Jump to content


Popular Content

Showing content with the highest reputation since 12/04/2010 in all areas

  1. 3 points
    Stacey Chamblee has a modified FMEASY Signature that is moddified to work on windows. Here is the link if that helps. https://www.dropbox.com/s/p79mjv6g1rnypwn/FMEasySignature-Mac%26Windows.fmp12?dl=0
  2. 3 points
    I use 'Hide Object When'. Make two instances of the same field, One is editable, the other not. Give them complementary conditions for hiding and place them on top of each other. The non-enterable field is hidden when the value not = "No". The enterable field is hidden when the value = "No". Easy in FM 13...
  3. 3 points
    Note also that this is not really a calculation as such; it's just a lookup of a pre-calculated result from a 7x7 matrix. In order to actually calculate the result, try = Let ( [ n = EndDate - StartDate + 1 ; w = Div ( n ; 7 ) ; r = Mod ( n ; 7 ) ; d = Mod ( StartDate + 1 ; 7 ) ] ; 6 * w + r - ( d + r > 6 ) )
  4. 2 points
    I doubt very much you need or want to do that. What would be the purpose of this? You will end up with several numbered Category fields. Numbered fields are a prime example of poor database structure. You won't be able to find a record by its category, unless you search all the fields. You won't be able to define a relationship matching on category. You won't be able to produce a report of records grouped by category. I suggest you either split the field into individual records in a related table or just substitute the > character with a carriage return, so that your field contains a list of the relevant categories (same as a checkbox field would).
  5. 2 points
    Not sure I follow entirely, but in your script, just before the "Show Custom Dialog" just do a Set Field [Examples::MASTER CODE ; "" ]
  6. 2 points
    Okay, then. The first thing that needs to be clear here is this: if you want your report to show every day of the selected month, even if you have no records for that day, you will need a reporting table with 31 permanent records numbered serially and global fields for the month and year to report on. The relationship between this table (Days) and your existing table (Records) will be: Days:cDate ≥ Records::DateAdmitted AND Days::cDate ≤ RecordsDateDismissed where cDate is of course a calculation field = Date ( gMonth ; SerialNumber ; gYear ) Then you can count the related checkbox field in order to get the number of events that should be shown in each day's record. Your reporting script needs to look at gMonth and gYear and omit the appropriate number of records from the report (e.g. the last 3 records if it's February in a non-leap year).
  7. 2 points
    I would start by defining the Recruiting Event field to validate as Unique. Then make your script: Freeze Window Set Variable [$Source; Value: Person::Source] Go to Layout ["RecruitingList" (Recruiting)] Set Error Capture [ On ] New Record/Request Set Field [Recruiting::Recruiting Event; $Source] Commit Records/Requests If [ Get ( LastError ) = 504 ] Revert Record/Request [ No dialog ] End If Go to Layout [original layout]
  8. 2 points
    Hi Kathryn, welcome to FMForums! None of this should be necessary if you are properly structured. Can you attach your file or provide us a copy of your relational graph? It seems you have questions as FIELDS when questions should be records. If questions were records then one field in the Questions table could handle this translation for you. So until we know what we are working with, we can't really assist you. In general, your calculation should be using Case() instead of If() so it can handle multiple tests. However, that truly is not the best direction ... the best direction is restructuring. We can help you with it. :-)
  9. 2 points
    In my view, in the world of FileMaker Server the concerns of owners and admin with FMS11 and earlier are little different to those of FMS14 admins today. Yes, the product has developed and we now have the new appearance layer from 12 onwards, and WebDirect from 13 on. But, the underlying issue remains, how do you get to understand FileMaker Server and get the best out of it, when it is trivial to build a very "bad" FM solution that is slow and unscaleable and when FMI provides no comprehensive and clear advice? FM software does little to prevent folk using the freedom of FM in that manner, because as an "enabling" and "accessible" type of software it lacks the controls, the digital police, that a more prescriptive system may include. It also works very hard to keep users of legacy systems on-board and supported and their solutions inevitably include much that would regarded as poor design today and hence cannot easily deprecate old techniques, so FMI's options are limited. Hence my having been developing a "mobile first" design framework since April 2012, and having eventually worked out what does work, I was encouraged by various folk to develop my report on "Understanding and Tuning FileMaker Server Performance" and publish. I have also published an early version of part of the report here on FMHacks and done two videos for Richard Carlton Consulting here and here which cover some of the report material. My work has been validated by folk at FMI (who wish to remain anonymous), Wim Decorte, Richard Carlton and Alan Stirling. This is the first detailed and comprehensive report on this subject for many years, you can read it here and download a pdf here. Many of the techniques I have developed, and to which the report alludes, are included in the free and open source Deskspace dsBenchmark tool, which can be downloaded from here. I would encourage your responses, and disagreement, if you feel so moved. We all move forward by rigorously testing both the old and the new and no doubt you can offer improvements and additions to what I have constructed. Where I am persuaded, your input will be included in the ongoing Report and duly credited. The current version of my Report is of course the html pages on deskspace.com, not a dead paper document. In fact wasn't that what Sir Tim Berners-Lee had in mind when he invented and donated http, html and the World Wide Web? This ease of editing is facilitated by our new Deskspace rwApp creating the responsive web pages that comprise www.deskspace.com - but that is perhaps another story. Cheers, Nick
  10. 2 points
    [ Edit: 3/16/2016 - With the help of some other people, we have been able to recover, or recreate some of the original images from original thread. ] Security is always a big topic when it involves data, or people, or possessions. Recently, over on the FileMaker Community, there was a very beneficial discussion regarding security. Unfortunately, that discussion was the victim of a necessary action...and was deleted. It was deleted, because the discussion was tied to a video that, as was determined throughout the thread, was not beneficial to the overall community of FileMaker users and developers. When that video was removed, the discussion vanished with it. This post is specifically targeted at recompiling that discussion, because at it's core represents an important message that is necessary to convey and support. That is, creating ersatz security systems can introduce security vulnerabilities. In my experience, I have only seen 1 (one) approach that increased security while adding a 2nd factor of authentication. And it was complicated and not easily set up...and in the end, comes with it's own set of drawbacks. One of the main things I took from the below discussion ( and it's a long discussion!! ), is this: What is the point of attempting to add a layer of security that does NOT increase security?! If the approach does not INCREASE security, why would you market the approach as a security technique?! The answer to that is the reason why the video that launched the discussion was deleted. While I had much internal debate about the best way to republish the info from this discussion, in the end I decided ( with much input from others ), that just posting the discussion in it's entirety was the best thing. And in doing so, know I have, as do those that gave their input, nothing but respect for all those involved in the discussion. So that is what follows. One very important note: the discussion is one of learning. And I truly believe that no one involved in the discussion came out looking 'bad'. One could say, 'well yeah Josh, you didn't end up being wrong in the thread, so you don't care'. I assure you, I have been wrong in MANY discussions. In fact, I had a similar discussion with Wim Decorte in another thread several months before this one. As I researched, and tested...I learned not only was I wrong, I learned I NEEDED to change something in my development. Without any further introduction, here is the thread: Original Discussion Thread from Community.FileMaker.com, a Video with an interview with well-respected developer Taylor Sharpe: ================================================================= Date: August 12, 2015 at 5:42 PM ( Date of Original Video Post ) Title: Free Video>>> Two-Factor Authentication w/ Taylor Sharp ================================================================= November 27, 2015 at 8:20 PM by Taylor Sharpe Thank you for your interest in this video. It is an additional tool to the suite of FileMaker Security tools to help improve security. This video shows you how to enhance an already implemented security plan to make it even better by adding hardware verification. This tool has minimal impact on staff and uses tools currently available in FileMaker 14. This video shows how to use hardware verification as the 2nd factor authentication similar to how Google and Apple currently implement it. This tool makes use of the current security standard of verifying hardware with Persistent ID as well as FileMaker tools including a start up script and email or text messaging notifications. Additional advice: In conjunction with two factor authentication, you should make sure you already are following the FileMaker security guidelines. Security is one of the cornerstones of a good solution and you should make use of least privileges necessary for users, appropriate password guidelines, consideration of external authentication services such as Active Directory and Open Directory, client-server SSL encryption with 3rd party authentication, Encryption at Rest, backups (yes, that too is a part of security), and physical security. Caution: This 2nd factor authentication is only designed to work in conjunction with the other FileMaker security tools to