grab all the values. Even with the custom dialog, the data will show up on hover. https://community.filemaker.com/servlet/JiveServlet/downloadImage/105-9612- 19278/Screen+Shot+2015-11-30+at+1.51.48+PM.png <image lost> ================================================================= November 30, 2015 at 11:59 PM by Matt Petrowsky Wim Decorte said: “if more people acknowledge that scripting your own security solution introduces more risk potential, not less. Risk can be mitigated but it relies on a very solid understanding of the behaviour of FM on all levels, not just the security level. Every new and changed FM feature behaviour bears the risk of blasting a hole in the ersatz model.” Exactly my point in providing the information I did in the PDF link. I look forward to your feedback on it! ================================================================= December 1, 2015 at 12:23 AM by Taylor Sharpe David Jondreau wrote: “Taylor, you've made some changes to the server since this afternoon. That's the first step.” To answer the original challenge: The easiest answer is simply to use ExecuteSQL() in the data viewer. Using one statement to grab the table schema, and another to grab all the values. Even with the custom dialog, the data will show up on hover. https://community.filemaker.com/servlet/JiveServlet/downloadImage/105-9602- 19267/Screen+Shot+2015-11-30+at+1.51.48+PM.png <image lost> The only change I made was with the easy way you can use a TO in another solution to see data in the original solution if you have the same User ID/password and that had already been provided. So all we did was change the File Access security so you can't add a table from another solution without Full Access. David... good example of how ExecuteSQL can be used to view things in the data viewer and it does give you access to schema. That lets you read data, but doesn't let you change it and not sure how this would be used to stop the Persistent ID verification. But clearly that is something that in the security world you don't want done. I guess this is why Tim Dietrich's system had an intermediary user ID log in for the Persistent ID verification and that User ID had very limited table access and only to verify the Persistent ID and connect with a User and their Email. You would be in the solution as Wim notes, but not at your normal User ID access level. And upon verification, have a re-login with your normal User credentials. And that would be a better solution. Thanks for the thoughtful input. ================================================================= December 1, 2015 at 1:03 AM by David Jondreau Hmmm...You've made other changes to your server. Not to that file per se...but I'll save that for a private message. Point is I can see all the data that user has access to. I can't change it. But I can easily view any data. And that took less than a minute. There are other points about how to change data that I'll put in a private message as well. ================================================================= December 1, 2015 at 2:51 AM by David Jondreau And here's my entry... ================================================================= December 1, 2015 at 9:06 AM by Taylor Sharpe Impressive David to see the Persistent ID script hack. I'm more interested in this hack than the File Access one since I already knew about it. But you got through with File Access turned off. Kudos. ================================================================= December 1, 2015 at 9:12 AM by Josh Ormond Any time the privilege set allows the user to be able to edit the data, any of the external APIs will allow the user to edit the data. Even with this item fixed, the user can still view the data and extract it. The strongest security in FM is FM's own privilege sets. As the conversation with Matt and Wim brings out, there are ways to MOSTLY secure the file. However, one needs to be aware of the risk and then decided through a risk assessment if it's worth it to take on that risk by using an ersatz model. It's difficult to claim that an ersatz model "increases" security. Because there are too many variables in a solution to claim that. If it's a workflow you want to include, that's one thing. Touting it as a security model, well, that makes me uneasy. ================================================================= December 1, 2015 at 5:26 PM by Taylor Sharpe +1 Josh ================================================================= December 4, 2015 at 12:18 AM by Josh Ormond I read a very funny post today. Truth, but funny. http://fmforums.com/topic/98626-password-to-continue-script/#comment-448504 Here is the part of the post that touched me funny. Kris M wrote: “Implementing a security feature using scripts and stored credentials is problematic. Its like whack-a-mole to cover all the potential threat vectors.”
    2 likes
  39. 2 likes
  40. Add the following variable definition: pad = Substitute ( 10^prec - 1 ; "9" ; "0" ) then replace this line: dec & Right ( 10^prec & y ; prec ) with: dec & Right ( pad & y ; prec )
    2 likes
  41. This is not a matter for a calculation, but for a relationship. To make it easy, I would suggest you structure your PriceMatrix table a little differently: FromQty Price 1 $1.00 101 $0.90 201 $0.85 Then define a relationship between Lineitems and (another occurrence of) PriceMatrix as: LineItems::SKU = PriceMatrix 2::SKU AND LineItems::Quantity ≥ PriceMatrix 2::FromQty and sort the records from PriceMatrix 2 by FromQty, descending. With this in place, you can lookup the price into a field in LineItems, and then do a simple multiplication.
