Security Concepts

Hi, all. The IT department that oversees FileMaker where I work (a non-IT dept at a public university) has long had an adversarial stance re: FM and data security and has now decided to remove the local FM server in use in the next few months. Unfortunately, I don't have any details at the moment as to what the security issue(s) is/are being cited, and I'm not aware of a security breach. I'm a little fuzzy on the sign-in protocol for the FM solutions hosted on our server (SSO? but it utilizes the university's credential validation process) that we were set up with, so I plan to re-post with that info, when/if I find out more about the currently-vague security issue(s…

Greets, all: We're in the process of setting up a WebDirect connection for clients to view and register for courses that our department's Professional Development staff offer to local school personnel (...with the ability to pay for those same courses online, but that's coming later). School staff will be able to sign in using their ADFS/Active Directory credentials, whereas non-school personnel will create their own login credentials that'll be stored in their personal CLIENT record. Where I'm stuck is by what mechanism should clients log in? Since we'll have both AD-credential'd and non-AD-credential'd clients, should I create a standalone login database that …

I am really struggling with this and feel that I must have hit a bug. I have duplicated the Data-Entry Privilege Set (PS). I assign my new PS to a user and login as them. All fine, my layout appears as it should, however, I get the option to 'Edit Layout'. So, I return to edit my PS and change the Layout access from modifiable to view only. After logging back in, I get what looks like 'Kiosk mode' (see first image). Whereby, I have my layout open in the centre of the screen, surrounded by a black background that fills the screen and no menu bar. Am I missing something fundamental? Running on FMP 19.4.2.204 on Mac Monterey (12.2.1), but I can confir…

my goal is a passwordless login for FileMaker hosted on server 19. I setup Keycloak on a Raspberry Pi 4 running Ubuntu 20.04 and never got it to work mostly because I have never before ventured into this area. I read about others who tried and failed to get this up and running on a local network. My ISP does not provide me with a static IP, so I cannot easily get a domain name. I must apologize ahead of time for asking some questions that will surely point out my ignorance. What is "t4g.small instance with Ubuntu 20.04" on AWS? How much does it cost for 100 users for a year? Can Keycloak be run on a Raspberry Pi 4 in production? (I never did see its performance afte…

Hello everyone, I am a novice so I need some help. I have created 2 fmp files with thousands of records and a big db that works with together. Some fields works with both files. Now inside every records I have... 30 more or less fields that I want to be seen just by me. It is a production card and there is a part (the one with 30 field) with the costs. I need to give this two files to my production manager but I don't want him to see these fields. Is there any chanche to protect the single fields inside the records? I dont want to protect the records but the single fields inside it. Any help? Thank you!

Someone else may have already done this, but I want to share something I have written. This is a script to obtain the "Microsoft Windows Login Name". I hope this is useful to someone. It has solved a problem for me.

Our company still uses FMP 11 Advanced because hosting online via IWP is much, much cheaper than hosting with a modern version of FMP. Currently, we pay double to have two different FMP 11 databases hosted online. One database contains 900 records and is open to the public with no password, and the other has several thousand records and requires a password. In hopes of cutting our hosting cost in half, I would like to combine the two databases into one database, such that we need only pay to host 1 database. But our need to password protect certain records remains. In other words, I want to put the content that doesn't require a password inside the FMP da…

Hello All, I have a very old script (fmp 10?) that creates User Accounts and assigns Privilege Sets. The users are then able to Login via WebDirect (primarily). The Add Account function is used with the following parameters: Add Account [ Account Name: _Parent Data::Parent1_Email_TrimAndRemoveReturns; Password: _Parent Data:: Parent1_WebPassword; Privilege Set: Web_User ] [ Expire password ] The Password is temporary (for first login only) that is randomly generated via Custom Function. Users are required to change their password on first login. The account is created but for some reason the user cannot Login via Webdirect or Client (Invalid …

I originally wrote this Filemaker database in 2003. I have a routine that sends emails to a found list of people - small list of 1-15 is typical. This has worked for 17 years, now suddenly I am getting the error message: Unable to login into the SMTP server I have checked and rechecked the SMTP server settings against Gmail.com recommended settings. Everything was correct and I didn't have to change anything, but still same error message. FYI, I have tried several suggestions of "no password", different protocol, default port 25, etc, etc, etc., but nothing. My current settings are: outgoing SMTP server: smtp.gmail.com port: 465 connecti…

I'm trying to rethink how I can safely store/access user credentials needed to send mail via SMTP from FileMaker. In solutions I've built prior to the current one I've stored them in a table and used FM's security features to limit access to them. I'm curious if anyone's come up with a better way of dealing with credentials that are required by services called by FileMaker. If so, please let me know. Thanks in advance! -Kent

Hello, I need to be able to prevent edit a field "Email" for users in a privilege "Appusers" if the result of a calculation in a record is true. Privilege = Appusers Fields = Applications::Email, Applications::Signature / Calculation = not IsEmpty (Applications::Signature) I tried to do this in Custom Record Privileges / Field Access / Custom Field Privileges, but there is no way to use a calculation here. Please help me find how or literature that explains how to accomplish this. Thanks

I am running FileMaker Pro Advanced 18.0.3.317. on an iMac with the current 10.15.5 OS. When I return to the iMac after, e.g., 30 minutes away, FileMaker asks me for my User ID and Password again. I cannot find a way to stop this or to extend the time to 4-8 hours, for example. There either isn't a consistent pattern or I haven't been able to tag it, sometimes FileMaker seems not to ask me for the User ID when I have been away a while. Any thoughts/hints would be appreciated. Thanks, David

FMP18 asking for password to open file, but FMP16 does not ask for password to open same file. Both have same user name in preferences. I don't know the password. Starting with FMP12, I have not had a need to use password protected files, and don't know how to resolve this problem.