enhance security and you should not rely solely on this as a single factor of authentication because it is only a hardware verification. Security is a constantly changing field. If you follow FileMaker’s Security Guidelines, you will have a robust and secure server. Additional security tools like this should be considered, as well as documentation of security controls in a security plan. There are additional tools available such as token passing, plugins with higher level encryption, biometrics, etc., that go beyond what is included with FileMaker that may have merit. At a minimum, you should evaluate your server’s security with some type of review or audit on an annual basis. I wish you all the best and encourage you to make sure an appropriate amount of time is allocated to security when you are developing your solutions. DEMO FILE: Can be found at <sample file> ( link removed ). It is UU encoded, but ready to go with full access for Admin user account and no password. Feel free to make use of the sample file to copy scripts or layouts as you may need. Appropriate credit would be appreciated. Thanks. ================================================================= November 28, 2015 at 7:50 AM by Wim Decorte To be very clear: it is NOT true 2-factor authentication since it relies on the user already been authenticated and allowed into the solution before the 2nd factor comes into play... ================================================================= November 28, 2015 at 2:16 PM by Taylor Sharpe It might be a bit of splitting hairs, but not inaccurate. You are in FileMaker in-so-much as you are logged in and being processed by a start up script for further validation. But a regular user can't escape the script. The way to meet Wim's definition of Two Factor authentication is to have some other program perform that two factor authentication prior to FileMaker's credentials or FileMaker add this security feature and it reside outside of FileMaker scripting and before getting logged in (boy that would be nice, FileMaker, Inc.!). The assumption I was working with is that people are limited to FileMaker tools and you cannot avail yourself of those tools without being inside of a FileMaker solution to run the 2nd factor script. This means things like turning auto abort off. And it is a security improvement over single factor authentication, but it is not invulnerable. For example, someone with Full Access will be able to enable the script debugger and this is a reason to be very limited on who has Full Access and make sure those passwords are strong. Tim Dietrich's FM Authenticator and others have done similar Two Factor authentications with FileMaker, but they all use a startup script like this one and are therefore subject to the vulnerability Wim points out. Just keep in mind that this can be an improvement to security assuming you have fully implemented the FileMaker security guidelines already and this is an ADDITIONAL tool, not an exclusive one. For example, it would be a bad idea to use this 2nd Factor authentication and tell people that they only have to use User ID's, but no passwords. Thank you for the comment Wim. It is good that we all understand how security works and where its weak points are. ================================================================= November 28, 2015 at 6:28 PM by Wim Decorte I don't think it is splitting hairs; it's about calling things what they are. We certainly don't want people going around saying that FM does support 2FA when it does not. I'd hate to be part of a security audit where someone proclaimed that FM does 2FA based on this or a similar approach... As to the level of security: while a user can not escape out of a script by simply pressing ESC, there are ways to stop scripts so relying on a scripted security system does not usually enhance security but rather introduces potential vulnerabilities. ================================================================= November 29, 2015 at 2:47 AM by Taylor Sharpe <Post deleted by Taylor Sharpe> ================================================================= November 29, 2015 at 7:38 AM by Wim Decorte Very disappointed in this reaction. Since when is a difference in opinion "inappropriate and unprofessional"? And I do not appreciate the insinuation that I am not a professional or worthy of working for Soliant Consulting, nowhere in my replies did I ever attack your integrity or the company you work for. If 2FA is a requirement then I would suggest using technologies that do have full & native 2FA: like logging into the OS through 2FA and then use EA for access to the FM application. I do withdraw from this conversation, not because I'm being told to by you, but because once a respectful debate over differing opinions is not welcome, then I do have nothing further to contribute. ================================================================= November 29, 2015 at 7:12 PM by Josh Ormond I am very surprised at this response, having seen the response before it was deleted. The problem that Wim is pointing out is a real issue. We can call something 2FA, but if the person is IN the file after the first factor, for compliance reasons and technical reasons, it really is not 2 Factor Authentication. Because the 1st factor allowed them in, and you can't from there stop them from accessing the file. Simply put, one can easily stop the script from running and add their device as an approved device and access everything in the file. I don't see how that is increasing the security of the file. It only gives a false sense of security. Which leads to larger problems. This file, having never seen it before, took me no more than 15 secs to authorize myself to access the file from any device I want, using nothing more than the tools provided in the file. I only need one-factor to get in now...anytime I login. If one where to promote their solution as a compliant solution using 2FA, they could be opening themselves to hefty fines. As Wim said, if 2FA is required, you need something that prevents you from getting into the file with 2 factors. Though I do like Tony White's response to this discussion in another place: Maybe we should call it "1+1 Factor Authentication". ================================================================= November 29, 2015 at 7:58 PM by Tony White Thanks Joshua Ormond for the shout out. Here is the twitter perma-link to the thread. https://twitter.com/tonywhitelive/status/670721676464779264 I implement security that uses the built in tools and at the same time am open minded to creative ways of adding to security...as long as they successfully address defined use cases. Know the rules and know when you can extend them... On a separate thread I proposed the idea of a security contest with a monetary price. https://community.filemaker.com/message/517290#517290 Interesting topic. Lots of considerations to factor in when coming up with best practices. ================================================================= November 29, 2015 at 8:22 PM by Taylor Sharpe Joshua, I deleted my own response and not FileMaker because I was offended by Wim and the way I worded the response was not professional. My bad and apologies to Wim. I think there can still be a good discussion. Two Factor means that two methods are being used for authentication. Providing additional requirements on what makes another factor a real factor or not does not make it not another Factor even if it is not as robust as other possibilities. Wim does bring up a point about why it is not as robust as other 2nd factor authentication implementations because the 2nd factor is done within the solution and not before you are in the solution. The solution I provide in the video uses the tools available from FileMaker. Within the constraints that FileMaker scripting tools provide us, it is a good security control. That is not to say going outside of FileMaker's tools or asking FileMaker to build a second factor authentication into the application would not be better, but those are not tools readily available to most of the users here. The solution provided improves security and it is a second factor of authenticating even though Wim correctly points out the 2nd factor is done within the solution. The point I am making is that implementing this 2nd factor authentication, even with its limitations, is better than not implementing it. There are a lot of OS level two factor authentication solutions including not only User ID/password, but tokens, or VPNs that would be required before you would have access to the FileMaker solution. They may be worth some discussion here too. But those are beyond what is trying to be addressed in this type of solution. ================================================================= November 29, 2015 at 9:40 PM by Josh Ormond I get the attempt. The concern I have with it is, it required only 1 factor for me to be in the solution and using it. If I didn't provide an email, it let me use the file anyway. Without ever requiring factor 2. In Tim's solution for what he also called 2FA, at least the user was left in a low-level account. But even with that, I could edit and hack the file to pieces. Simply because I could get in. Authentication itself is the process of deciding if someone has authorization for access. Two factor authentication is at it's core really supposed to happen before the person gets in the file. FileMaker doesn't provide a second access control for logging in. Though I do wish they did. It should be a feature request. For reasons exactly like this, the data is at risk once the person is in the file. Even worse, for something that is script driven, I can stop the script from running and there is no trace that I even logged into the file. I'm not hear to add fuel to an argument. Simply to voice a warning that for even a fairly new user, the approach can be easily circumvented...and when it comes to compliance, users/owners/database admins, need to know that. I would hate to see someone get hit with fines because they assumed an add-on security method was "safe". For compliance, there are other ways to secure the file and the data. Security 'add-ons' typically don't add any security. Just another layer of steps to get in. I say this simply because I have see too many solutions that owners thought were 'safe'...to which I was in reading them sensitive data while they were still explaining how to login the 'right way'. And I'm glad to hear why you deleted the post. Both yourself and Wim are worthy of greater