Leaderboard

A Forward Look About FileMaker Platform Security Developers and users of the FileMaker Workplace Innovation Platform must be concerned about security of their deployed solutions. Likewise, they must have a forward-looking perspective about key issues in this arena. Security has its major purpose the preservation of Confidentiality, Integrity, Availability, and Resilience (CIAR) of their systems. Liabilities resulting from breaches can substantially affect continued business operations, continued business existence, imposition of civil or criminal sanctions, brand reputation, and customer or client confidence. I see at least ten security concerns that the FileMaker Developer Community must consider going forward for the next few years and development cycles: The Business of Security: What Is Security Supposed To Do? Zero Trust implementation for the FileMaker Platform [https://fmforums.com/blogs/entry/2047-federated-identity-management-zero-trust-and-the-filemaker-platform/] Federated Identity Management and the end of FileMaker Accounts in files Native Multi-Factor Authentication (not SMS) Further implementation of Secure by Default and Rule of Least Privileges for the FileMaker Platform Expansion of Roles-Based Construct in the FileMaker Platform SaaS Security Implementation for the FileMaker Platform Building a Culture of Security in the FileMaker Developer Community Building a Culture of Security among the FileMaker Customer Base The Coming Regulatory and Political Onslaught Against the Tech Sector So as we go through the just-started FileMaker, Inc. Fiscal Year running up to the next version release and the 2019 DevCon, we should keep these elements in mind. Steven H. Blackwell, Platinum Member Emeritus, FileMaker Business Alliance

Security Vulnerabilities of FileMaker Platform API’s: An Update January 9th 2017 In an April 2016 entry on this BLOG titled The FileMaker Platform API’s Are Your Friends, Right? [http://fmforums.com/blogs/entry/1535-the-filemaker-platform-api’s-are-your-friends-right/] I discussed a number of FileMaker Platform security issues centered on the uncontrolled use of a number of external Application Program Interfaces (API’s). There are at least nine of these API, possibly more, if ExecuteSQL is included. The central thesis of that article was that these API’s provide unexpected attack vectors to compromise FileMaker Platform files. As noted at the time: Many FileMaker developers are not aware, however, that these API’s have the capability to access customer or client solutions in unexpected ways and to extract or insert data, to manipulate business processes developers embedded into these solutions, and to compromise the integrity of these solutions. Unfortunately, in the intervening nine-month time span, we continue to see cases where several of these API have been used for malicious purposes to compromise FileMaker Platform files’ business process integrity, to manipulate data, and to extract data. And many in the developer community remain unaware of this problem. In this BLOG entry, I will describe two of these API’s in greater specificity and detail, including describing a variety of attacks they can facilitate. This article will not discuss the ActiveX API that is available on Windows OS; however, developers should give similar attention to that approach. Developers need to be aware of these items in order to protect their files and those of their clients. The two API at the center of this focus are Apple Events and the FMPURL process. In the earlier article, I noted several elements about these that bear repeating here: [These API] cause particular concern because of their breadth and relative ease of use…. The Apple Events Suite has an extensive set of commands that can read and write data, read metadata, manipulate the UI, and trigger scripts. In addition, they can work outside the normal constraints found on layouts in a file. [http://thefmkb.com/5671] The FMPURL…can open a file and run a script in it. If the file is already open, then the script will still run. [http://thefmkb.com/5560] A few general comments about both of these API’s: · They are not platform-specific in the sense that just because a client organization is an all Windows OS environment that it is immune from an Apple Event attack. It’s the OS of the attacker that controls whether the API can be used. · There are some ways within Privilege Sets to constrain behavior of these API commands when they are applied on a file. The Export privilege bit can control the ability of Apple Events to extract data from a file. The Layout Access privilege bits can also constrain the ability to see contents of a layout. Likewise, Script Access privilege bits can control the availability of a script to either of these API. · These API often perform actions in unexpected fashions that fall outside the normal, traditional, and familiar FileMaker Pro User Interface behavior. This is part of what catches developers by surprise. —Apple Events— When a file is open, whether standalone or hosted by FileMaker Server, an attacker can send Apple Event commands to it causing it to perform a variety of actions, including: · Run any script to which the user has access, irrespective of whether that script is in the list of Scripts or whether it is attached to some UI element, such as a button. · Navigate to any Layout irrespective of whether that Layout’s name is in the list of Layouts or not. If the user’s Privilege Set has access to see that Layout, then its contents are visible whether the developer ever intended for the user to view the Layout or not. · Return various metadata about the file, including such items as Script Names, Value List Items, Layout Names, Field Names, etc. If a user’s Privilege Set does not allow access to the item, its name does not appear in the list returned. · Put data into any field in the database or extract data from any field, irrespective of whether that field is on the active Layout or is on any Layout for that matter. Here are several examples of these scripts, all working on a file named Our_Secret_Information.fmp12. tell application "FileMaker Pro Advanced" activate go to first layout end tell tell application "FileMaker Pro Advanced" activate do script FileMaker script "Relog_as_Admin" end tell tell application "FileMaker Pro Advanced" activate set somevar to name of every layout end tell tell application "FileMaker Pro Advanced" activate set somevar to name of every field end tell tell application "FileMaker Pro Advanced" activate set somevar to get data field "CreditCardNumber" end tell —FMPURL— The FMPURL command’s principal attack vector is that it can be used to run any Script in a file to which a user’s privileges has access. Similar to Apple Events, this occurs irrespective of whether that script is in the list of Scripts or whether it is attached to some UI element, such as a button. If the file is closed, the command first opens the file with supplied credentials, then runs any OnFirstWindowOpen script, and then runs the designated script from the FMPURL command. As a result of this behavior, a Halt Script step at the end of the opening script has the effect of blocking the running of the FMPURL designated script. Some developers have utilized this technique to block FMPURL calls to scripts in a file. However, if the file is already opened or if there is no opening script, then the designated script does run. Here is an example of calling a script, again in our file Our_Secret_Information.fmp12 being hosted at a server at IP address 0.0.0.0. fmp://0.0.0.0/Our_Secret_Information.fmp12?script= Relog_as_Admin —What Is the Significance Of This and How Do We Address This?— One of the many reasons we caution developers against embedding security elements such as Identity and Access Management controls into the data layer of FileMaker Pro databases is precisely because such elements are vulnerable to these API attacks. Think for a minute about that Relog_as_Admin script that presumably relogs into the file with a [Full Access] Account. If an Attacker can trigger that script and cause it to run, irrespective of what the developer might have intended, then the Attacker has full access to the file. This has actually happened. Or, suppose that a developer has made a “Developer_Only” layout in the file, removed it from the list of layouts, and left sensitive information on it. If the Attacker can navigate to that layout, and if it is not protected by settings in the Privilege Set, then the Attacker can learn the contents of the information on it. This has actually happened in numerous instances, including unbelievably, the appearance of [Full Access] level credentials left exposed on the layout! Likewise, suppose that a developer has made a so-called “Privileges Table” with various fields that purport to control whether a user can do such things as create records. Using the Apple Event Set Data command, an Attacker could likely change the values in these fields if they do not enjoy additional protection. More likely even, the Attacker could simply issue a Make New Record command and create the record. That is a process frequently used to thwart developer-imposed limitations on the number of records in a demonstration version of a vertical market solution. So, what can be done to manage this situation and to prevent these type attacks? In FileMaker® Pro 15, FileMaker, Inc. added a new Extended Privilege option in the Privilege Set called fmscriptdisabled. Developers must explicitly invoke this option; it is not a default option. What it does is to prevent Apple Events (Macintosh OS) and ActiveX commands (Windows OS) from activating scripts, just as the name implies. It has no impact on FMPURL or on other Apple Event commands that do not involve triggering of scripts. Some of the other items in a Privilege Set, notably Export and data layer modification elements, can control Get Data and Set Data Apple Events. If Export is disabled, then Get Data will not return data from the selected field. In tables where the editing privileges are restricted, likewise, Set Data will not add data to a field. Creation and deletion privileges behave in similar fashion. Remember, we are talking here only about Apple Events. Other processes may behave differently. Controlling API behavior is important; however, it is not the only security feature that developers must invoke to assure Confidentiality, Availability, and Integrity of their database systems. So, clearly what we need here is a way to block these API from interacting with FileMaker Pro files. FileMaker, Inc. is aware of these issues and has been working on new ways to address them. In the Product Road Map Webinar presented on November 30th 2016, FileMaker, Inc. noted that the next version of the FileMaker Platform will contain a number of additional security enhancements. I am authorized to say that one of those enhancements will be a new process for more closely and granularly controlling several of these API’s. At such time as there is any new version of the FileMaker Platform, I will have additional comments and analyses of the issues related to these API’s.