Hi Everyone, Looking for a bit of advice - I'm using FMP16 on two computers here at my place. I host the DB and then a person who comes in to work for me uses Open Remote to access the DB on the computer that she's working on (my second computer, both Macs). I've had no end of problems with this - the DB is very slow on her computer. I've worked around that a number of ways, but each one falls down sooner or later. Anyway - the issue is that she needs to be in here this week, while I'm not able to be here. The last time this happened, the DB ground to a complete halt, everything was so incredibly slow, that I paid her for a half day of doing nothing, essentially…

Good morning I was wondering if anyone had template for a basic home accounts sytem or the schema for the databases. Thanks again.

Is it possible to create a privilege set that will allow editing of layouts? Each time I try the manage layouts menu and edit layout button are greyed out. I have to log in as a full access admin user in order to edit.

Hi everyone, I'm working on an existing database of customers (more than 10 000) Managers want to limite access with condition customer account manager (field in each records) = Connected user But all the customers are in one table so when performing search query, all records are displayed. I tried to set permissions but user saw <record missing> for record they don't have access. It's not really clean for UX. So how do you manage this ? With a script for each query ? Thanks Tom

Hi there, Whenever I create a new privilege set (or use a standard one such as [Read-only access]) the status toolbar disappears. "Available menu commands" read: all. Only in full access it works properly. Can some please advise? grtz Frans

Hi all As per our migration of our FileMaker Server to the cloud, we are essentially exposing it to the Internet. We have locked down vulnerabilities to the best of our knowledge, e.g. with the use of MFA. However as we will not be having a stateful firewall, we wonder if this will leave us exposed to other forms of attacks similar to SQL injection attacks? Do we need a web application firewall (or FileMaker equivalent) in front of it? Is it only the FileMaker client (or webdirect) that can execute operations in Filemaker Server via the open port? Thanks

Hi, this may not be where this post belongs ... My issues is this, I have customers that pay monthly for a solution. Now when they finish then they are all done and they can go on their merry way. I have other customers who are in progress of paying for their solution. I had an issues with a customer who paid but move to another building. Upon changing their IP I was no longer available to them when they called me for an issue. Now this customer still has not provided me access ... which is fine, but I started thinking that if a customer stops paying and move and their IP address to their building changes is there a way to close the file until I/We we r…

Hi All, I have an employee that is stealing data when working from home from my companies database. We currently run a server in our office which our users connect directly to during the day with our local network, then they can access our database from home using our servers ip address,. Under security-users permissions, is there a way to allow the user to access the database while connected to the network directly in the office only but prevent him/her from accessing it from home?

I have no idea in which forum this post actually belongs, so I'm starting with it here. One of life's greatest mysteries to me is how exactly the FileMaker User Name gets set. I've never really delved into get a full understanding, but I have a need now. That need is an unhappy customer. I know that the user name gets set to the name you enter in the dialog box in which you enter the organization and the license key during initial installation of FileMaker. I know that it can be changed on the General Tab of the FileMaker Preferences. Sometimes, FileMaker will ask you for a User Name when you open FileMaker. I figured it would do that if you did…

I have been been trying to get this menu program to work properly for several days now. Simply put, when you click on this area of the menu it is supposed to only let people go to see it that either have "Full Access", or belong to the "cienew_subpoena_rw" group on our network server. I am confused on how to simply allow this to happen. The "Full Access" area was already on here and we are just trying to add a new group, to a new part of the program, called the Subpoena area. On our network server there is a group called "cienew_subpoena_rw". we want them to be able to continue on into the database area. What am I/we doing wrong??? And I just edited th…

I no longer want a password on this file. I have removed the password, but the dialog box continues coming up when I open the file. How do I get rid of that Box? Thanks for your help. Max

Hi everyone, had this on the filemaker go section but moving this here, I guess that's where it rather belongs. i am building a simple time logging app for our staff using the data separation model. The interface file opens two other files, one with the time data the other one with the user information- all from our filemaker server 17. While the interface file saves the user information to filemaker go and authenticates the user with face id when the user returns to the app, the two other data files pop up with "please authenticate" with username and password. In the keychain they also dont appear. I was thinking about setting the fmauthenticate pr…

Hello, I have read through the documentation that I've been able to find and not found an answer to this question. I am running FMS9Advanced on OSX Server, publishing a database using IWP. I am authenticating users via Active Directory. All works great. I have a table containing profiles for each user, which includes a username. The profiles are then related to entries in another table via primary key. What I am trying to do is dynamically set permissions for users based on their username. So for instance, if a user logs in as Jsmith, the database would restrict access to only records related to that users login. (the logins are unique). I know th…

Greetings, There are plenty of discussions about security issues when creating a custom login screen. Can't I just remove the admin? Is that secure enough? or have two fmp files; login.fmp and main.fmp and using the re-login script.