respect. ================================================================= November 29, 2015 at 11:00 PM by Taylor Sharpe Josh... I gave you a file with Admin and no password. This is a completely OPEN Admin with Full Access and no password. Of course you got in. You would not have gotten in with one where it automatically logged you in with Admin and Full Access. So you would not have gotten past the first factor, let alone the 2nd. This database was left open as a development tool. Hacking it is as simple as opening it up because it defaults to the Admin with no password. You did not hack into it and your comments to this effect are not helpful to people reading this discussion. It implies you have some ability to defeat this solution when properly implemented and you have not provided any information to show that you have those skills, making me doubt that you can. But I will be glad to provide you a hosted solution properly implemented and be glad to give you a shot at it. OK, that aside, Tim's solution did get you in with a low level User Account instead of whatever account you are in. The reason I went the way I did was because this is supposed to make things easy on staff instead of dealing with multiple logins and multiple passwords. The goal was to improve security while making it easier on the staff. This solution adds significant security with very minimal impact on staff. No it is not a perfect solution, and no control in a database ever is and you are should have many controls in a secure system. Most security plans identify hundreds of controls in every solution. You have to have multiple layers of control from least privileges to encryption. This 2nd Factor is NOT a sole security tool. It is used to enhance security with minimal impact and be easy to implement with the tools FileMaker provides. This control as a 2nd Factor authentication is not perfect and is designed to work in coordination with other security controls. If you know about security plans, you know that most controls have some weaknesses. But you do not dismiss a control that is generally effective because where one control may not stop an intruder, another one will and it is the combined effectiveness of controls that makes the security. Removal of an imperfect control can weaken a security plan and removal of controls has to evaluate whether their imperfection is beneficial compared to not being there at all. I still stand behind this being a simple solution that enhances security with minimal effort and using tools already provided by FileMaker. I challenge that those of you dismissing such a simple control that benefits security are lacking in good security judgement unless you are providing some improved alternative. ================================================================= November 29, 2015 at 11:19 PM by Josh Ormond I am not dismissing it completely. If some choose to use it, that is part of their own risk assessment. I do challenge the name. Primarily because I can prevent the 2nd factor from ever firing, very very easily. I am aware of how you set up the file, and it's intent. I will assure you my test was thorough. I have tested several of these types of security measure. In some cases businesses decided to continue to use it. It was simply a user "trust" mechanism. In the meantime, we secured the file by other means. Some left it as is. Some abandoned it completely. That would be the owner's decision to make. I will also step of of the conversation. I think there is just a core difference in the thought about what increasing security means. Which is at the heart of the matter. I hope for the best for you. ================================================================= November 30, 2015 at 8:50 AM by Wim Decorte Taylor Sharpe wrote: “I challenge that those of you dismissing such a simple control that benefits security are lacking in good security judgement unless you are providing some improved alternative.” An improved alternative was already mentioned earlier: do the multi-factor authentication upstream from FileMaker. These security implementations are never done in a vacuum and all angles should be considered, not just how the behaviour can be mimicked in FM. The first thing to be open about with the customer is that FM does not do native multi-form authentication. So the alternatives are: - discuss with the client how 2FA can be done before the solution gets launched and how it can be combined with things like External Authentication for the FM solution. This keeps all authentication strictly at the FM security level and does not add any vulnerabilities. - discuss the security risks of the FM scripted approaches to mimic 2FA and if those are acceptable given the risk appetite of the client and the compliance requirements. If neither are acceptable to the client then FM is probably not the right platform for the solution. ================================================================= November 30, 2015 at 9:38 AM by Taylor Sharpe Josh, I don't think really do understand. But I am more than willing to eat crow if I have misspoken and certainly willing to learn. So I have hosted the file on my development server at <link removed>. Please let me know when you are able to get in and how you did it. Thank you, Wim. I concur with you that an "upstream" approach can be a good one to implement two factor authentication. And most everyone has some type of upstream security even if it is as basic as a User ID and password to get into a computer, but many companies do a lot more such as some form of 2 factor authentication, VPN connection, tokens, etc. I also agree with you Wim, that FM does not have native multi-form authentication at the application level. But that is something us developers can't control, and something I would encourage FileMaker Inc. to consider in future versions. It would be a nice security improvement tool. However, within the tool set available to FM development, the 2 Factor authentication described above works and improves security, and will have a smaller hurdle to implement than most of the suggestions you have made. My goal was to keep things simple with the tools available inside of FM to improve security, and I have met that challenge within those criteria. ================================================================= November 30, 2015 at 9:41 AM by David Zachary I’ve been watching this thread with interest and a degree of amusement. My post may not have any substantive benefit to the thread, but it makes me feel good. It reminds me of when Bill Clinton was going through his impeachment hearings. During an interview he was asked "was it sex?" and straight faced he replied "it all depends on what your definition of 'is' is". This thread has gotten to that point - what is the definition of 2FA? Clearly there are different opinions. Having both parts of a 2FA system inside of a FileMaker solution, while technically 2 factors, is like having an alarm system on your house to compliment the door lock. You feel secure but somebody fast enough with enough skill can still break in and grab something valuable quickly. You've got 2 security measures but still got robbed. The better solution is to have an electrified fence and a moat around your house - everything of value is protected by measures not directly connected to the house. FileMaker security should be the final line of defense, not the first and not the only. Calling a system that has both factors inside of the target database as supporting 2FA is dodgy unless all parties are using the same definition of what 2FA is - while you say its 2FA, any client that has to follow government or corporate-defined 2FA specifications will likely disagree. I'm not going to repeat what others have said (too much), but FileMaker does not natively support a 2FA system. You have to do it elsewhere. If your data requires that level of security, you need to look at supplementing the security infrastructure outside of FileMaker, long before an intruder gets to the FileMaker-level. Thankfully Stephen Blackwell isn't on here much anymore. He would have probably had a stroke by now. His views on custom-developed security methods are well documented. Back to watching from the sidelines. ================================================================= November 30, 2015 at 10:09 AM by Josh Ormond I understand both the intent of what you are arguing for, and have in the past felt the same way. However, I think you misunderstand me. FileMaker's own built-in security is in itself the strongest security you can get with FileMaker. By turning on EAR, securing the physical server, setting up proper privilege sets and users, and limiting the ability to edit/create/delete privilege sets, and by using Extended Privileges, and in many cases using EA...you are secure and safe with your data. With that, without the user name and password, one can NOT get into a hosted file remotely. That is one of the great parts of FM security. And you know that part as well. What I am saying...the average user can stop your second factor, very easily...so it does not enhance the security. I have seen so many poorly implemented security add-ons in FM. Because the developer or user was trying to imitate another security functionality. It looked like they were enforcing 2FA...but in reality not even one of the users actually ever completed the 2nd factor. In essence, it feels like putting a second deadbolt on your door, but putting the lock handle ( normally inside ) on the OUTSIDE. It doesn't do anything, other than give some more strength to the door...so someone would have a more difficult time kicking in the door. But if someone already has the key for the other deadbolt...they simply spin the lock handle and walk in. Zero added security. In this case I need to nothing other than stop the script from running. So with a log in, I can log in from ANY device. Not to mention there are serious problems with Get ( PersistentID ) on Windows, so it's simply not reliable. ================================================================= November 30, 2015 at 10:19 AM by Taylor Sharpe OK, Josh, this moves us forward some and thanks for the comments. How about this, what if I put a non-Full Access User account in that File. Are you able to defeat the 2nd factor? For example, I just added a "Josh" account with no password and it is set for the privilege set "Data Entry Only", but has no authorized devices. Also, I'm interested in learning more about the problems with Get ( PersistentID ) on Windows. ================================================================= November 30, 2015 at 10:32 AM by David Jondreau “without the user name and password, one can NOT get into a hosted file remotely." That is the whole point of 2FA. You can put all the locks on the doors you want, but if your user leaves the key under the mat, your file is compromised. 