Emerging Trends in Information Security Affect FileMaker Platform By Steven H. Blackwell March 17th 2016 The recently concluded annual RSA Security Conference showcased a number of important emerging trends in Information Security that likely will affect FileMaker Platform developers and Administrators of FileMaker Platform systems. In this BLOG entry, I will describe some of these and offer some observations about how they might apply to the FileMaker Platform. Multi-Factor Authentication (MFA) will increasingly become a standard requirement for Identity and Access Management (I&AM) in organizations of all sizes. This is especially true for connectivity by mobile devices. And it especially true for data hosted in the Cloud. As we saw recently, efforts to create a “two-factor authentication” system inside of the FileMaker Pro client product did not work out well at all. (http://fmforums.com/blogs/blog/112-eye-on-filemaker/) A true MFA system will require coordinated integration with FileMaker Server, wherever that server resides. The data are still the key asset. Outer perimeter defenses, while important, are secondary to protecting the data from the inside out. The data are the asset we most seek to protect, wherever the data reside. For the most part, they reside inside of the database itself. That’s why finely-grained Privilege Sets, strong I&AM, Encryption At Rest, and Encryption In Transit are all so important for FileMaker Platform deployments. Insiders are the new malware. And now, everyone is an Insider. Whether by inadvertence, by curiosity, by carelessness, or by malicious intent, those persons inside organizations and inside organizational supply chains remain a principal threat vector for compromise of digital assets. Any number of major recent data breaches over the past year or so started in the organizational supply chain apparently. Context-sensitive and content-sensitive conditional authentication of identity assertions will become more and more common. What does this mean? A trusted insider accessing data from inside a corporate LAN may trigger one level of authentication requirement. That same user when attempting access from outside the LAN may trigger multiple steps (factors) of authentication requirements. Moreover, access to more sensitive data may require additional authentication factors. And when the context changes mid-session, additional authentication challenges may need to appear. This again will require close integration with FileMaker Server. The need for cyber-insurance will increase dramatically. To mitigate the liability associated with data breaches, more and more organizations of all sizes are going to need to acquire cyber-insurance. Premiums will continue to rise. Organizations of all types and sizes face liabilities such as damage to brand reputation, civil judgments in suits brought by persons whose data are compromised, business interruptions, and–dare I even say it—cyber-extortion. The underwriting process for this will require a more stringent adherence to a range of Best Practices by those seeking the insurance. Small and medium-sized businesses, a staple of the FileMaker community, are perhaps least well equipped to survive a major breach absent this insurance. Regulatory attention to security breaches will increase at both the Federal and State levels. Additionally there will be concomitant increases in scrutiny about whether organizations have employed “reasonable” security practices. What constitutes such practices is sometimes unclear; however, in any given instance, the list may be extensive. The California Attorney General’s Office recently noted that there were at least twenty specific items that any organization should presume to employ in order to meet the standard of “reasonable” security practices. (These are the Center for Internet Security’s Critical Security Controls. https://www.cisecurity.org/critical-controls.cfm) The Attorney General’s report notes that in 2015 approximately 60% of Californians were victims of a data breach of one sort or the other. And the data involved are often the most sensitive type information, including financial data and health-care records. California is often a leading-edge indicator for regulatory actions, and it is entirely to be expected that other states will follow suit here. (https://oag.ca.gov/breachreport2016) So, where does this leave the FileMaker platform and the FileMaker Developer Community? First, developers and administrators need to be sure they have properly aligned the security requirements of their systems to business requirements. This includes such items as brand reputation, customer/client data privacy, civil liability protection, regulatory compliance (State and Federal and international as applicable), and business continuity. I will be having much more to say about this is coming weeks. Second, developers need to follow Best Practices for security in FileMaker Platform files. This includes granular Privilege Sets, Encryption at Rest, and File Access Protection. Third, FileMaker Server Administrators also need to follow Best Practices for deployment, including appropriate OS for servers, a rigorous backup regimen including the tested ability to restore from backups, and Encryption in Transit. Fourth, business unit managers at FileMaker Platform customers need training in Security Best Practices from the user standpoint. Likewise, they should assure that their employees have a similar awareness. Fifth and finally, but certainly not least, we need to encourage FileMaker, Inc. to continue to improve the security schema of the Platform, most particularly the introduction of Multi-Factor Authentication (MFA) and the introduction of additional controls over the behavior of various external API’s. This includes Apple Events, Active X, Execute SQL, PHP, XML, FMPURL, and PlugIns.

Our display case represents years of growth for Claris, FileMaker, and us here at DB Services. Check the bottom shelf for our most recent addition, the rare FileMaker 4 box from 1988! dbservices.com