I'm slowly converting my databases from FMP11 to FM 15 and I've discovered an oddity. I've converted the original FMP6 files into FMP 11. After some pointed questions on forums about why using legacy versions of FM at all I restarted with FMP 15. After converting the FM 11 files into FM 15 the new files will not allow me to access and make changes to the security settings to add user accounts and new passwords. The files opened normally with their original passwords and with an empty user account ( a hold over from the original FMP 6 format which I didn't need to change initially for this conversion process ). They allow me full access for changing fields and layout…

I work at a school and they access the school information system throughout the campus using WiFi. Ever since starting there a few months ago the fact that the data in transit is not secure has been erking (if such a word exists) at me. They are using fms 14. I finally got the IT guys on board to install an SSL certificate on the server. They have asked who we should buy the cert from and what cert I recommend. I am no security expert and now reaching out to those who are for advice. Thank you

I'm baffled by this one. I have a few logins set up with different privilege sets attached. I have a button on my main layout with the one-step "Re-Login [with dialogue:On]" script step attached. Next to the button I have a little merge field displaying the name of the current Log-in account. Logging in either way at the beginning is working fine, as expected. When I try the Re-Login button and enter a different account, the merge field displays the change appropriately . . . but the privileges aren't changing over accordingly!? This happens in either direction -- whichever account I start with, those privileges remain in force. (One of the accounts is all-acce…

Hi -- I'm beginning a project revamping a client's database. My liaison doesn't have direct access to the database file, or a means of creating her own clone of the file, so she got her IT guy to get on the server and make me a copy, which he delivered to me via DropBox. So far so good. I opened up the file with the login/password they provided and found I was able to view the data, go into Layout mode, get into the field definitions and relationship graph, fine! BUT . . . I am not able to access the "Manage > Security" panel -- and when I save a Clone or a Copy of the database, I get a file that does not allow me to open it with the login/password of the origi…

I have a user, that has all record editing options checked (create, modify and delete). My user is somehow locked out of all of the Records Menu items except Go To Records and Saved Finds commands (all the rest are grayed out). Using the Manage Security option have (I think) given him every option, except access to layouts and scripts. I am attaching the file (user name is John, password is 16163...my limited access user name is Kmendez, with a password of adminn) Can someone suggest what I am doing wrong here, please? HoYCURRENT FILE.fmp12.zip

Hi - I'm developing a business solution to be hosted on FM Server. It will be hosted on Soliant Cloud. This is my first time developing for Server. I read Steven and Wim's whitepaper on FM 16 security, which was very helpful. In the past, when I've created upgrades to my solution, I've imported data from the previous version into the new one. Each update is a modified version of the previous file. I read about the benefits of using File Access Protection. My solution is a single file solution so I can basically exclude any other file having access - except I'm not sure what impact that will have on import from previous versions. I assume both files will hav…

We are working on a process for passing certain info nuggets out of a solution (FMP 13) in an encrypted method. For various reasons a version upgrade isn't feasible. So the plan is to encrypt the nuggets, then pass them into a format for transport. Currently, we're using Applescript to pass the particular fields into an AES-256-CBC encryption process in a calculated Applescript step, as follows : The problems which concern me here: 1. The password is "traveling" into Terminal in plaintext. Is there a way this can be viewed during the process (a 'ps' or some other method)?? 2. Is there a better method to accomplish this without r…

I use a local solution database with layouts and scripts only and data files are hosted in FMS16 under OSX. I've created a container field on one of the hosted database tables, the storage settings are set to "Store container data externally" and "Open storage". From the solution file, with my full privileged admin account, I can right-click on the container field, select "Import file" and select the file to be imported. Everything works as expected, when I'm done I can see on the server folder that the file I've uploaded is there. However under a user privilege set, it is not possible to "Import file", when right clicking I just get Cut, Copy and Paste. …

Our institution is now requiring PHI-containing databases to log not just modifications to records, but to log every access/viewing of any record. They want to be able to respond to the question "Who has looked at my medical record, even with no change to the record?". I am not aware how to achieve this with FM, do any of the add-on programs have such features? I am facing the forced elimination of a critical database, built over 15 yrs, if this cannot be achieved. Thanks for any suggestions.

I've been searching for some clear answers on db vulnerability, specifically related to scripting. We have a particular solution running in FMP13, with EAR. This is a peer-shared file design, which has hundreds of installations in peer-shared environments. User access accounts have been severely limited in released versions (no admin, no [full access]), limited menus, etc.. Users are heavily striated by account privilege set. I've read bits here & there mentioning that initial opening scripts (onwindowopen, etc) at startup are particularly vulnerable, but haven't found anything definitive. 1. is an opening script trigger a legitimate se…

Not sure if this is the best neighborhood for the question, but it is tied to network/db security. What method is used to best determine how a user is logged in? Is Get(MultiUserState) the best method for determination of who/how someone is accessing a locally shared (peer-shared) database? For licensing purposes, we run several authorization scripts during login, and it is helpful to know how the access is working.