2FA is not some miracle security feature. It simply is a philosophy that to improve security, users should have 2 of 3 different things: something they know (username/pass); something they have (a specific cell phone); and/or something they are (a fingerprint). Yes, the line between some of these categories is blurry, but the point isn't to get involved in a semantic debate of whether a fingerprint is something you are or something you have. The point is to improve security. I have not watched Taylor's video (I hate watching videos). But I have looked at the sample file, which in my opinion, doesn't do a great job at improving security since the only user account is full access. But it's a sample, for developers to look at, so it's not a real world scenario. And maybe there's more in the video. Regardless, the point is the file already requires a username and password. Taylor is *already* doing the minimum of requiring one factor (something you know). He is adding on an additional "factor" of a device. Is the implementation effective? I'm not sure, but I certainly don't see where the criticism of the underlying principle is coming from. ================================================================= November 30, 2015 at 10:46 AM by Josh Ormond 6 Months ago, I would have written the same thing you did. However, having seen a similar 2FA system implemented and relied on in a medical environment, unless there is something else involved does not meet some of the compliance standards. Penalty fees are typically based on the number records. I have seen customers get fees into the $10s of thousands of dollars as a result. That is the primary reason for the strong reaction. If a customer wants to use it, that's up to them. I'm not opposed to it, as long as the purpose is to simply increase security. The reference to leaving the key out is a user thing. I am referencing the developer actions. The user behavior is a separate issue from file security. ================================================================= November 30, 2015 at 10:49 AM by Josh Ormond With the current setup, the data-entry account can't even fire the startup script. So even with an authorized device, one could not get in. ================================================================= November 30, 2015 at 11:01 AM by Taylor Sharpe Oh, you are right, Josh. I didn't give the Data Entry fmapp extended privilege set. I have fixed that now. ================================================================= November 30, 2015 at 11:18 AM by Richard Carlton Very interesting. Taylor, ideally you wouldn't spray the table of secure data on screen... but I guess that makes the hack that much more interesting. LOL! I guess we have Taylor's 2nd authentication. So the challenge now is to stop the script and get access to the file... or otherwise spoof it with Taylor's info. Josh, if you know how to hack this... that would be alternately cool... and also scary to see. Its not immediately obvious to me how to stop the script engine. I am genuinely curious how you do this. I think for the point of the exercise... we should assume EAR is enabled... and so reading network traffic with a packet analyser won't work. - RC ================================================================= November 30, 2015 at 11:29 AM by Taylor Sharpe Richard, yes, I didn't mean to mess that up for Josh, but it is fixed now so the Josh account can get in and I did it to confirm it works. And, yes, EAR has been done, SSL 3rd party encryption is on, and using FileMaker Security (not AD/OD). Running on FMS 14.0.4 on a Mac OS X 10.11.1 Mac Pro Black Cylinder. ================================================================= November 30, 2015 at 11:41 AM by Richard Carlton Ok... well... let's make it fun. I'll put up $200 for anyone who can hack the file and get into it in a meaningful way. Read only access would be good enough... to be able to read another layout with data on it. To Win, you must be able to do a screen share to demonstrate how you hacked the file... and I get to interview the winner. Then you get the $200 USD. - RC ================================================================= November 30, 2015 at 12:40 PM by Josh Ormond Dangerous. You are going to owe me $200. Note, not only did I get in, I authorized myself for future log-ins, and altered other data. And if I wanted to be nasty, I can lock everyone out by hosing the PersistentID. Did you want to see the Device Access also? ================================================================= November 30, 2015 at 12:43 PM by Josh Ormond Here are the approved devices also. Note in both of these screen shots, the Persistent ID isn't not even the one from my machine..it still lets me in. ================================================================= November 30, 2015 at 12:53 PM by Wim Decorte Ha, you beat me by about 10 minutes. In case someone wants the data in excel... Information copy.xlsx ================================================================= November 30, 2015 at 1:31 PM by Taylor Sharpe OK, good job Josh and Wim, in breaking the 2nd factor. I guess this means you got around the Allow User Abort Off, which I am not sure how that is done. Would you like to share with us how you did that step? I just want to learn more about this and kudos to both of you. Lets just make this a learning thing. Thanks. ================================================================= November 30, 2015 at 1:41 PM by Wim Decorte Working on that. But at the risk of sounding unduly snotty: this kind of info needs to be part of bigger message that is being worked on; so "not yet". For now the focus point is on not trying to roll your own security using tables and scripts. Stick with the native FM features. Your first factor works like it should. ================================================================= November 30, 2015 at 1:43 PM by Richard Carlton Hi Josh, I wouldn't say $200 if I didn't mean it. LOL. Hell, I frequently give cash away to presentations to make sure people are not sleeping. :-) Please arrange to call me to discuss. - RC ================================================================= November 30, 2015 at 1:46 PM by Josh Ormond Will you be at DevCon next year? Maybe we can show you in person. Definitely not something I would post in a public forum. The main thing is that anything you allow me to do in the privilege set is the only thing that determines what I can and can not do. Scripts do not prevent anything. Obscurity does not prevent anything. ================================================================= November 30, 2015 at 1:48 PM by Taylor Sharpe wimdecorte wrote: “Working on that. But at the risk of sounding unduly snotty: this kind of info needs to be part of bigger message that is being worked on; so ‘not yet’.” Take your time... I just want to learn and make sure others are learning too. Your input is appreciated. ================================================================= November 30, 2015 at 1:50 PM by Richard Carlton Frankly...this is an excellent conversation. I like it... as it allows for valuable knowledge sharing. Just telling people "don't do it"... isn't always the best way. - RC ================================================================= November 30, 2015 at 2:03 PM by Josh Ormond This is a good, brief read. And also has a link to Stephen Blackwell's info on the FMPug site. http://fmforums.com/blogs/entry/830-an-exploit-based-approach-to-providing-filemaker-platform-security/ ================================================================= November 30, 2015 at 2:04 PM by Wim Decorte Richard Carlton wrote: “Just telling people ‘don't do it’… isn't always the best way.” Yep. The "why" has been covered many many times however. Steven Blackwell has talked about this at many devcons for instance. ================================================================= November 30, 2015 at 2:18 PM by Taylor Sharpe Yes, what was stumping me was I understood how Wim got in looking at tables. I didn't understand how Josh saw the actual layouts since he posted a picture of it. Anyway, I've changed the Security "File Access" to require full access privileges to use references to this file. So that would fix that vulnerability and it is a good point to remind people about before moving a database into production. And Wim reminds us that Mr. Blackwell shows us this technique at Devcon and he did this past summer too. It does make you wonder if that should start to become a default setting on new files. ================================================================= November 30, 2015 at 2:19 PM by Taylor Sharpe oh, when I reposted it with the fix, I removed Josh and created Wim with no password. ================================================================= November 30, 2015 at 2:25 PM by Richard Carlton Yah...that security setting needs to be more prominent. I remember people doing this in the FM 5 and 6 days. ================================================================= November 30, 2015 at 2:43 PM by Richard Carlton Cash Payment Made $200 to Josh!!! I always make good on our contests. ================================================================= November 30, 2015 at 3:33 PM by Wim Decorte Richard Carlton wrote: “Yah...that security setting needs to be more prominent. I remember people doing this in the FM 5 and 6 days.” Agreed. The whole security interface needs to become more intuitive and complete. Note that closing this particular hole does not make the scripted 2nd factor safe though I'm traveling this week so I won't have to play with this anymore until the end of the week. ================================================================= November 30, 2015 at 3:45 PM by David Jondreau I can think of at least 3 ways in. I'm not sure what Josh and Wim have been up to, but one was File Access. The second I'm still playing around with and it may be similar to Josh. The third is a much bigger deal. ================================================================= November 30, 2015 at 5:48 PM by Richard Carlton Yeah... the File Access Trust features should have been enabled. Thats low hanging fruit. The rest of these are more interesting. - RC ================================================================= November 30, 2015 at 6:15 