This year 2020 will be one of Change and Challenge for the Claris FileMaker Community. It will require Commitment, Confidence, and Community Effort to see it to a successful conclusion. Herewith, in outline form, are some of the Challenges I foresee we will face: 1. We will need to develop a finer level of audit logging of Personally Identifiable Information (PII). Most logs currently focus on system level activity. A finer level of focus will assist in achieving compliance with various privacy requirements. Prompt response timelines for breaches will be an issue as well. 2. We will need to improve data level protection via encryption. The UI layer is insufficient for this purpose. But in the process of doing this, we must maintain system usability. 3. The practice of sending SMS text messages to mobile devices to achieve Two Factor Authentication (2FA) needs to end. It is inherently insecure, and there are better alternatives. 4. A better approach to 2FA is to adopt hardware tokens of various types. These can be made to work with the FileMaker Platform—indeed they already do so—using expanded oAuth Open ID Connect services. 5. We are going to need to adopt context—based authentication. Not just Who are you? and Are you who you say you are? But also, How do we know this? And from where are you seeking access, on what device, to what asset? This is not particularly easy to adopt; however, it can be done. 6. Mobile accessibility is due for a change. We are at the beginning of end of Wi-Fi. In 2020 we will begin to see adoption of what is called Citizens Broadband Radio Service (CBRS). This is not to be confused with the old CB Radio from the 1970’s. Adoption of CBRS is likely the beginning of Connectivity as a Service. 7. We will begin increasingly to see the containerization of applications and services, e.g. FileMaker Server. a. Unlike virtual machines, they don't need a full OS to be installed within the container. b. Once the container has been created, it can easily be deployed to different servers. From a software lifecycle perspective this is a great help, as containers can quickly be copied to create environments for development, testing, integration, and production. 8. We need to adopt processes that facilitate how data owners can assure they exercise due diligence on cloud-hosted data. The owner is the responsible party here. And it is the owner who likely would suffer the bulk of the onus of any breach. In order to exercise this due diligence, data owners must expect and insist on transparency from hosting and PaaS providers about security processes including who does and does not have access to and knowledge of encryption keys. This will not be a straightforward process. 9. As we experience more and more instances of Machine Learning, we will need to be aware of, and to guard against, manipulation of the Training Data that underpins this process. Such data are susceptible to attack and to manipulation that poisons the data. Even a very small amount of such alteration can affect the machine learning process. 10. The Human Element has always been at the center of effective FileMaker Platform Security. That will become even more the case in 2020 and beyond as we move to Federated Identity Management and to Digital Transformation. The culture of any organization is a governing element for its success. We will have many challenges here properly to account for and to plan for the Human Element. Steven H. Blackwell Platinum Member Emeritus

April 27th--Update. We were recently advised that a last minute change in the encryption level of secure storage resulted in that encryption's being 128 bit, not 256 bit as the attached document on Containers states. This is still a strong level of encryption. April 4th 2012 Today’s release of FileMaker® Server 12, together with its companion FileMaker Pro and FileMaker GO products, marks another important milestone on the FileMaker, Inc. Product Roadmap. FileMaker Server is at the center of all robust and business critical FileMaker solution deployments. It provides safe and reliable hosting of multiple files for access by multiple simultaneous users employing a variety of clients including FileMaker Pro, FileMaker GO, modern web browsers, and ODBC/JDBC savvy applications. There is one very important caveat about all this, however. For FileMaker Server reliably and effectively to accomplish its various tasks, it must be deployed correctly, configured correctly, and managed correctly. There are a number of new features in FileMaker Server 12; likewise there are some very significant changes in the way long-standing features function. It is very important for all FileMaker devel­opers and all IT Administrators with FileMaker Server responsibilities to be aware of these in order correctly and safely to deploy the new version of FileMaker Server. Wim Decorte and I are pleased to present a series of Technical Narratives that discuss a variety of these topics in some depth and detail. FileMaker® Server 12 Overview FileMaker® Server 12 Remote Containers FileMaker® Server 12 New SSL Features FileMaker® Server 12 Processes FileMaker® Server 12 Cache FileMaker® Server 12 Backups PDF’s of these papers are attached to this BLOG post as an archive. Simply save the Archive by clicking on the file icon and extract the Narratives. Start with the one titled Overview. Steven H. Blackwell Platinum Member Emeritus, FileMaker Business Alliance FileMakerServer12_Narratives.zip

With the advent of a new Fiscal Year for the FileMaker Developer Community, we will experience five emerging trends in FileMaker Information Security. Each of these will likely have specific impact on developers, on our clients, on the Platform, and on the larger business environment in which we operate. Cumulatively and symbiotically, the magnified impact of the five will have the potential to alter many long-standing practices and conventions. What are these five trends? How will they impact the developer community? Read more and download article here: https://fmforums.com/files/file/94-five-emerging-trends-to-impact-filemaker-platform-security/ Steven H. Blackwell