Hi Guys, As I'm developing an app, making use of the fmp protocol to invoke other databases, I was left wondering. I use username/passwords to invoke scripts from another database using the fmp protocol, and if no username/password is specified it asks for one. But, if the user logging in is known and has the correct password, they could invoke any scripts they have access to in the database they're invoking. Note that I don't expect endusers to specify what script to invoke. I do this using scripts, the end user has no idea they're going from one DB to another. But it left me wondering. If someone created their own little local database, they can effectiv…

Hi, I've just upgraded to Filemaker Server 16 and installed an SSL certificate for client/server communications. However, I am confused by the documentation when it comes to communication between the Server and the Filemaker XML API. We're currently making these calls from another server over http, and would like to ensure they are secure. I've attempted changing these requests to be over https but this seems to fail - I haven't investigated where exactly (if it's a limitation of the PyFilemaker Python library we're using or the fact that the connection is not actually secure). Would enabling it for clients also provide security on the API side? Could anyone pro…

Hi. I just tried implementing OAuth using Google for FM16. When I set up my OAuth client ID on Google I stupidly put HTTPS instead of HTTP in the URL of our Filemaker server. So when I clicked on sign in with Google from FM I get an error 400 from Google. So I went back to my Google Console and fixed the URL. Everything saved fine. But still when I click on sign in with Google from FM it tries to use the incorrect address with HTTPS. It's like it is cached in a preference somewhere and I don't know how to get rid of it. So far I have: Restarted FMS Restarted the server Turned off Google under client authentication, restarted the server and started …

Hi I want to prevent some of my staff from exporting customer records as a CSV or XLS file. I've set them up as mid-level users and in the access privileges for that level, I have unticked 'Allow exports'. This works in so far as the 'File > Export' option is greyed out and unusable. My problem is that I have a script which includes the script step 'Copy all records'. Filemaker seems to regard this as an attempted export so that when staff run that script, they get a message saying that it is not allowed by their access prvileges. Since they need to be able to run this script, I have had to change their access privileges to 'Allow export', thus udoing the se…

Hi all Users are more frequently than ever requesting that custom reports be made. Up till now this has involved me creating layouts and scripts that can produce the data/reports in the form they want. I'm wondering if now it might be possible to let them take control of reporting in a way that is separate from the current database (which is heavy on GUI and disabling of features for ordinary users). I'm thinking of creating a totally new database which users would be able to completely edit from a design perspective, which would point to the main database as an external data source. However I would like it so that they would NOT be able to edit/create/dele…

hello, we have filemaker server and one client in our network running filemaker 16 on windows 10... we need that filemaker 16 opens the database and automatically and insert the password ... is that possible ? I don't see the option "remember password" that option is available in all of our Macs but not windows. please let me know thank you

Hi To All, I wants to know possible ways/methods so that multi-user environment and simultaneous transactions can update the same data/record to produce consistent results. Currently there is either zero or less control of data concurrency and data consistency in my FileMaker App. Like as in Oracle , there is Transaction Isolation level setup with help of Serializability concept. What possible ways we can do to make Data Concurrency and consistency in FileMaker Apps? Need suggestion and all of you expert comments. Thanks in advance,

A little background I have a DB which keeps users logins/passwords for a business so they have all their login information for everything at work. My Issue I need the user to be able to click a button that creates a random password and places it into the password field when the button is clicked. I am making a button like this for each sections password field. I know I need to make a calculation, I have made these types of scripts before. However, how do I get to a calculation to perform this action with a button in filemaker? I am sure this is so obvious I will slap myself but right now I am at a loss. Maybe I have been working on these 5 solutions too lon…

Situation: I Have a string that I can CryptEncryptBase64 with FMP16. If I export this string the receiving party needs to be able to decrypt this. They are informed of the key used. Their procedure is not in FileMaker. What (online) tool could they use to decrypt? I checked dozens and no one seems to be able to decrypt the FileMaker encrypted string.

When I try to open a file I am developing, I get the following error. I have no idea what's causing this, but is there a way I can get around this and open the file so I can see what's going on? The problem may be in the Startup script.

years ago i started filemaker learning , finally i made solution due to file indexing the size of the solution has been increasing day by day , so decided to make internal required databases as extra solutions now i connected the databases to my base solution without any problem i am using flawlessly , now with 16 advanced version i removed base encryption of external databases with open storage password on , now is it possible to open that exteranl database files through my base solution hope u got my point can someone guide me how to connect those encrypted to my solution

difference between 2 can someone explain me clearly set1 enable data encryption ( re encyrpt files) clear error log for proceesing any errors set2 remove database encyprtion i tried both in fm 16 advanced and saw how the file behaved when opened and tried in passwarekit for behavior and really wanna know whats the difference when both are blocked by passwarekit why there are 2 options and there uses please

Hi, does anyone know how to perfectly insert the command for Autohotkeys? i have problem with it, can someone help me out throught whatsapp or any others social media? Please!!!