PM by Matt Petrowsky What I've got to say is tangential to the immediate topic, but I've been wanting to say it for a while. I've been stewing on this whole "ersatz" security thing for quite a while. While I will fully agree with advising the general developer population about not creating their own login system, there are times and places where it's warranted. In particular, if you are wanting to use FileMaker as a development tool for end-user solutions where you really don't want to deal with FileMaker's account limitations. To that end. I'm posting a PDF I just created about the security model I use on systems where I DO create my own ersatz login system. Poke holes in it and tell me where you think it might fail. I think it's pretty robust - since it simply emulates the whole login system of most modern software. Please review and send feedback. I can start another thread, but I see that the people who are here now will see this and provide me with feedback. The biggest argument I have against the "FileMaker security only" proponents is that just because you can get into a FileMaker file does not mean you can do whatever you want within the file - especially, if you know how to limit the risk exposure. I make the analogy that if I can go to your web site and see some stuff then it's no different than opening a FileMaker file and being able to see some stuff. Moving from one level of access to another always boils down to one line of code somewhere. I look at FileMaker the same way. I can let you into my file, but I won't let you do or see anything I don't want you to. Check out the attached PDF and tell me what you think. https://dl.dropboxusercontent.com/u/1211710/Secure%20FileMaker%20Login%202015-11-30.pdf ================================================================= November 30, 2015 at 6:46 PM by Taylor Sharpe Good read, Matt. I've just been through it once and it seems very thorough. I'll have to chew on it a bit to see if I can think of other things. While sticking with FileMaker security is the safest and easiest, I know there are some times when we need something different. While this seems very foreign to FM, it actually is rather common in SQL engines to have stored User ID's and hashed passwords and maintain privilege sets, etc. One real benefit of FileMaker is how strong and simple their built in security is integrated into a solution and how much harder it is to do in other systems where security isn't built in. Thanks for the PDF, Matt, and I'll be doing some more reading on it. ================================================================= November 30, 2015 at 8:46 PM by Josh Ormond Lots of good stuff there Matt. There are probably a few ( very few ) developers in the community that I think could execute something that is very secure. But I have only ever seen 1 such system as of yet, and it was way outside of normal thought. And unfortunately, from a developer that is not longer active anywhere and their email is defunct. When I had seen the file 6 years ago or so, I was too much of a newbie to know exactly what I was looking at. The issue, even for the best of developers, that I see is...in 6 months, you have changed your approach for things slightly. It requires a complete rework ( or reminder ) of your security settings to ensure you don't open a hole. With any restriction that is imposed via script, it can be completely circumvented and data viewed/stored outside of the database. It's clearly something that is on the mind of any developer of any platform. But all one needs is the privilege set to allow the user to view data. I definitely see a great need for a more robust security scheme. I would like to see native 2FA in FileMaker. That is at the top of my list. Outside of that, FM security and Extended Privileges, and External Authentication have served me for almost everything I've needed. ================================================================= November 30, 2015 at 9:57 PM by Wim Decorte Matt Petrowsky wrote: “The biggest argument I have against the "FileMaker security only" proponents is that just because you can get into a FileMaker file does not mean you can do whatever you want within the file - especially, if you know how to limit the risk exposure.” Hi Matt, In that "knowing" lies the conundrum, right? To loosely quote Mark Twain: "It is not what you don't know that hurts you, it is what you know that isn't so". I think the overall discussion would be much easier if more people acknowledge that scripting your own security solution introduces more risk potential, not less. Risk can be mitigated but it relies on a very solid understanding of the behaviour of FM on all levels, not just the security level. Every new and changed FM feature behaviour bears the risk of blasting a hole in the ersatz model. That acknowledgment is what I do not find enough in these discussions. There is a long-standing myth that pretty much any ersatz security model is just as secure or even more secure than the native security features. And that is simply not so. As this thread has proven. I am on the road right now so I have not had a chance to review your document. Will do so and then return to this thread. ================================================================= November 30, 2015 at 11:04 PM by David Jondreau I have some warnings to give, but am not going to post publicly. I'm trying to send a private message, but it's not going through. I'll try again after posting this... Taylor, you've made some changes to the server since this afternoon. That's the first step. To answer the original challenge: The easiest answer is simply to use ExecuteSQL() in the data viewer. Using one statement to grab the table schema, and another to grab all the values. Even with the custom dialog, the data will show up on hover. https://community.filemaker.com/servlet/JiveServlet/downloadImage/105-9612- 19278/Screen+Shot+2015-11-30+at+1.51.48+PM.png <image lost> ================================================================= November 30, 2015 at 11:59 PM by Matt Petrowsky Wim Decorte said: “if more people acknowledge that scripting your own security solution introduces more risk potential, not less. Risk can be mitigated but it relies on a very solid understanding of the behaviour of FM on all levels, not just the security level. Every new and changed FM feature behaviour bears the risk of blasting a hole in the ersatz model.” Exactly my point in providing the information I did in the PDF link. I look forward to your feedback on it! ================================================================= December 1, 2015 at 12:23 AM by Taylor Sharpe David Jondreau wrote: “Taylor, you've made some changes to the server since this afternoon. That's the first step.” To answer the original challenge: The easiest answer is simply to use ExecuteSQL() in the data viewer. Using one statement to grab the table schema, and another to grab all the values. Even with the custom dialog, the data will show up on hover. https://community.filemaker.com/servlet/JiveServlet/downloadImage/105-9602- 19267/Screen+Shot+2015-11-30+at+1.51.48+PM.png <image lost> The only change I made was with the easy way you can use a TO in another solution to see data in the original solution if you have the same User ID/password and that had already been provided. So all we did was change the File Access security so you can't add a table from another solution without Full Access. David... good example of how ExecuteSQL can be used to view things in the data viewer and it does give you access to schema. That lets you read data, but doesn't let you change it and not sure how this would be used to stop the Persistent ID verification. But clearly that is something that in the security world you don't want done. I guess this is why Tim Dietrich's system had an intermediary user ID log in for the Persistent ID verification and that User ID had very limited table access and only to verify the Persistent ID and connect with a User and their Email. You would be in the solution as Wim notes, but not at your normal User ID access level. And upon verification, have a re-login with your normal User credentials. And that would be a better solution. Thanks for the thoughtful input. ================================================================= December 1, 2015 at 1:03 AM by David Jondreau Hmmm...You've made other changes to your server. Not to that file per se...but I'll save that for a private message. Point is I can see all the data that user has access to. I can't change it. But I can easily view any data. And that took less than a minute. There are other points about how to change data that I'll put in a private message as well. ================================================================= December 1, 2015 at 2:51 AM by David Jondreau And here's my entry... ================================================================= December 1, 2015 at 9:06 AM by Taylor Sharpe Impressive David to see the Persistent ID script hack. I'm more interested in this hack than the File Access one since I already knew about it. But you got through with File Access turned off. Kudos. ================================================================= December 1, 2015 at 9:12 AM by Josh Ormond Any time the privilege set allows the user to be able to edit the data, any of the external APIs will allow the user to edit the data. Even with this item fixed, the user can still view the data and extract it. The strongest security in FM is FM's own privilege sets. As the conversation with Matt and Wim brings out, there are ways to MOSTLY secure the file. However, one needs to be aware of the risk and then decided through a risk assessment if it's worth it to take on that risk by using an ersatz model. It's difficult to claim that an ersatz model "increases" security. Because there are too many variables in a solution to claim that. If it's a workflow you want to include, that's one thing. Touting it as a security model, well, that makes me uneasy. ================================================================= December 1, 2015 at 5:26 PM by Taylor Sharpe +1 Josh ================================================================= December 4, 2015 at 12:18 AM by Josh Ormond I read a very funny post today. Truth, but funny. http://fmforums.com/topic/98626-password-to-continue-script/#comment-448504 Here is the part of the post that touched me funny. Kris M wrote: “Implementing a security feature using scripts and stored credentials is problematic. Its like whack-a-mole to cover all the potential threat vectors.”