[ Edit: 3/16/2016 - With the help of some other people, we have been able to recover, or recreate some of the original images from original thread. ] Security is always a big topic when it involves data, or people, or possessions. Recently, over on the FileMaker Community, there was a very beneficial discussion regarding security. Unfortunately, that discussion was the victim of a necessary action...and was deleted. It was deleted, because the discussion was tied to a video that, as was determined throughout the thread, was not beneficial to the overall community of FileMaker users and developers. When that video was removed, the discussion vanished with it. This post is specifically targeted at recompiling that discussion, because at it's core represents an important message that is necessary to convey and support. That is, creating ersatz security systems can introduce security vulnerabilities. In my experience, I have only seen 1 (one) approach that increased security while adding a 2nd factor of authentication. And it was complicated and not easily set up...and in the end, comes with it's own set of drawbacks. One of the main things I took from the below discussion ( and it's a long discussion!! ), is this: What is the point of attempting to add a layer of security that does NOT increase security?! If the approach does not INCREASE security, why would you market the approach as a security technique?! The answer to that is the reason why the video that launched the discussion was deleted. While I had much internal debate about the best way to republish the info from this discussion, in the end I decided ( with much input from others ), that just posting the discussion in it's entirety was the best thing. And in doing so, know I have, as do those that gave their input, nothing but respect for all those involved in the discussion. So that is what follows. One very important note: the discussion is one of learning. And I truly believe that no one involved in the discussion came out looking 'bad'. One could say, 'well yeah Josh, you didn't end up being wrong in the thread, so you don't care'. I assure you, I have been wrong in MANY discussions. In fact, I had a similar discussion with Wim Decorte in another thread several months before this one. As I researched, and tested...I learned not only was I wrong, I learned I NEEDED to change something in my development. Without any further introduction, here is the thread: Original Discussion Thread from Community.FileMaker.com, a Video with an interview with well-respected developer Taylor Sharpe: ================================================================= Date: August 12, 2015 at 5:42 PM ( Date of Original Video Post ) Title: Free Video>>> Two-Factor Authentication w/ Taylor Sharp ================================================================= November 27, 2015 at 8:20 PM by Taylor Sharpe Thank you for your interest in this video. It is an additional tool to the suite of FileMaker Security tools to help improve security. This video shows you how to enhance an already implemented security plan to make it even better by adding hardware verification. This tool has minimal impact on staff and uses tools currently available in FileMaker 14. This video shows how to use hardware verification as the 2nd factor authentication similar to how Google and Apple currently implement it. This tool makes use of the current security standard of verifying hardware with Persistent ID as well as FileMaker tools including a start up script and email or text messaging notifications. Additional advice: In conjunction with two factor authentication, you should make sure you already are following the FileMaker security guidelines. Security is one of the cornerstones of a good solution and you should make use of least privileges necessary for users, appropriate password guidelines, consideration of external authentication services such as Active Directory and Open Directory, client-server SSL encryption with 3rd party authentication, Encryption at Rest, backups (yes, that too is a part of security), and physical security. Caution: This 2nd factor authentication is only designed to work in conjunction with the other FileMaker security tools to enhance security and you should not rely solely on this as a single factor of authentication because it is only a hardware verification. Security is a constantly changing field. If you follow FileMaker’s Security Guidelines, you will have a robust and secure server. Additional security tools like this should be considered, as well as documentation of security controls in a security plan. There are additional tools available such as token passing, plugins with higher level encryption, biometrics, etc., that go beyond what is included with FileMaker that may have merit. At a minimum, you should evaluate your server’s security with some type of review or audit on an annual basis. I wish you all the best and encourage you to make sure an appropriate amount of time is allocated to security when you are developing your solutions. DEMO FILE: Can be found at <sample file> ( link removed ). It is UU encoded, but ready to go with full access for Admin user account and no password. Feel free to make use of the sample file to copy scripts or layouts as you may need. Appropriate credit would be appreciated. Thanks. ================================================================= November 28, 2015 at 7:50 AM by Wim Decorte To be very clear: it is NOT true 2-factor authentication since it relies on the user already been authenticated and allowed into the solution before the 2nd factor comes into play... ================================================================= November 28, 2015 at 2:16 PM by Taylor Sharpe It might be a bit of splitting hairs, but not inaccurate. You are in FileMaker in-so-much as you are logged in and being processed by a start up script for further validation. But a regular user can't escape the script. The way to meet Wim's definition of Two Factor authentication is to have some other program perform that two factor authentication prior to FileMaker's credentials or FileMaker add this security feature and it reside outside of FileMaker scripting and before getting logged in (boy that would be nice, FileMaker, Inc.!). The assumption I was working with is that people are limited to FileMaker tools and you cannot avail yourself of those tools without being inside of a FileMaker solution to run the 2nd factor script. This means things like turning auto abort off. And it is a security improvement over single factor authentication, but it is not invulnerable. For example, someone with Full Access will be able to enable the script debugger and this is a reason to be very limited on who has Full Access and make sure those passwords are strong. Tim Dietrich's FM Authenticator and others have done similar Two Factor authentications with FileMaker, but they all use a startup script like this one and are therefore subject to the vulnerability Wim points out. Just keep in mind that this can be an improvement to security assuming you have fully implemented the FileMaker security guidelines already and this is an ADDITIONAL tool, not an exclusive one. For example, it would be a bad idea to use this 2nd Factor authentication and tell people that they only have to use User ID's, but no passwords. Thank you for the comment Wim. It is good that we all understand how security works and where its weak points are. ================================================================= November 28, 2015 at 6:28 PM by Wim Decorte I don't think it is splitting hairs; it's about calling things what they are. We certainly don't want people going around saying that FM does support 2FA when it does not. I'd hate to be part of a security audit where someone proclaimed that FM does 2FA based on this or a similar approach... As to the level of security: while a user can not escape out of a script by simply pressing ESC, there are ways to stop scripts so relying on a scripted security system does not usually enhance security but rather introduces potential vulnerabilities. ================================================================= November 29, 2015 at 2:47 AM by Taylor Sharpe <Post deleted by Taylor Sharpe> ================================================================= November 29, 2015 at 7:38 AM by Wim Decorte Very disappointed in this reaction. Since when is a difference in opinion "inappropriate and unprofessional"? And I do not appreciate the insinuation that I am not a professional or worthy of working for Soliant Consulting, nowhere in my replies did I ever attack your integrity or the company you work for. If 2FA is a requirement then I would suggest using technologies that do have full & native 2FA: like logging into the OS through 2FA and then use EA for access to the FM application. I do withdraw from this conversation, not because I'm being told to by you, but because once a respectful debate over differing opinions is not welcome, then I do have nothing further to contribute. ================================================================= November 29, 2015 at 7:12 PM by Josh Ormond I am very surprised at this response, having seen the response before it was deleted. The problem that Wim is pointing out is a real issue. We can call something 2FA, but if the person is IN the file after the first factor, for compliance reasons and technical reasons, it really is not 2 Factor Authentication. Because the 1st factor allowed them in, and you can't from there stop them from accessing the file. Simply put, one can easily stop the script from running and add their device as an approved device and access everything in the file. I don't see how that is increasing the security of the file. It only gives a false sense of security. Which leads to larger problems. This file, having never seen it before, took me no more than 15 secs to authorize myself to access the file from any device I want, using nothing more than the tools provided in the file. I only need one-factor to get in now...anytime I login. If one where to promote their solution as a compliant solution using 2FA, they could be opening themselves to hefty fines. As Wim said, if 2FA is required, you need something that prevents you from getting into the file with 2 factors. Though I do like Tony White's response to this discussion in another place: Maybe we should call it "1+1 Factor Authentication". ================================================================= November 29, 2015 at 7:58 PM by Tony White Thanks Joshua Ormond for the shout out. Here is the twitter perma-link to the thread. https://twitter.com/tonywhitelive/status/670721676464779264 I implement security that uses the built in tools and at the same time am open minded to creative ways of adding to security...as long as they successfully address defined use cases. Know the rules and know when you can extend them... On a separate thread I proposed the idea of a security contest with a monetary price. https://community.filemaker.com/message/517290#517290 Interesting topic. Lots of considerations to factor in when coming up with best practices. ================================================================= November 29, 2015 at 8:22 PM by Taylor Sharpe Joshua, I deleted my own response and not FileMaker because I was offended by Wim and the way I worded the response was not professional. My bad and apologies to Wim. I think there can still be a good discussion. Two Factor means that two methods are being used for authentication. Providing additional requirements on what makes another factor a real factor or not