In a text field I created I use to contain the Title of the songs in my music library. What I want to do is to make the field a non modifiable one. However when I do in field options, I can't add any new items. When I try, I get the message that the field cannot be modified. Is there a way I can accomplish this.

I've done a search in this forum for "SSL" and it returns no result. So I'll start this thread: Has anyone posted a step by step guideline on how to implement SSL for FileMaker Server? If not, it would be very helpful, at least for me. I am familiar with generating the request from the FileMaker Server Admin Console. I am familiar with submitting the generated pem key to the GoDaddy service, who then generates a certificate for a price. I am familiar with placing said certificate in the correct folder on the server. However, that's where I leave off. There's some final steps missing, I don't know what they are. But we need to somehow "connect" the domain name we…

I don't want certain layouts to be seen by certain users. However, some of the fields needs to be modified in those layouts by certain scripts. I tried but those users who don't have access to certain layouts (restricted from manage > security) can't trigger the scripts which access the fields from those layouts. Hence, I have given access to those layouts but have hidden them from layout menu. This still don't solve my problem since I am always worried that due to some mistake the user will have access to those layouts which they shouldn't see. Isn't there anyway to run the scripts and access the fields from those restricted layout while at the same tim…

About 3 months ago I tried to open an app and was greeted with a message stating: "Do you want the application “FileMaker Pro Advanced.app” to accept incoming network connections?" There were Accept and Deny buttons at the bottom, and there was a warning about what would happen if I denied the question, like this: "Clicking Deny may limit the application’s behavior. This setting can be changed in the Firewall pane of Security & Privacy preferences." I can't seem to find the referenced Firewall pane. I find that if I click on Accept or Deny the app opens OK, but every sign (of this app or any other) on has this same thing happen. How do I get r…

I have a solution that is hosted by FMS14 and remotely accessed by my client. My development files have file access protection enabled, and I have authorized the opener file to open the UI file, but they do not have encryption-at-rest (EAR) enabled. Prior to uploading the files to server, I add EAR protection. I am confused because after the encrypted files are uploaded and I go to open them with the opener file (that I thought was authorized), I get the error message that the opener file is not authorized and I am required to input my full access credentials. I am willing to do this, but it means that every time I update the files, I have to re-send my client the ope…

Ever since we updated to filemaker 15 the current user name, which always grabbed the username of the person logged into the computer, now just grabs the company name that the filemaker installed with. SO if I got to edit preferences the name Company (which is the organization name from the install ) Is in there. We are using active directory for security so the users do not put a password into filemaker. This is only happening on FM 15 computers and we are using the latest patches. Any help would be appreciated as this is obviously causing major issues in our system right now. thanks

I have a Film program database set up where a STUDENT table (name, address, ID #, personal info) is connected to a child table of FILMS. The Film layout has many fields describing the film, and includes various sub-tables of its own for things like actors, thematic keywords, etc. I'm trying to create privilege sets that allow a Student to View and Edit only his own Student record, and to View *all* Film records but edit only his or her own films. I've got this mostly working okay. I have a hidden Field in the Student Table that holds the Student's 'AccountName', so that I can use that to restrict access where 'Accountname' = Get(AccountName). This is working wel…

I'm struggling a bit trying to nail down all the details in a solution that has multiple levels of access. I think I've got the Privilege Sets in place okay, as well as the custom menu sets. What I'm trying to do now is manage Layout navigation so that people with limited access don't get taken to a lot of 'empty screens' etc. So, I've got a Button set on a FILMS layout with two buttons Students/Films where most users can go back & forth at will. But 'Guests' don't get access to any Student records. So, how do I best prevent these people from clicking that button? My first thought was just to edit the Script attached to the 'Student' button to Exit the scrip…

Hey folks, Is there a way to change the Re-login[] dialog box that pops up so that instead of "Account Name:", it says "Account Email"? I've tried using 'show custom dialog' script steps for already added account logins, and that works with one exception. When they client forgets their password, and we go into security and change the password, and then "require new password" is checked. When the client logs in to change their password, it isn't requiring it and the clients new password is stuck at whatever we changed it to. So from that experience, I went back to the default "Re-login[]" script step. So, really, what I'm trying to do is figure o…

Hello - I opened a very simple file I have been using for years (originated as v12 now 15) and it presented me with a password window. It is a simple index card file containing study material and it has never ever been password protected. I tried with my computer account info and it did not work. Admin-admin or blank-blank ditto. Again, it has never been password protected as it had no reason to be. Fortunately I could restore it from a backup drive, of course it was not password protected and it opened without a hitch. How could this have happened? Has anyone ever heard about such thing?