  11. 2 points
    For fields like active where the value is either 1 or 0, that's easy and fast. But searches where you want to check for partial matches you have to use the LIKE operator and that is not always very performant. So test carefully. If you can use 14 you'll find that performance for the LIKE operator is much better. Also remember that SQL queries are case sensitive so looking for "Design" will not find "design". So if you have to use both uppercase/lowercase operations in addition to LIKE you may not have the performance you're after. How many records? BTW: the whole setup of how Accounts is hooked up to the display layout is irrelevant, SQL queries are context insensitive.
  12. 2 points

    Version 1.0.0


    Indats Icon Manager is an SVG Icon viewer and manager, that makes it easy to view, edit, and export SVG's that play nice with Filemaker 14 buttons, and button bars. The tool is free to use, and all icons are provided royalty free by Metro Studio's Syncfusion. There are about 4,000 icons, and 26 different categories. That should be more icons than anyone could ever want! For more information you can check out my blog post here: http://www.indats.com/2015/06/15/indats-icon-manager/ File Requires Filemaker Pro 14


  13. 2 points
    ​Those are two different questions. Each layout "uses" one table only. More precisely, each layout is defined to show records from a specific table occurrence. OTOH, any layout can contain fields from other (related) tables.
  14. 2 points
    11 thru 14 Filemaker_Yosemite_Icons_11to14.zip
  15. 2 points
    Rob, 13.0.v5 came out during the "Heartbleed" media blitz regarding around August of 2014 http://thefmkb.com/13886 and also added support for Yosemite (10.10) 13.0v9 addresses other SSL concerns http://thefmkb.com/14568 If you are deploying your solution without ANY SSL enabled then you can pretty much upgrade at will. If you are using FileMaker's SSL now for TESTING ONLY you must update server first then clients & FMGo (which may already have been auto updated on iOS devices ) If you are using your OWN custom SSL Certificate it's still recommended to upgrade your server first install your SSL make sure it's working then install the updates to all the other clients. FMI has made every product's vRev v9 so to eliminate confusion and mismatched version numbers as the update encompasses the same patches to all products. If you are deploying in a mixed 12/13 environment then update FMP 13 first and then also update 12 which they also updated as well. http://thefmkb.com/14557
  16. 2 points
    The benefit of calculation fields (whether stored or unstored) is that they are declarative rather than imperative — you don't have to do anything for them to update when you change some of the data they are based on; they just happen, like a calculation in a spreadsheet cell. The downside to calculation fields is that they just happen, and you have limited influence over when to incur the computational cost of evaluating them. This is especially a problem with calculations based on data from many related records, which will be slow, and can happen at inconvenient times. A lesser downside is that sometimes they don't just happen, and it can take substantial study and experience to fully understand when they do and don't update. The benefit of calculation by script is that you have much better control over when (and now where, with Perform Script On Server) the computation happens — it happens when you trigger the script. Scripts can also often organize complicated calculations better than fields. The downside is that when users change source data for a calculation, it's up to you to refresh the result; FileMaker doesn't try to handle it for you. Perform Script On Server offers a performance benefit when your calculations are based on source data that the users are not already looking at, so that source data does not have to be transferred over the network to perform the calculation on the client machine. If the users are already looking at the source data on their screens, Perform Script On Server will not necessarily be faster, and may even be slower. Servers are usually higher-powered computers than client machines, but servers also have a lot of other processes on their minds; and communicating with the server happens over a network, which is the slowest bottleneck in the whole application. I don't know enough detail about how the calculations work in your particular solution to be able to suggest what set-up is likely to be fastest. Even if it did, the advice would probably boil down to the same thing anyway: test all the combinations you can think of, and use the one that turns out to be fastest.
  17. 2 points
    Why 01-36, when there are (you say) 53 balls? Anyway, try it along these lines: FilterValues ( "01¶02¶03¶04¶ ... ¶51¶52¶53" , List ( One ; Two ; Three ; Four ; Five ; Six ) ) This will return a sorted, return-separated list of the 6 numbers, which you can arrange any way you like. --- If you do have a value list of the 53 ball "numbers" (with leading zeros), you can use that instead of enumerating them again: FilterValues ( ValueListItems ( Get( FileName ) ; "YourValueList" ) , List ( One ; Two ; Three ; Four ; Five ; Six ) )
  18. 2 points
    That doesn't help much unless you also: Open FM Help and read about the function. Create a test file Create the function in a calculation or your data viewer 'watch' tab (preferably both) Try the Help example and/or to repeat the thread's discussion you are reading Enter different sample data and view your results Then in Data Viewer 'watch' tab, comment out the calculation portion of the Let() (see red below) and enter each Let() variable individually (see blue below) to view what each piece does.: Let ( [ date1 = Date ( Month ( YourDate ) + monthsAhead ; Day ( YourDate ) ; Year ( YourDate ) ) ; date2 = date1 - Day ( date1 ) ] ; /* Case ( Day ( YourDate ) > Day ( date1 ) ; date2 ; date1 ) */ date1 ) Portions of each variable can also be broken apart. Before Data Viewer, I would create these test files and calculations and put in sample data and bingo ... the logic becomes clear as I entered different data. Now with Data Viewer, most testing takes place in 'Watch' where I use Let() to add my sample data as variables and view the results but I still also create several sample records for testing because it is the only way to replicate auto-enter (replace) calculations and it also is the only safe way to guarantee you are replicating the exact behaviours you are testing. If you take the time to do this, you will pick it up far faster than just trying to force something into your brain that you cannot view in action. Watching the data adjust as you manipulate the calc is pure exciting magic. :-)
  19. 2 points
    It's been a long time since I have tested this, and it's always good to test again in order to see what optimizations have newer versions brought. What I see (in version 11) is this: Perform Find [ Criteria: Data::Indexed: “$searchPhrase” ] - 1 second the first time after the file is opened; subsequent finds are instant. Perform Find [ Criteria: Data::Indexed: “==$searchPhrase” ] - 5 seconds the first time after the file is opened; subsequent finds take between 1 to 2 seconds. Perform Find [ Criteria: Data::Unindexed: “==$searchPhrase” ] - 5 seconds. Draw your own conclusions.