does not make it not another Factor even if it is not as robust as other possibilities. Wim does bring up a point about why it is not as robust as other 2nd factor authentication implementations because the 2nd factor is done within the solution and not before you are in the solution. The solution I provide in the video uses the tools available from FileMaker. Within the constraints that FileMaker scripting tools provide us, it is a good security control. That is not to say going outside of FileMaker's tools or asking FileMaker to build a second factor authentication into the application would not be better, but those are not tools readily available to most of the users here. The solution provided improves security and it is a second factor of authenticating even though Wim correctly points out the 2nd factor is done within the solution. The point I am making is that implementing this 2nd factor authentication, even with its limitations, is better than not implementing it. There are a lot of OS level two factor authentication solutions including not only User ID/password, but tokens, or VPNs that would be required before you would have access to the FileMaker solution. They may be worth some discussion here too. But those are beyond what is trying to be addressed in this type of solution. ================================================================= November 29, 2015 at 9:40 PM by Josh Ormond I get the attempt. The concern I have with it is, it required only 1 factor for me to be in the solution and using it. If I didn't provide an email, it let me use the file anyway. Without ever requiring factor 2. In Tim's solution for what he also called 2FA, at least the user was left in a low-level account. But even with that, I could edit and hack the file to pieces. Simply because I could get in. Authentication itself is the process of deciding if someone has authorization for access. Two factor authentication is at it's core really supposed to happen before the person gets in the file. FileMaker doesn't provide a second access control for logging in. Though I do wish they did. It should be a feature request. For reasons exactly like this, the data is at risk once the person is in the file. Even worse, for something that is script driven, I can stop the script from running and there is no trace that I even logged into the file. I'm not hear to add fuel to an argument. Simply to voice a warning that for even a fairly new user, the approach can be easily circumvented...and when it comes to compliance, users/owners/database admins, need to know that. I would hate to see someone get hit with fines because they assumed an add-on security method was "safe". For compliance, there are other ways to secure the file and the data. Security 'add-ons' typically don't add any security. Just another layer of steps to get in. I say this simply because I have see too many solutions that owners thought were 'safe'...to which I was in reading them sensitive data while they were still explaining how to login the 'right way'. And I'm glad to hear why you deleted the post. Both yourself and Wim are worthy of greater respect. ================================================================= November 29, 2015 at 11:00 PM by Taylor Sharpe Josh... I gave you a file with Admin and no password. This is a completely OPEN Admin with Full Access and no password. Of course you got in. You would not have gotten in with one where it automatically logged you in with Admin and Full Access. So you would not have gotten past the first factor, let alone the 2nd. This database was left open as a development tool. Hacking it is as simple as opening it up because it defaults to the Admin with no password. You did not hack into it and your comments to this effect are not helpful to people reading this discussion. It implies you have some ability to defeat this solution when properly implemented and you have not provided any information to show that you have those skills, making me doubt that you can. But I will be glad to provide you a hosted solution properly implemented and be glad to give you a shot at it. OK, that aside, Tim's solution did get you in with a low level User Account instead of whatever account you are in. The reason I went the way I did was because this is supposed to make things easy on staff instead of dealing with multiple logins and multiple passwords. The goal was to improve security while making it easier on the staff. This solution adds significant security with very minimal impact on staff. No it is not a perfect solution, and no control in a database ever is and you are should have many controls in a secure system. Most security plans identify hundreds of controls in every solution. You have to have multiple layers of control from least privileges to encryption. This 2nd Factor is NOT a sole security tool. It is used to enhance security with minimal impact and be easy to implement with the tools FileMaker provides. This control as a 2nd Factor authentication is not perfect and is designed to work in coordination with other security controls. If you know about security plans, you know that most controls have some weaknesses. But you do not dismiss a control that is generally effective because where one control may not stop an intruder, another one will and it is the combined effectiveness of controls that makes the security. Removal of an imperfect control can weaken a security plan and removal of controls has to evaluate whether their imperfection is beneficial compared to not being there at all. I still stand behind this being a simple solution that enhances security with minimal effort and using tools already provided by FileMaker. I challenge that those of you dismissing such a simple control that benefits security are lacking in good security judgement unless you are providing some improved alternative. ================================================================= November 29, 2015 at 11:19 PM by Josh Ormond I am not dismissing it completely. If some choose to use it, that is part of their own risk assessment. I do challenge the name. Primarily because I can prevent the 2nd factor from ever firing, very very easily. I am aware of how you set up the file, and it's intent. I will assure you my test was thorough. I have tested several of these types of security measure. In some cases businesses decided to continue to use it. It was simply a user "trust" mechanism. In the meantime, we secured the file by other means. Some left it as is. Some abandoned it completely. That would be the owner's decision to make. I will also step of of the conversation. I think there is just a core difference in the thought about what increasing security means. Which is at the heart of the matter. I hope for the best for you. ================================================================= November 30, 2015 at 8:50 AM by Wim Decorte Taylor Sharpe wrote: “I challenge that those of you dismissing such a simple control that benefits security are lacking in good security judgement unless you are providing some improved alternative.” An improved alternative was already mentioned earlier: do the multi-factor authentication upstream from FileMaker. These security implementations are never done in a vacuum and all angles should be considered, not just how the behaviour can be mimicked in FM. The first thing to be open about with the customer is that FM does not do native multi-form authentication. So the alternatives are: - discuss with the client how 2FA can be done before the solution gets launched and how it can be combined with things like External Authentication for the FM solution. This keeps all authentication strictly at the FM security level and does not add any vulnerabilities. - discuss the security risks of the FM scripted approaches to mimic 2FA and if those are acceptable given the risk appetite of the client and the compliance requirements. If neither are acceptable to the client then FM is probably not the right platform for the solution. ================================================================= November 30, 2015 at 9:38 AM by Taylor Sharpe Josh, I don't think really do understand. But I am more than willing to eat crow if I have misspoken and certainly willing to learn. So I have hosted the file on my development server at <link removed>. Please let me know when you are able to get in and how you did it. Thank you, Wim. I concur with you that an "upstream" approach can be a good one to implement two factor authentication. And most everyone has some type of upstream security even if it is as basic as a User ID and password to get into a computer, but many companies do a lot more such as some form of 2 factor authentication, VPN connection, tokens, etc. I also agree with you Wim, that FM does not have native multi-form authentication at the application level. But that is something us developers can't control, and something I would encourage FileMaker Inc. to consider in future versions. It would be a nice security improvement tool. However, within the tool set available to FM development, the 2 Factor authentication described above works and improves security, and will have a smaller hurdle to implement than most of the suggestions you have made. My goal was to keep things simple with the tools available inside of FM to improve security, and I have met that challenge within those criteria. ================================================================= November 30, 2015 at 9:41 AM by David Zachary I’ve been watching this thread with interest and a degree of amusement. My post may not have any substantive benefit to the thread, but it makes me feel good. It reminds me of when Bill Clinton was going through his impeachment hearings. During an interview he was asked "was it sex?" and straight faced he replied "it all depends on what your definition of 'is' is". This thread has gotten to that point - what is the definition of 2FA? Clearly there are different opinions. Having both parts of a 2FA system inside of a FileMaker solution, while technically 2 factors, is like having an alarm system on your house to compliment the door lock. You feel secure but somebody fast enough with enough skill can still break in and grab something valuable quickly. You've got 2 security measures but still got robbed. The better solution is to have an electrified fence and a moat around your house - everything of value is protected by measures not directly connected to the house. FileMaker security should be the final line of defense, not the first and not the only. Calling a system that has both factors inside of the target database as supporting 2FA is dodgy unless all parties are using the same definition of what 2FA is - while you say its 2FA, any client that has to follow government or corporate-defined 2FA specifications will likely disagree. I'm not going to repeat what others have said (too much), but FileMaker does not natively support a 2FA system. You have to do it elsewhere. If your data requires that level of security, you need to look at supplementing the security infrastructure outside of FileMaker, long before an intruder gets to the FileMaker-level. Thankfully Stephen Blackwell isn't on here much anymore. He would have probably had a stroke by now. His views on custom-developed security methods are well documented. Back to watching from the sidelines. ================================================================= November 30, 2015 at 10:09 AM by Josh Ormond I understand both the intent of what you are arguing for, and have in the past felt the same way. However, I think you misunderstand me. FileMaker's own