I am working with a (legacy) Personnel file that contains both general (addresses, etc.) and confidential (SSN, pay rate, etc.) information. The desire is to permit managers to access information about employees, but NOT other managers. Currently, security settings prevent all but a very select few users from accessing any records that are marked as "management." However, this means that most managers cannot access information that is NOT confidential. Hence, there is no way, for example, for lower-level managers to pull an address list. What I really want is to set security so that individual fields are visible or not based on the Management field. I've considered s…

Looking for a way to make it so that each of my users sees only their own records when logging in. As it is now, when users add a record, all other users can see it. Is there a way to do that?

Our university hospital IT is mandating that all Mac servers that contain PHI be encrypted using FileVault. There is a longstanding and strong recommendation by FMI and posts on this board advising against this for FM server, although there are also some dissenting voices. The relevant passage on the FM Knowledge base pages (http://help.filemaker.com/app/answers/detail/a_id/9650) reads: "FileVault: FileVault is a feature that performs on the fly encryption and decryption of data on your hard drive.. However, this added level of security requires additional processing power. Because of this, it is recommended that FileVault not be used in conjunction with File…

So this may be an interesting topic... If you have a FM program that is controlled by a single admin, but the admin no longer exists, how do you grant admin rights to yourself after that?

I would strongly recommend that all FileMaker Platform developers and FileMaker Server Admins audit all their servers for any hosted files with any of the following credentials: Guest Account enabled and attached to the [Full Access] Privilege Set A [Full Access] Account with no password A [Full Access] Account with the password stored and using the File Options “Log In Using” feature. Files with these credentials options are very vulnerable to attack and compromise. They can be used as attack vectors to mount exploits against the server that hosts them as well as against other servers and those servers’ files. Steven …

One table ANSWERS, 2 fields EVALUATOR and MANAGER (and a lot of others with more data), 2 layouts Evaluator and Manager, based on the same table. I want to hide records based on the layout AND the current logged in user's appearance in either of the 2 fields. (Managers should only see records when they are in the Manager field, and Evaluators when in the Evaluator field). The Manager layout is not accessible by Evaluators. The Evaluators layout is accessible by both roles (as some Managers are also Evaluators). Now I have a "Limited..." View restriction for Privilege set "Evaluators" that is this: not IsEmpty ( FilterValues ( Evaluators_Names ; Z_Global…

To all interest in creating a virtually bullet proof Unique ID sequence and reverse checker. I designed this concept for use on rfid cards for an entry system. But it can be implemented with barcodes, as well as reverse checked with PHP in case of a web-based solution. This concept grown from a need to verify the ID on cards. If you have a unique ID of 12345, a person can create a badge with any numeric sequence. But what if you can, as an added security, verify if the sequence is valid? Came up with the following: 1 Global field with something like this "QYUMGZRIHGHMIQSCEBYCWYWLNIPBCEZZCYBZIKJTGLKWGECGJBBQHXVCJQUHAMGWCOCGIAZNYNNOIJLBOSRVDMRFAVNPCOWFGGXNATEUKNPW" (Ne…

I have been using FM 11 for Mac for the last couple of years. I have a couple of databases. Today, for the first time ever, my master database, which has always opened automatically when double clicked, is asking me for an Account and password. It is suggesting my home account, however the password for my home account is not working. I have tried all the possible passwords I can think of, but I cannot get into my file except as a guest and then I cant make any changes. I have no idea why this has suddenly happened. I never asked to password protect that file, I always just double clicked it and it opened right up. I have a second database and that one opens…

Is there a way to lock a field after its initial entry? I just don't want people "accidentally" changing information after its already in the database.

Hello all! I've been trying to implement a limit on how a user can access my solution but I believe I can't figure out on my own how to avoid somebody to override the password as it is been happening in my experience. When you open a file that contains accounts, a dialog box usually prompts you to enter account information. If you open the file with a correct account name and password, the privilege set assigned to that account determines what you can do in that file. Entering invalid credentials will result in the error, "The account and password you entered cannot be used to access this file. Please Try again". Now this is my dilemma: When the file is…

I am sure this is one of those simple ones… that has me bamboozled for nearly 2 days now. I need to limit access of my users viewing only a limited set of "Company" records after they log in. The companies that they are allowed to see are listed in each respective user's profile. My opening script goes to the user's profile and creates a global variable for each company that they are allowed to view. When I go to the "Manage Security > Edit Privilege Sets > Records > Custom Privileges > Limited > Script", and use any of those variables (e.g. $$Company01"), the records table returns no records at all (i.e. as if there were no matches). When I …

I must be doing something wrong here - I can't get record access privileges working right. I am trying to limit viewing of the Teachers table to the currently logged in teacher. I have a Teacher Privilege Set and all teachers are assigned this set. I have Custom Privileges set for Records. On the Teachers table I have Limited set on the View privilege. My calculation is 'Login = Get(AccountName)' where Login in a field that holds the login name. No records are accessible, all fields just say <No Access>. Using Data Viewer I have double checked to make sure that the Get(AccountName) value is the same as the value in the Login field.…

I was using FMP 13 and FMS 13 for most of our work and testing. However, once we upgraded to FMP 14, our SSO or saving passwords to keychain/other password managers, are no longer show or work. We are using FMS on a local domain and FMP to access it too.