  20. 2 points
    A more detailed explanation would be useful, IMHO. As it is, I can only guess you want something like = Let ( [ start = Position ( username ; "(" ; 1 ; 1 ) + 1 ; end = Position ( username ; ")" ; start ; 1 ) ; id = Middle ( username ; start ; end - start ) ] ; Case ( IsEmpty ( id ) ; LeftWords ( username ; 1 ) ; id ) ) This tries to extract the portion of the text that is between parentheses. If the result is empty, then it returns the first word in the field.
  21. 2 points
    It seems you want only 'number' characters? You might also use: GetAsNumber ( theField ) or if this is auto-enter, GetAsNumber ( Self ) But if you wish to retain numbers, you might change to type number; knowing the purpose of the request helps a bit here, i.e. whether needing to retain leading zeros etc. in which case GetAsNumber() would not work.
  22. 2 points
  23. 2 points
    Try: Let ( dot2 = Position ( Version ; "." ; 1 ; 2 ) ; Case ( dot2 ; Left ( Version ; dot2 - 1 ) ; Version ) ) -- What the heck, let's have another: Substitute ( LeftWords ( Substitute ( Version ; "." ; ¶ ) ; 2 ) ; ¶ ; "." )
  24. 2 points
    1. Filemaker calculations do not loop. 2. Since you have the Advanced version, you can write a custom function. A custom function can be recursive (i.e. it can call itself in a loop). 3. Looping is not required to solve the current problem. Try = Let ( [ diff = Date2 - Date1 ; periods = Ceiling ( diff / 28 ) ] ; Date1 + Case ( diff > 0 ; 28 * periods ) ) or, if you prefer = Date1 + Max ( 28 * Ceiling ( ( Date2 - Date1 ) / 28 ) ; 0 )
  25. 2 points
    Rather than performing math on just the Month component, use the complete date, then pick it apart again; e.g. … Let ( [ cd = Get ( CurrentDate ) ; fiveAgo = Date ( Month ( cd ) - 5 ; 1 ; Year ( cd ) ) ] ; Month ( fiveAgo ) & "|" & Year ( fiveAgo ) ) returns (today) "12|2013"
  26. 2 points
    I would suggest = Case ( number < 10^3 ; number ; number < 10^6 ; Round ( number / 10^3 ; 0 ) & "k" ; Let ( n = Round ( number / 10^6 ; 2 ) ; Int ( n ) & SerialIncrement ( ".00" ; 100*Mod ( Abs ( n ) ; 1 ) ) & "M" ) ) The two most significant differences between this and Daniele's method can be seen when number = 1999 (1k vs. 2k) and when number = 1999999 (2M vs. 2.00M).
  27. 2 points
    One of my favorite features in 13 is by far the Hide objects feature so that you can hide an object when certain conditions are met.  The results save hours of countless other workarounds that we've employed in the past, such as hidden tab panels. or making text 500 points or 1 point and try to get it to blend in to the background.   It's taken me while to articulate an issue I have had when working with this feature. We know the string that you enter will be evaluated to a boolean result and TRUE or 1 will indeed hide the object FALSE or 0 (Zed for those outside the States )  will show the object. This is just fine for most objects, but I have found that many times the object being hidden may be a calculation or may also have a fair amount of formulas for conditional formatting to display properly. The string(s) being evaluated on these items tend to be written in the POSITIVE or OPTIMISTIC mindset - for example; an object is placed on the layout and the invoice status is paid make it GREEN. However you have to do a mental flip to make the object invisible / hidden when the invoice is NOT paid.  Hide Object When  [ invoices::status ≠ "paid" ]   So I wrote a very basic custom function that makes this feature a "SHOW OBJECT WHEN"    ShowObject ( when )  not GetAsBoolean ( Evaluate ( when ) )   This wrapper will take your string ( in the positive mindset ) and inverses the result so that your objects will show or hide when the condition is met.   Conditional Formatting: invoice::status = "paid" | FILL GREEN   Hide Object When: ShowObject ( invoice::status = "paid" )   I am just now starting to employ this and feel its helped in productivity.   Hope you find this helpful.   Cheers   Stephen
  28. 2 points
    1. Add a global gDate field to the Employees table. This will be the field with the drop-down calendar. 2. Change the gStartDate field to cStartDate (Calculation, Unstored, result is Date) = gDate - Day ( gDate ) + 1 3. Change the gEndDate field to cEndDate (Calculation, Unstored, result is Date) = Date ( Month ( gDate ) + 1 ; 0 ; Year ( gDate ) ) Hint: format the gDate field to show only month and year.
  29. 2 points
    One of the problems with having Notes in a single field is that a User can mess it up very easily, changing/deleting other Users' entries. If you use records for your Notes then you can use Security that a User can only change their own entry. Notes and Comments fields can also get quite large and having those fields in every table can be expensive to download large text blocks to client. So even if there is only a single Note or Comment for a record, I place them in another 1:1 table to ease download demands. I use a single Notes table and all tables feed into it. There are many ways to accomplish it depending upon your version. You can have foreign keys to each of your other tables and use 'allow creation' so they all just create their records in Notes. You can use a single 'external' foreign key which holds UUID or custom function UUID so all tables use the same key in writing through or you can use scripts to create your Notes records. But regardless the method, sharing a Notes table and a Documents table come in handy and yes I agree completely with Wim that Notes should be records. Oh, and once you have your Notes table established, you can display them with the technique mentioned by thong127 if you wish!!
  30. 2 points
    Yes, just set up the accounts you need. Remain calm. What's most important to think about are the roles Steven mentioned. I.e., the privilege sets. Those are what control your security and are generally what your scripts will reference, not individual account names. The privilege sets must be set up in each file regardless of whether you use internal or external authentication, Citrix, WebDirect, etc. etc. External authentication is essentially just a convenience, especially if your organization is already using AD or OD. The more files your solution comprises, and the more users you have, the greater the convenience: you only need to add the AD groups to each file (e.g., management, accounting, sales) rather than a FileMaker account for each user. The real magic is when you add a user to an AD group -- that user instantly has access to every FileMaker file that authenticates to that group. Sweet! (We have hundreds of users here, and dozens of files.) Note: full access accounts should not use external authentication -- that's a security risk.
  31. 2 points
    Hi this is a different approach to the problem. Split Word.zip
  32. 2 points
    The opacity option in the color palette, is a great way to reduce development time. In the attached example, each state (normal, hover, pressed) of the navigation buttons are filled with a certain opacity of white or black. When objects are setup like this, they will adopt the colour behind, which make the objects very modular. TheBeautyOfOpacity.fmp12.zip
  33. 2 points
    None of them is very easy to describe. There is also an additional complication in: I am not sure how that's done. For now, I am going to assume that each record has a Rank field, indicating its order among its siblings. How this field gets populated is a separate issue. Note also that records need to be related by ID, not by name (which you may want to change, without breaking the relationship). So our starting point is something like: TopicID Topic ParentID Rank 1 filemaker pro 0 or empty 1 2 complex calculation 1 1 3 custom functions 1 2 4 balsamiq mockups 0 or empty 2 5 features 4 2 6 price 4 1 Now we need to define a calculation field cParaNum (result is Text) = Case ( ParentID ; Parent::cParaNum & "." & Rank ; Rank ) Note that this a cascading calculation, so it will never be very fast. I don't know how slow it will get with the amount of records you have. OTOH, since it is unstored, it will not evaluate unless needed - so before you place it on a layout, make sure you do need it there. If that's too slow, you will have to resort to a scripted population of a stored field with the contents of the unstored one.