built-in security is in itself the strongest security you can get with FileMaker. By turning on EAR, securing the physical server, setting up proper privilege sets and users, and limiting the ability to edit/create/delete privilege sets, and by using Extended Privileges, and in many cases using EA...you are secure and safe with your data. With that, without the user name and password, one can NOT get into a hosted file remotely. That is one of the great parts of FM security. And you know that part as well. What I am saying...the average user can stop your second factor, very easily...so it does not enhance the security. I have seen so many poorly implemented security add-ons in FM. Because the developer or user was trying to imitate another security functionality. It looked like they were enforcing 2FA...but in reality not even one of the users actually ever completed the 2nd factor. In essence, it feels like putting a second deadbolt on your door, but putting the lock handle ( normally inside ) on the OUTSIDE. It doesn't do anything, other than give some more strength to the door...so someone would have a more difficult time kicking in the door. But if someone already has the key for the other deadbolt...they simply spin the lock handle and walk in. Zero added security. In this case I need to nothing other than stop the script from running. So with a log in, I can log in from ANY device. Not to mention there are serious problems with Get ( PersistentID ) on Windows, so it's simply not reliable. ================================================================= November 30, 2015 at 10:19 AM by Taylor Sharpe OK, Josh, this moves us forward some and thanks for the comments. How about this, what if I put a non-Full Access User account in that File. Are you able to defeat the 2nd factor? For example, I just added a "Josh" account with no password and it is set for the privilege set "Data Entry Only", but has no authorized devices. Also, I'm interested in learning more about the problems with Get ( PersistentID ) on Windows. ================================================================= November 30, 2015 at 10:32 AM by David Jondreau “without the user name and password, one can NOT get into a hosted file remotely." That is the whole point of 2FA. You can put all the locks on the doors you want, but if your user leaves the key under the mat, your file is compromised. 2FA is not some miracle security feature. It simply is a philosophy that to improve security, users should have 2 of 3 different things: something they know (username/pass); something they have (a specific cell phone); and/or something they are (a fingerprint). Yes, the line between some of these categories is blurry, but the point isn't to get involved in a semantic debate of whether a fingerprint is something you are or something you have. The point is to improve security. I have not watched Taylor's video (I hate watching videos). But I have looked at the sample file, which in my opinion, doesn't do a great job at improving security since the only user account is full access. But it's a sample, for developers to look at, so it's not a real world scenario. And maybe there's more in the video. Regardless, the point is the file already requires a username and password. Taylor is *already* doing the minimum of requiring one factor (something you know). He is adding on an additional "factor" of a device. Is the implementation effective? I'm not sure, but I certainly don't see where the criticism of the underlying principle is coming from. ================================================================= November 30, 2015 at 10:46 AM by Josh Ormond 6 Months ago, I would have written the same thing you did. However, having seen a similar 2FA system implemented and relied on in a medical environment, unless there is something else involved does not meet some of the compliance standards. Penalty fees are typically based on the number records. I have seen customers get fees into the $10s of thousands of dollars as a result. That is the primary reason for the strong reaction. If a customer wants to use it, that's up to them. I'm not opposed to it, as long as the purpose is to simply increase security. The reference to leaving the key out is a user thing. I am referencing the developer actions. The user behavior is a separate issue from file security. ================================================================= November 30, 2015 at 10:49 AM by Josh Ormond With the current setup, the data-entry account can't even fire the startup script. So even with an authorized device, one could not get in. ================================================================= November 30, 2015 at 11:01 AM by Taylor Sharpe Oh, you are right, Josh. I didn't give the Data Entry fmapp extended privilege set. I have fixed that now. ================================================================= November 30, 2015 at 11:18 AM by Richard Carlton Very interesting. Taylor, ideally you wouldn't spray the table of secure data on screen... but I guess that makes the hack that much more interesting. LOL! I guess we have Taylor's 2nd authentication. So the challenge now is to stop the script and get access to the file... or otherwise spoof it with Taylor's info. Josh, if you know how to hack this... that would be alternately cool... and also scary to see. Its not immediately obvious to me how to stop the script engine. I am genuinely curious how you do this. I think for the point of the exercise... we should assume EAR is enabled... and so reading network traffic with a packet analyser won't work. - RC ================================================================= November 30, 2015 at 11:29 AM by Taylor Sharpe Richard, yes, I didn't mean to mess that up for Josh, but it is fixed now so the Josh account can get in and I did it to confirm it works. And, yes, EAR has been done, SSL 3rd party encryption is on, and using FileMaker Security (not AD/OD). Running on FMS 14.0.4 on a Mac OS X 10.11.1 Mac Pro Black Cylinder. ================================================================= November 30, 2015 at 11:41 AM by Richard Carlton Ok... well... let's make it fun. I'll put up $200 for anyone who can hack the file and get into it in a meaningful way. Read only access would be good enough... to be able to read another layout with data on it. To Win, you must be able to do a screen share to demonstrate how you hacked the file... and I get to interview the winner. Then you get the $200 USD. - RC ================================================================= November 30, 2015 at 12:40 PM by Josh Ormond Dangerous. You are going to owe me $200. Note, not only did I get in, I authorized myself for future log-ins, and altered other data. And if I wanted to be nasty, I can lock everyone out by hosing the PersistentID. Did you want to see the Device Access also? ================================================================= November 30, 2015 at 12:43 PM by Josh Ormond Here are the approved devices also. Note in both of these screen shots, the Persistent ID isn't not even the one from my machine..it still lets me in. ================================================================= November 30, 2015 at 12:53 PM by Wim Decorte Ha, you beat me by about 10 minutes. In case someone wants the data in excel... Information copy.xlsx ================================================================= November 30, 2015 at 1:31 PM by Taylor Sharpe OK, good job Josh and Wim, in breaking the 2nd factor. I guess this means you got around the Allow User Abort Off, which I am not sure how that is done. Would you like to share with us how you did that step? I just want to learn more about this and kudos to both of you. Lets just make this a learning thing. Thanks. ================================================================= November 30, 2015 at 1:41 PM by Wim Decorte Working on that. But at the risk of sounding unduly snotty: this kind of info needs to be part of bigger message that is being worked on; so "not yet". For now the focus point is on not trying to roll your own security using tables and scripts. Stick with the native FM features. Your first factor works like it should. ================================================================= November 30, 2015 at 1:43 PM by Richard Carlton Hi Josh, I wouldn't say $200 if I didn't mean it. LOL. Hell, I frequently give cash away to presentations to make sure people are not sleeping. :-) Please arrange to call me to discuss. - RC ================================================================= November 30, 2015 at 1:46 PM by Josh Ormond Will you be at DevCon next year? Maybe we can show you in person. Definitely not something I would post in a public forum. The main thing is that anything you allow me to do in the privilege set is the only thing that determines what I can and can not do. Scripts do not prevent anything. Obscurity does not prevent anything. ================================================================= November 30, 2015 at 1:48 PM by Taylor Sharpe wimdecorte wrote: “Working on that. But at the risk of sounding unduly snotty: this kind of info needs to be part of bigger message that is being worked on; so ‘not yet’.” Take your time... I just want to learn and make sure others are learning too. Your input is appreciated. ================================================================= November 30, 2015 at 1:50 PM by Richard Carlton Frankly...this is an excellent conversation. I like it... as it allows for valuable knowledge sharing. Just telling people "don't do it"... isn't always the best way. - RC ================================================================= November 30, 2015 at 2:03 PM by Josh Ormond This is a good, brief read. And also has a link to Stephen Blackwell's info on the FMPug site. http://fmforums.com/blogs/entry/830-an-exploit-based-approach-to-providing-filemaker-platform-security/ ================================================================= November 30, 2015 at 2:04 PM by Wim Decorte Richard Carlton wrote: “Just telling people ‘don't do it’… isn't always the best way.” Yep. The "why" has been covered many many times however. Steven Blackwell has talked about this at many devcons for instance. ================================================================= November 30, 2015 at 2:18 PM by Taylor Sharpe Yes, what was stumping me was I understood how Wim got in looking at tables. I didn't understand how Josh saw the actual layouts since he posted a picture of it. Anyway, I've changed the Security "File Access" to require full access privileges to use references to this file. So that would fix that vulnerability and it is a good point to remind people about before moving a database into production. And Wim reminds us that Mr. Blackwell shows us this technique at Devcon and he did this past summer too. It does make you wonder if that should start to become a default setting on new files. ================================================================= November 30, 2015 at 2:19 PM by Taylor Sharpe oh, when I reposted it with the fix, I removed Josh and created Wim with no password. ================================================================= November 30, 2015 at 2:25 PM by Richard Carlton Yah...that security setting needs to be more prominent. I remember people doing this in the FM 5 and 6 days. ================================================================= November 30, 2015 at 2:43 PM by Richard Carlton Cash Payment Made $200 to Josh!!! I always make good on our contests. ================================================================= November 30, 2015 at 3:33 PM by Wim Decorte