Our primary system is currently in FM 12, and I also have FM 14 (Advanced) installed on my laptop. I had thought that I read or heard that it was now possible for an administrator to test a different privilege set without logging out and back in under a different account, but I'm not finding that option anywhere. I've tried Googling and perusing the index of the "missing manual" series, but I must not even be hitting the right terminology - or I've completely misunderstood this and it's not actually a feature. Can anyone offer any insight?

Greetings, I was actually reminded of these forums by a current thread on the regular FM forums. When I logged in I saw Josh's blog post: I couldn't leave a comment on it, but I really appreciate that he posted this. The only way I can see how to do a successful 2 factor authentication for FileMaker would be to require it as part of VPN authentication. After that one really long thread on the FM Forums that it felt like I was arguing with WIM, I know that ersatz security really isn't all its cracked up to be. I also figured out a way to use external authentication and multiple files to accomplish some of the broad security settings that I wante…

Just a really quick question, is there any way to use some level of encryption for username/password contained in an FMP URL? I suspect not but it could present a security risk sending the the data unencrypted.

I have a client who has been using PuTTY to create an SSH tunnel to their database for remote access. I think they were doing this for historical reasons. Their database was originally FM6. They migrated to FM 11 successfully a couple of years ago. Recently, they moved to FM14 and have been experiencing problems. Although largely consolidated, the solution still has a couple of files. Since migrating to FM14, remote users have been experiencing numerous dropouts and other issues. During testing, we haven't seen any of these problems. Our test server uses SSL to encrypt the data in transit. Has anyone ever used PuTTY while connecting to a FM server? …

I am planning a Web Direct application hosted on a dedicated server and I find difficult to set up the Admin privileges to change passwords only. I don't want to grant full access to the db. Is it possible to do that? The guy who will be in charge of the password issue is not familiar with FileMaker Pro and I want to make sure he will not mess up with the programming. Thanks for your tips

Hi please can someone tell me if this is possible and if not how i can achieve this. my solution has for each group of users different securities set up as for how much data they can edit and see. i work on the admin where i have 100% access to all layouts and script being able to enter , delete and change etc. whenever i setup for a new set of users i want to check how it would work as that user , however i need to log out of my user and sign in as that user and if an edit (which usually happens many times each time again)need doing i would have to log out again sign in as admin do the change and sign out sign in again to check if the change was suff…

Hi everyone, I'm working on some security enhancements to our FileMaker 12 Server Advanced server with our network administrator. We're planning to move to Server 14 this summer, but we'd like to tighten up security as much possible in the meantime. Wondering if anyone here has any experience with .Net Framework 4.0 and FMS 12 Adv. Thank you for any info you can provide. Our network admin is asking: I’d like to disable some insecure IIS Cryptographic protocols on my Filemaker Server (on Server 2008r2). I’d like to use the IIS Crypto tool, but IISCrypto requires .Net Framework 4.0. Does anyone know if installing .Net Framework 4 will cause any problems …

Hi, My FM database is using AD to determine whether a user has access to the db or not. Once logged in, I've used a set of tables & relationships to identify whether the user sees particular layouts, records within tables etc. This has been fine for the small number of teaching staff that have been accessing it to date. However, I'm now looking at expanding the db so that students are able to access it too. However, I really don't want to maintain a table with student accountnames (1500 students) in order to identify them as a student instead of a member of staff (default home page is different) Is there a simple way of doing this once they've logged in…

Is there an easy way to stop users from being able to execute scripts from outside of FM, by using applescript. I have the script menu disabled/not present via a custom menu, but the scripts and other menu commands can be activated via applescript. Is the only solution is to give each script a custom privilege?

I'm trying to take a different approach to Roles and Script Access in a solution that a bit more flexible to change and create roles via the UI, not FMs native security. While "Hide Object When" is very useful, it's not always practical especially when there are multiple roles and it's not easily maintained across a system. Conceptually what I'm thinking is: Every button is attached to a script the script attached to the button is used for navigation, to perform a task, or combination of both these script are ONLY attached to a button and never called from within another script. They can simply be wrappers if needed the current …

I have a layout based on a particular table with fields from a table in another file through a relationship - I have full access and hence can access and edit fields, other user with custom privileges are unable to access or edit this fields, but can create records, i have tried editing the privileges on this tables for this users but still no change - what could i be missing? The table name is Rental_Calc, i have attached screenshot for the set privilege. Thanks for your help! Miss A!

Have a hosted solution where all users are able to modify their own passwords, and FM is handling all the user authentication. Am upgrading that solution, but just realized that when I push the new solution live, I do not have access to the user passwords, so they will have to be reset (or will be equal to whatever they were when the base copy for the upgrade process was taken). Anyway around this (I assume not, as it would compromise security if admin was given access to view passwords)?