    2 likes
  42. He asked about a script step in the Scripts forum. I think the question was sufficiently precise. The solution is not as simple as a script step, it's more of a project that you'll have to build or buy. It will be a bit of a challenge to build if you're a novice, but would be a great learning exercise. I'd start here: http://clickworks.be/en/trigger-script-another-client Or another tutorial here: http://filemakerinspirations.com/2011/08/instant-messaging-in-filemaker-no-plugins-or-internet-access-required/ There are a few such solutions that you can buy, such as FMChat from seedcode.com. You could also use plug-ins for this, such as Troi Activator or 360Works RemoteScripter. Or you could just use slack!
    2 likes
  43. Groan... let's not repeat the whole TechNet discussion here again... https://community.filemaker.com/thread/153634 There is no "instead". There is no: "it is only this or that". That's too basic and does not do justice to the whole security debate. FMI have given us fair warning about an upcoming change. There is no immediate doom-and-gloom. For those of us who were not thinking about the risks of shared hosting: this is a wake-up call. Nothing bad is going to happen in the next 5 minutes. But you should be thinking about what the implications are. Those risks have not suddenly changed. Nor do they apply to all deployments, nor do they carry the same potential effect across all solutions. Is FMI going to sell more server licenses because of this: yes. Are they going to get more revenue out of that: don't know. Perhaps not. So let's not pretend that we know what the revenue stream is going to be. I don't know, you don't know.
    2 likes
  44. It is possible using a little CWP to pass the parameter into FM. I blogged about how to do it in webdirect for 13 here: http://www.soliantconsulting.com/blog/2015/01/extending-webdirect-url-parameters The same technique could work with IWP, however. Hope this helps Mike
    2 likes
  45. I don't think that's a good idea. Your report should work with whatever happens to be the found set. Relationships ignore found sets. If you wanted to omit certain products from your report, the totals fetched via a relationship would be incorrect. Here's a demo showing the repeating calculation field method. Note that this will always show the totals for all currencies in the value list. SplitAmountsR.fp7
    2 likes
  46. On the one hand, I sympathize. It's frustrating to be misunderstood, or feel that you are, and frustrating to not understand. On the other hand, it's fairly common when trying to help someone on this forum, that I have to expend quite a bit of effort on getting enough information to do so. It's like pulling teeth sometimes. That's why many of my answers are prefaced with, "if by X you mean Y..." Or I'll ask a direct question and get a response to a completely different question. Or someone assumes that everyone will know what they mean when they say, "I've got a standard flurbitty form to track my blurbitty bloops."1 As for terminology, we're not just being pedantic2 when we use database-specific or FileMaker-specific language. We have to agree on the meaning of the terms we use or we'll end up going around in circles. So it might come off as arrant pedantry and over-zealous adherence to 'Definition' -- but consider that we might feel it's necessary to define our terms before we can zero in on the elusive 'Meaning.' 1Not pointing fingers at any specific member here! 2Speaking for myself. PS: I'd say a relationship is more like a query, or a Find request in FileMaker terms, than a found set.
    2 likes
  47. I could not disagree more. You make it sound like there is a "them and us" here, and it seems to imply an unwillingness to share or help. When I started out 25 years ago, it was forums like these that helped me through the learning curve, get the lingo right and the concepts straight. It didn't help me much that my mindset was in another place (I came from an an all-Access, VB6 background). But once I got through the initial humps, I was good to go, to the point that I'd like to think that I'm helping others get through those same growing pains more quickly. To your point: a relationship can result in a found set, but it does not have to... The relationship is a concept, the found set is a possible outcome. You can also reach out to a relationship and get just get one record, without ever having to construct the whole found set. I sorta get what you are saying, sometimes you need these "aha!" moments to break through a glass ceiling. But - please - do not make it sound like anyone here is NOT willing to help. Styles will vary, and posts are like email: a very poor medium with very low bandwidth to convey sometimes complex things. So if you get an answer that you feel does not get you further, rephrase and ask again, or ask for clarification. But do NOT attack the people that are trying to help you, in their own free time, gratis, for free, out of the goodness of their hearts, willingly,...
    2 likes
  48. @webko nailed it. You might want to google "database party model" as this is a database design problem that comes up a lot. As a rule of thumb, when there's people involved, you're going to need a people (or "Person") table. Then, if you need the kind of functionality you described, you'll make a "Party" table (aka Billing Entity). Welcome to the forums.
    2 likes
  49. You placed the gYear field on the layout. You labeled it Sort Date You entered not only the wrong year; but a not "year" value at all. Instead, you entered a strange date: 10/18/3565. If you set up the fields properly, you get what appears to be a correct result.
    2 likes
  50. In the Dropbox app, tap on the file and then on the 'share' button... You will see the option to 'Open in...' Tap that, and you will see 'Copy to FileMaker Go'... Tap that and the file will be copied into FileMaker Go and opened... See attached...
    2 likes