Richard Carlton wrote: “Yah...that security setting needs to be more prominent. I remember people doing this in the FM 5 and 6 days.” Agreed. The whole security interface needs to become more intuitive and complete. Note that closing this particular hole does not make the scripted 2nd factor safe though I'm traveling this week so I won't have to play with this anymore until the end of the week. ================================================================= November 30, 2015 at 3:45 PM by David Jondreau I can think of at least 3 ways in. I'm not sure what Josh and Wim have been up to, but one was File Access. The second I'm still playing around with and it may be similar to Josh. The third is a much bigger deal. ================================================================= November 30, 2015 at 5:48 PM by Richard Carlton Yeah... the File Access Trust features should have been enabled. Thats low hanging fruit. The rest of these are more interesting. - RC ================================================================= November 30, 2015 at 6:15 PM by Matt Petrowsky What I've got to say is tangential to the immediate topic, but I've been wanting to say it for a while. I've been stewing on this whole "ersatz" security thing for quite a while. While I will fully agree with advising the general developer population about not creating their own login system, there are times and places where it's warranted. In particular, if you are wanting to use FileMaker as a development tool for end-user solutions where you really don't want to deal with FileMaker's account limitations. To that end. I'm posting a PDF I just created about the security model I use on systems where I DO create my own ersatz login system. Poke holes in it and tell me where you think it might fail. I think it's pretty robust - since it simply emulates the whole login system of most modern software. Please review and send feedback. I can start another thread, but I see that the people who are here now will see this and provide me with feedback. The biggest argument I have against the "FileMaker security only" proponents is that just because you can get into a FileMaker file does not mean you can do whatever you want within the file - especially, if you know how to limit the risk exposure. I make the analogy that if I can go to your web site and see some stuff then it's no different than opening a FileMaker file and being able to see some stuff. Moving from one level of access to another always boils down to one line of code somewhere. I look at FileMaker the same way. I can let you into my file, but I won't let you do or see anything I don't want you to. Check out the attached PDF and tell me what you think. https://dl.dropboxusercontent.com/u/1211710/Secure%20FileMaker%20Login%202015-11-30.pdf ================================================================= November 30, 2015 at 6:46 PM by Taylor Sharpe Good read, Matt. I've just been through it once and it seems very thorough. I'll have to chew on it a bit to see if I can think of other things. While sticking with FileMaker security is the safest and easiest, I know there are some times when we need something different. While this seems very foreign to FM, it actually is rather common in SQL engines to have stored User ID's and hashed passwords and maintain privilege sets, etc. One real benefit of FileMaker is how strong and simple their built in security is integrated into a solution and how much harder it is to do in other systems where security isn't built in. Thanks for the PDF, Matt, and I'll be doing some more reading on it. ================================================================= November 30, 2015 at 8:46 PM by Josh Ormond Lots of good stuff there Matt. There are probably a few ( very few ) developers in the community that I think could execute something that is very secure. But I have only ever seen 1 such system as of yet, and it was way outside of normal thought. And unfortunately, from a developer that is not longer active anywhere and their email is defunct. When I had seen the file 6 years ago or so, I was too much of a newbie to know exactly what I was looking at. The issue, even for the best of developers, that I see is...in 6 months, you have changed your approach for things slightly. It requires a complete rework ( or reminder ) of your security settings to ensure you don't open a hole. With any restriction that is imposed via script, it can be completely circumvented and data viewed/stored outside of the database. It's clearly something that is on the mind of any developer of any platform. But all one needs is the privilege set to allow the user to view data. I definitely see a great need for a more robust security scheme. I would like to see native 2FA in FileMaker. That is at the top of my list. Outside of that, FM security and Extended Privileges, and External Authentication have served me for almost everything I've needed. ================================================================= November 30, 2015 at 9:57 PM by Wim Decorte Matt Petrowsky wrote: “The biggest argument I have against the "FileMaker security only" proponents is that just because you can get into a FileMaker file does not mean you can do whatever you want within the file - especially, if you know how to limit the risk exposure.” Hi Matt, In that "knowing" lies the conundrum, right? To loosely quote Mark Twain: "It is not what you don't know that hurts you, it is what you know that isn't so". I think the overall discussion would be much easier if more people acknowledge that scripting your own security solution introduces more risk potential, not less. Risk can be mitigated but it relies on a very solid understanding of the behaviour of FM on all levels, not just the security level. Every new and changed FM feature behaviour bears the risk of blasting a hole in the ersatz model. That acknowledgment is what I do not find enough in these discussions. There is a long-standing myth that pretty much any ersatz security model is just as secure or even more secure than the native security features. And that is simply not so. As this thread has proven. I am on the road right now so I have not had a chance to review your document. Will do so and then return to this thread. ================================================================= November 30, 2015 at 11:04 PM by David Jondreau I have some warnings to give, but am not going to post publicly. I'm trying to send a private message, but it's not going through. I'll try again after posting this... Taylor, you've made some changes to the server since this afternoon. That's the first step. To answer the original challenge: The easiest answer is simply to use ExecuteSQL() in the data viewer. Using one statement to grab the table schema, and another to grab all the values. Even with the custom dialog, the data will show up on hover. https://community.filemaker.com/servlet/JiveServlet/downloadImage/105-9612- 19278/Screen+Shot+2015-11-30+at+1.51.48+PM.png <image lost> ================================================================= November 30, 2015 at 11:59 PM by Matt Petrowsky Wim Decorte said: “if more people acknowledge that scripting your own security solution introduces more risk potential, not less. Risk can be mitigated but it relies on a very solid understanding of the behaviour of FM on all levels, not just the security level. Every new and changed FM feature behaviour bears the risk of blasting a hole in the ersatz model.” Exactly my point in providing the information I did in the PDF link. I look forward to your feedback on it! ================================================================= December 1, 2015 at 12:23 AM by Taylor Sharpe David Jondreau wrote: “Taylor, you've made some changes to the server since this afternoon. That's the first step.” To answer the original challenge: The easiest answer is simply to use ExecuteSQL() in the data viewer. Using one statement to grab the table schema, and another to grab all the values. Even with the custom dialog, the data will show up on hover. https://community.filemaker.com/servlet/JiveServlet/downloadImage/105-9602- 19267/Screen+Shot+2015-11-30+at+1.51.48+PM.png <image lost> The only change I made was with the easy way you can use a TO in another solution to see data in the original solution if you have the same User ID/password and that had already been provided. So all we did was change the File Access security so you can't add a table from another solution without Full Access. David... good example of how ExecuteSQL can be used to view things in the data viewer and it does give you access to schema. That lets you read data, but doesn't let you change it and not sure how this would be used to stop the Persistent ID verification. But clearly that is something that in the security world you don't want done. I guess this is why Tim Dietrich's system had an intermediary user ID log in for the Persistent ID verification and that User ID had very limited table access and only to verify the Persistent ID and connect with a User and their Email. You would be in the solution as Wim notes, but not at your normal User ID access level. And upon verification, have a re-login with your normal User credentials. And that would be a better solution. Thanks for the thoughtful input. ================================================================= December 1, 2015 at 1:03 AM by David Jondreau Hmmm...You've made other changes to your server. Not to that file per se...but I'll save that for a private message. Point is I can see all the data that user has access to. I can't change it. But I can easily view any data. And that took less than a minute. There are other points about how to change data that I'll put in a private message as well. ================================================================= December 1, 2015 at 2:51 AM by David Jondreau And here's my entry... ================================================================= December 1, 2015 at 9:06 AM by Taylor Sharpe Impressive David to see the Persistent ID script hack. I'm more interested in this hack than the File Access one since I already knew about it. But you got through with File Access turned off. Kudos. ================================================================= December 1, 2015 at 9:12 AM by Josh Ormond Any time the privilege set allows the user to be able to edit the data, any of the external APIs will allow the user to edit the data. Even with this item fixed, the user can still view the data and extract it. The strongest security in FM is FM's own privilege sets. As the conversation with Matt and Wim brings out, there are ways to MOSTLY secure the file. However, one needs to be aware of the risk and then decided through a risk assessment if it's worth it to take on that risk by using an ersatz model. It's difficult to claim that an ersatz model "increases" security. Because there are too many variables in a solution to claim that. If it's a workflow you want to include, that's one thing. Touting it as a security model, well, that makes me uneasy. ================================================================= December 1, 2015 at 5:26 PM by Taylor Sharpe +1 Josh ================================================================= December 4, 2015 at 12:18 AM by Josh Ormond I read a very funny post today. Truth, but funny. http://fmforums.com/topic/98626-password-to-continue-script/#comment-448504 Here is the part of the post that touched me funny. Kris M wrote: “Implementing a security feature using scripts and stored credentials is problematic. Its like whack-a-mole to cover all the potential threat vectors.”