Presently I use filemaker 14 and it makes me put my log in credentials in 3 times...how can i eliminate this to where I can log in only 1 time...I am using FM -

Hi I have become interested in a two step verification for my hosted FM database. One option is to SMS a code and wait for the user to enter the correct code before allowing full access. A better option is to use TOTP - google verification. I have done lots of reading but I don't think I am clever enough to workout how to make the scripts / custom formula to turn the preshared sectret and the UTC into the 6 digits that Google authenticator generates. Has anyone got this to work and would you be willing to share the math? Thanks John

Hi Folks, Non full access users can not cut and paste into fields. This happens on my machine or on theirs (both Macs). With a full access account it isn't a problem. I've included the priv set preferences, but I don't see anything there that looks as if it's causing the problem. However, I'm a total beginner with using accounts!! Cheers, Mike AccountPref.tiff

Hello FM community, Just what I hope is a simple question; Is it possible to hide a FileMaker Server from the available Servers list (Please see attached image.) I know we have the option to "List only the database each use is authorized to access" but this does not hide the FileMaker Servers we have in our network. We would like to hide this as well. Any help would be appreciated! Thanks!

Hello FMP security experts! Is it possible to lock down records "per user" in a database that is accessed via a PHP web interface that uses a table based login (as opposed to an "Account based" login)? The database needs to allow for multiple users who can only access their own records. This is no problem with an account based solution where the concept: Get(AccountName) = RecordOwner is used within the privilege set to only allow the active user access to his/her own records. However, since this solution needs to scale to around 100 users, I considered using a table based login in order to ease account management for that many users. The problem is that since the …

There is a security oddity in FIleMaker Pro 14 on Windows OS that could result in a developers' being locked out of full access to a file. Please see http://thefmkb.com/15167 for the fix to this item. Steven

(Long story short.) I'm moving a complex solution from a local network to a hosted service. The solution uses (and needs to use) external authentication. In order to divorce the solution from the local network completely, we will no longer be using our active directory on the local network. Setting up security groups and users on the hosted server and configuring FM server to authenticate against it was very easy. Only one problem remains, How can users change their passwords? This isn't really a Filemaker question as the question becomes, how can you let a user change their password on windows servers if they do not have desktop access(on the server)? I have done…

Hello there Filemaker experts, just wanna need your help guys. I'm newbie to filemaker so please have patience on me. I have a program here that the user needs to log-in first before he/she can access the main layout. I already created a table for Login that contains Username and Password fields. I know this is just a piece of cake for you guys but I really need your help. Can someone help me about the login script? Thanks guys.

Is this a bug or something is not setup right on my end? I setup a privilege set "Sales Reps", which is the set for 9 different sales reps. For the fmapp (FileMaker Go or FileMaker Pro), if I just have "Sales Reps" active, it works fine, the sales reps can log in and they only see their own deals, everything works as normal. However if I also give access to Admin (which shows up as [Full Access] privilege set), now the Sales Reps see everything, every record, every layout etc. Stranger still is that as can be seen, Admin ([Full Access]) is also setup for fmwebdirect but when Sales Reps access the database via Web Direct, it works as intended. So it's only an issue when…

Hi, We have a customer who would like to host our solution on their FM Server vs the cloud server where we host the solution now. If we allow our solution to be hosed on this other "Server", not a "Filemaker Hosting Provider" what security issues do we need to be aware of with regard to loosing control to our "Admin" log in credentials. What are the capabilities of this other server owner if they want our "Admin" log in credentials and we refused to hand them over. I see google hits on hacking filemaker log in credentials ( see link ) ... so any insight, guidance we would be grateful. http://www.lostpassword.com/filemaker.htm Thank you. Tom

Hi folks, My school database is sometimes used by pupils to register rehearsal attendance. Its use is supervised, so security isn't crucial, but I would like to tighten up things. I could put sensitive info in a tab they "can't" get to, but I might as well learn the proper way to do it! Five tables are involved in the register process Pupils - Pupil_Class_Join - Class - Class_Assessment_Join - Marks (PupilAssessmentJoin) Pupils need view access to all of these tables + create / edit access to Marks & Pupil_Class_Join tables. The issue is that there can be sensitive info in the Pupils & Marks tables. They need to be able to see names, but they don't need …

Hello FileMaker Community! I hope this is the right forum to ask this... I have an old FileMaker DB that allowed doctors to create new charges. Each charge had a unique ChargeID which was simply an auto-entered serial number. Now I need to adapt this DB so that multiple users can log in. I have set up security within the privilege set so that the charge record owner can only view their own charges, however, I'm not sure how to approach the Charge IDs. Ideally, the charge ideas would be consecutive and easily "grouped" for summary purposes. For example: Dr. A might have Charge ID numbers DrA1, DrA2..., DrA100, etc. Dr. B might have charges with IDs: DrB1, DrB2..., …

Perhaps this post is more relevant in the 'calculation engine' sub-form, so please forgive me if I'm in the wrong place. I have implemented layout based account management via this site: http://www.modularfilemaker.org/module/accounts-modular-user-account-management/ I am very pleased with how it all came together, but I want to take it a step further. By using the "Hide Object" feature I want to implement some security at the account name level, rather than creating extensive privilege sets. I am looking to create some additional fields within the "Accounts" table that the above example features that contains boolean results that will be controlled by checkboxes. Thi…

Hello , i want to know how to restrict specific users to access databases from outside the company network? all our databases are hosted on fmserver . we need only the admin can access outside network , please let me know thank you