igotit Posted January 5, 2008 Share Posted January 5, 2008 Hi Guys, I've been following this thread with interest and have a question. With FMP9A you can remove the full access account and it's my understanding once that's done no one can hack your solution. Is this correct? If that is correct and you've built a custom solution for a customer. What's wrong with providing that customer with the solution with "full access removed" and then when you update the solution or make changes, again provide it "full access removed" and import from the old solution into the new? Wouldn't that stop someone from hacking your solution as far as access to calculation, scripts etc? Milo Link to comment Share on other sites More sharing options...
Genx Posted January 6, 2008 Author Share Posted January 6, 2008 With FMP9A you can remove the full access account and it's my understanding once that's done no one can hack your solution. This has been available from at least FMP7 Developer. Wouldn't that stop someone from hacking your solution as far as access to calculation, scripts etc? Yes, provided none of the privilege sets that you leave in the files have access to these things. Link to comment Share on other sites More sharing options...
berny Posted January 9, 2008 Share Posted January 9, 2008 Hi Genx, I have a solution where I would need to provide several different custom re-logins (dependent on where in the DB the user is). I have looked at the example in this thread for this reason, but am unable to find out how you generated the custom login at all. And I am unable to crack it. Can you help me and provide an open example of just the custom login? Best wishes, Berny Link to comment Share on other sites More sharing options...
Leather Knight Posted January 9, 2008 Share Posted January 9, 2008 Berny, please read a few back. Genx said it is a futile attempt. No matter what you do with a custom login screen, it will open you up to headaches. I have tried as well, and would love a secure option to do this, but it is not available. It WILL be hacked if you do. I may be wrong at this point, been known to be wrong from time to time, (just ask the wife... ) but if it is possible to achieve a custom login screen and have it secure, Genx and Ann will be the ones to do it... Link to comment Share on other sites More sharing options...
Genx Posted June 30, 2008 Author Share Posted June 30, 2008 Lol, surely the number of hits on this topic should tell FM something. Of all the open source solutions ever posted this one has the most hits and it doesn't even work hehehe. Link to comment Share on other sites More sharing options...
librone Posted June 30, 2008 Share Posted June 30, 2008 Hi Genx, we can do more, 16000 hits are possible. Are you ready? : Ann Link to comment Share on other sites More sharing options...
Josh Ormond Posted January 22, 2009 Share Posted January 22, 2009 No matter what you do with a custom login screen, it will open you up to headaches. I have tried as well, and would love a secure option to do this, but it is not available. It WILL be hacked if you do. I may be wrong at this point, been known to be wrong from time to time, (just ask the wife... : ) but if it is possible to achieve a custom login screen and have it secure, Genx and Ann will be the ones to do it... I thought I would bring this back up again. You have all talked about cracking a file that you have direct access to. Unless I am wrong, almost any file can be hacked some way if you have direct access to a file...Even through FM's native login. As Ann had shown, with the use of passware. What about files you don't have access to...sitting on a server. The biggest part of security isn't just the file's security, but the access to the file. Network security is much more reliable than file security. In a situation like that, how easy is it to break into? Here is a file I haven't seen anyone get into yet. (Note: again not talking about having direct access to the file, because of course then there is a way.) This file is from a well known developer. Can you crack into it when you don't have direct access to the file? SecureLogin.zip Link to comment Share on other sites More sharing options...
Josh Ormond Posted January 22, 2009 Share Posted January 22, 2009 No takers??? Link to comment Share on other sites More sharing options...
librone Posted January 25, 2009 Share Posted January 25, 2009 Can you crack into it when you don't have direct access to the file? Yes! I crack it without passware. Ann Link to comment Share on other sites More sharing options...
Genx Posted January 25, 2009 Author Share Posted January 25, 2009 Hahahaha... haha.. ha... sigh. Link to comment Share on other sites More sharing options...
librone Posted January 25, 2009 Share Posted January 25, 2009 Hi Genx jmormond's file is more simple to crack that your file. Ann Link to comment Share on other sites More sharing options...
Genx Posted January 25, 2009 Author Share Posted January 25, 2009 Lol, I don't even remember what i did. I gave up a looong time ago : Link to comment Share on other sites More sharing options...
Josh Ormond Posted January 25, 2009 Share Posted January 25, 2009 (edited) You mind telling me how? Hi Genx jmormond's file is more simple to crack that your file. And the best part is...it's not even my file!!! :girlgiggle: Some don't agree with me when I tell them that these custom logins don't offer enough security to be useful. I am trying give them the proof they need. Edited January 25, 2009 by Guest Link to comment Share on other sites More sharing options...
librone Posted January 25, 2009 Share Posted January 25, 2009 You mind telling me how? first you tell me who is "a well known developer." Ann Link to comment Share on other sites More sharing options...
Josh Ormond Posted January 25, 2009 Share Posted January 25, 2009 I PT who it was. I kinda semi-challenged his idea on accident. He would probably like to know how it was done. He posted that file on another forum for "analysis". Link to comment Share on other sites More sharing options...
librone Posted January 25, 2009 Share Posted January 25, 2009 He would probably like to know how it was done. He made a mistake, He has left the "secret layout" available to "default account" He posted that file on another forum for "analysis". It is not necessary, in this forum there are many developers that can crack "his" file. Ann Link to comment Share on other sites More sharing options...
Leather Knight Posted April 15, 2009 Share Posted April 15, 2009 Hmmm... Ok.. How about this idea. Is there a way to have an app that will ask for a login name and password, then record the time and date the user logged in, keeping in mind that security is really not an issue, per say, but the permissions for all users are the same? IE: User opens up app and the screen pops up asking for a user name and password. If fails, closes app. If passes, opens up the screen. Also users are added easily and all be done from the runtime? Link to comment Share on other sites More sharing options...
Newbies jackhollow Posted April 18, 2009 Newbies Share Posted April 18, 2009 The above thought is smart and doesn’t require any further addition. It’s perfect thought from my side jack hollow data entry jobs in london Link to comment Share on other sites More sharing options...
Genx Posted April 18, 2009 Author Share Posted April 18, 2009 Okay given that I started this tread, adding my 2c from two years later... WHY!?!?! Just use the standard login prompt. I've seen some systems that are very painful to look at since this thread started, and the truth is users DON'T really care... at all... seriously. A good login screen would be awesome, but if you need to go through a whole bunch of convoluted steps to achieve it and compromise security along the way there's no real point. If you want a custom login screen and anything else that is out of FileMaker's reach, swap to a programming language that gives you the flexibility to integrate one. Otherwise just give up on it until FM integrate it [which I've resolved deep in my soul that they probably won't]. Link to comment Share on other sites More sharing options...
librone Posted April 25, 2009 Share Posted April 25, 2009 Hmmm... Ok.. How about this idea. Is there a way to have an app that will ask for a login name and password, then record the time and date the user logged in, keeping in mind that security is really not an issue, per say, but the permissions for all users are the same? IE: User opens up app and the screen pops up asking for a user name and password. If fails, closes app. If passes, opens up the screen. Also users are added easily and all be done from the runtime? now, there is not a usefull way! I hope 11...12...13.. Ann Link to comment Share on other sites More sharing options...
Recommended Posts