  34. 2 points
    BTW, here's something very simple and cheap to implement that could be used as a basis for further improvement. HiglightBkg.fp7.zip
  35. 2 points
    If you're using this with the If [] script step, you need a calculation that gives you a Boolean (True/False) result, which you use to decide if the step(s) enclosed in the If / End If block will be performed or not. So you'd write If [ IsEmpty ( pk_InvoiceID ) /* is either True or False */ ] some other step(s), e.g. Show Custom Dialog with your message End If Note the difference between the If() function and the If[] script step. The formula If ( IsEmpty ( pk_InvoiceID ) ; "No Invoice exists." ) // gives you a text result or (implicitly) an empty result uses If () to calculate a text result, e.g. for a calculation field or a variable. EDIT: Oops, why did I even bother …
  36. 2 points
    Hi L., Switching to a table with no records: not really IMHO. The big benefit of ExecuteSQL that it is context free, so switching to a set context first feels like negating that benefit to me. The only thing to do is to make sure all your records are committed in your target table before asking ExecuteSQL to fetch data for you from a large table.
  37. 2 points
    Also try: not IsEmpty ( FilterValues ( Portal::property ; Table::LogField ) ) This IsEmpty ( FilterValues ( ... ) ) construction seems to be the de facto standard way to check if a value is in a return-delimited list, but the performance is best when the list you expect to be shorter — such as the one-value Portal::property field, in this case — is the first parameter of the FilterValues function.
  38. 2 points
    For some more general info on develop considerations, take a look at this guide. It's not exhaustive, but still informative. http://www.filemaker.com/support/product/docs/12/filemaker-go/fmgo_development.pdf
  39. 2 points
    Hi Charity, sorry for the late reply... I'm not sure what you meant by 'popup window'. If you mean a tooltip, then I think the answer is no on GO. However, the "New Window" menu item or script step will open a few FM Go window, kind of like it does on a web browser. Also fields formatted as 'popup' or 'dropdown' lists will popup a selection wheel, when they are selected on FM Go. Rob and Charity, you certainly can design a single solution for Desktop/iOS devices but it is not optimal to have iPhone/iPod users on the same layout as iPad or desktop clients. It is best if the solution auto-detects the platform and then switches to a layout that best matches the screen size of the device. FM 12's layout themes make it easy to pick fonts that are appropriate for an iPhone/iPad, but what works best on an iPhone will be much too constrained for a Desktop client. It's the same issue that web designers face with mobile clients. That's why you see so many mobile versions of websites these days. If it helps, you make a copy a layout and then change its theme for FM Go clients. Keep in mind though that an iPod will never be able to hold as much content as a 24" monitor. An iPad's larger format is closer to that of a desktop client and might work fine if you want to stick with a single layout. If you anticipate frequent iPad users, then I'd design the layout to match the iPad screen size. (Desktop users can always resize the window to be larger if they want.) You can't really resize the FM window on an iPad the same way (but you can zoom). If the iOS layout is the wrong dimensions then the layout will scroll around in 2-dimensions, which I find very annoying. (I much prefer layouts to scroll up and down when you touch the screen and not also float around side to side).
  40. 2 points
    I'm glad they helped. I've updated these functions now, and added some more to help with FQL: http://www.fmfunctions.com/members_display_record.php?memberId=375 Also, here is a template I use when writing an SQL query: https://gist.github.com/dansmith65/4684647
  41. 2 points
    Greg, please keep political and religious preferences to yourself. An international forum is not the place. :-)
  42. 2 points
    Yes it does, as matter of principle and to avoid potential performance problems try to create as few TOs and relationships as you can get away with. So question yourself everytime you want to add a relationship or TO and explore alternatives. The FM12 ExecuteSQL function can help reduce the # of TOs and relationships. Also familiarize yourself with the concept of TO hopping to help reduce the number of identical TO groups that are somewhat inherent to the A/B model.
  43. 2 points
    Hi David, You might try this concept, assuming your multiline variables are named $types and $categories: Loop Exit Loop If [ Let ( $countTypes = $countTypes + 1 ; $countTypes > ValueCount ( $types ) ) ] Loop Exit Loop If [ Let ( $countCategories = $countCategories + 1 ; $countCategories > ValueCount ( $categories ))] New Record/Request Set Field [ table::Types; GetValue ( $types ; $countTypes ) ] Set Field [ table::Categories; GetValue ( $categories ; $countCategories ) ] End Loop Set Variable [ $countCategories; Value:"" ] End Loop
  44. 2 points
    Attachment shows how to use the Get(CalculationRepetitionNumber) function to perform recursive calculations. 1103074058-RecursiveRepeaters.zip
  45. 2 points
    Same thing you would do if you weren't using applescript. Set Variable: [$FileToImport; Value: "filemac:/"& yourTO::yourField
  46. 2 points
    David, Add a "Close File[ datafile]" to your relogin script just before you insert the new credentials. That way filemaker will open the file when you hit the data layout with the credentials of the new user. HTH, Tim BTW, have your relogin script change the layout to one based on the interface file before you do the above.
  47. 2 points
    MirrorSync keeps track of which change was made last, and selects that as the winner in a conflict. So if a record is changed at 2PM on one device, and 3PM on another device, the 3PM change will win the conflict. The exception is that changes always win over deletions, regardless of which one happened last. A common misconception is that conflict resolution is based on who syncs first or last - MirrorSync will pick the record that was EDITED last, not the one that was SYNCED last. So for your example, if you and I were both syncing with the server, and I changed the record at 2PM, and immediately synced, and then you changed the record at 3PM and synced, your change would be kept in your version, and I would get your change the next time I sync. If we flip the situation, so you change the record at 2PM, but I change the record at 3PM, then my change would overwrite yours, regardless of whether you synced immediately after making the change or waiting until the following day.
  48. 2 points
    David, I was also confused about the conflicting information I saw recently about how global field values acted when set by a script run on the server. As you said, bcooney and BruceR both contradicted what Wim said. However, I have access to FileMaker Server, so I made a test file and got to the bottom of it. Here is what I found... A server-side ScriptMaker script, as defined here: http://help.filemake...ilemaker-server WILL modify the value of a global field, as if the file was not hosted, and opened in FileMaker Pro. A custom web publishing script triggered via an XML url, will NOT modify the global field. This acts like a regular client using FileMaker Pro to access a hosted database. You can see how this works for yourself using the attached file. It uses a web viewer to trigger a script via the XML web publishing engine (which was another of your questions, David). GlobalTest.zip
  49. 2 points
    If you always want to view the last record in a portal, you can create a script with: Go To Portal Row [ last ] Commit Records/Requests[ perform without dialog ] ... and attach it as a script trigger to the layout (Layouts > Layout Setup > Script triggers tab, as OnRecordLoad. You must also make sure that, in Portal setup, 'reset scroll bar' is unchecked. :^)
  50. 2 points
    [color:blue]X4X X4X X4X X4X X4X X4X X4X X4X X4X X4X X4X X4X X4X X4X X4X X4X Marking the release of the FileMaker Pro 10 Bible, NightWing Enterprises is pleased to announce **Ten for 10!** Available immediately, are ten new demonstration files which showcase a selection of the new features of FileMaker Pro 10. The X4X downloads can be accessed online at: NightWing Enterprises - FileMaker 10 Demos These are free downloads, provided as a courtesy to readers of the FileMaker Pro 10 Bible , as well as to fellow developers and prospective clients. Full access is provided to all ten files so you can pull them apart to view the code. The ten sample and demo files include a mix of new tricks and some new ways to perform old tricks, all built from the ground up using the latest releases of FileMaker Pro and FileMaker Pro Advanced. These demos showcase some of our favourites among the many new features in FileMaker 10. The X4X release enriches the descriptions of the new features in the FileMaker Pro 10 Bible, which can be found online at the following link: Amazon.com - FileMaker Pro 10 Bible [color:blue]X4X X4X X4X X4X X4X X4X X4X X4X X4X X4X X4X X4X X4X X4X X4X X4X
This leaderboard is set to Los Angeles/GMT-07:00
  • Create New...

Important Information

By using this site, you agree to our Terms of Use.