Our recent Engage presentation of the new 19.6 transactional script steps purposefully focused on the topic of error handling, because once you’ve put the transactional “bookends” in your script, your focus immediately turns to errors: handling, throwing, and passing them back to calling scripts or processes. The Contract When you add Set Error Capture On […] The post Set Error Capture On. Now What? appeared first on Proof+Geist. View the full article

Dear Friends, I’m very proud to officially announce the launch of Ottomatic Cloud Console, OttoFMS, and OttoDeploy! We built Ottomatic because we needed a world-class infrastructure and cloud platform to support our modern FileMaker work. We couldn’t find an existing hosting offering that fit our vision for professional FileMaker development practices, so we built our […] The post Ottomatic Cloud Console and more… Launch announcements! appeared first on Proof+Geist. View the full article

Proof+Geist is excited to participate in Claris Engage 2024, where our eight speakers will lead sessions covering foundational FM techniques and dig into exploratory topics. We can’t wait to share our tips, tricks, and techniques with you! Advanced modern Claris FileMaker transactions Barbara Cooney & Alo Torres-Navarro Whether you have implemented a transactional framework or […] The post Proof+Geist speakers and sessions at Claris Engage 2024 appeared first on Proof+Geist. View the full article

UPS not only delivers your packages with quality, but they also offer an API to streamline any shipping needs that you may have for your company or application. With their API integrated into your FileMaker software, you can validate addresses, check shipping costs, compare delivery services and rates, print labels, track packages, and much more in one consolidated package. Includes a video and sample file. Read the full article here.

Peter Nelson, Claris Vice President of Engineering Andrew LeCates, Claris Director of Platform Evangelism Martha Zink, The Context Podcast Host & Proof+Geist Director of Marketing Ernest Koe, Proof+Geist Co-Founder/CEO Todd Geist, Proof+Geist Co-Founder/CTO On April 26, 2022, Claris hosted a webinar on the future of their technology and platform. In this episode of The Context Podcast, Martha, Ernest, and Todd are joined by special guests Peter Nelson and Andrew LeCates from Claris. They focused on their upcoming offering, Claris Studio, […] The post The Context Podcast: The Evolving Claris Platform appeared first on Proof+Geist (formerly Geist Interactive). View the full article

When first using FileMaker's Filter Portal Records feature it's easy to get excited about how you can limit the set of records to exactly what the user needs to see. You start adding a single filter and the result feels like magic. A simple search filter using a global field will let you extra exactly the records you want. It's great! However, when start adding more and more filters things start to get complicated really fast. You have to become super comfortable with creating complex calculations with a lot of Boolean logic. If you don't know how to use your AND and OR operators, then it can really seem daunting. In this video we take a detailed look at how to break down a complex multi-filter approach and make it seem really easy to achieve some super advanced portal filtering. If you've ever been confused about making your portals show exactly what the user needs, especially when using multiple filtering vectors, then enjoy the understanding you'll receive from watching this video. Click the title or link to this article to view the video. View the full article

Hi all. I've written a new article at FileMaker Weetbicks entitled Powerful Pivot Table Presetting. In this article we take a look at pivot tables, their use, and their integration into FileMaker through using the PivotTable.js library. We look at others who have pioneered this integration before, and then extend on those by building in saving and loading of presets. This opens up a world of possibility for your end users who can now build and save their own pivot table configurations. Click to read the full article along with a lovingly crafted example file you can download. Thanks for reading! Daniel

Demo file: sql-join-fun-etc.zip requires FM 18 or later. Recently I was asked to create a mini-report combining data from a pair of related tables via ExecuteSQL. This provided an opportunity to think about SQL joins, and also to come up with a way to apply currency formatting to dollar amounts in the SQL query result,… Continue reading Fun with SQL Joins and Currency Formatting View the full article

Learn how to create Custom Button Icons in FileMaker! FileMaker 14 comes pre-loaded with 140 useful glyphs, learn how to expand your collection! https://www.dbservices.com/articles/filemaker-custom-button-icons/ dbservices.com

The Microsoft OneDrive API can allow you to edit files without downloading and re-uploading to FileMaker. Integrate FileMaker with Microsoft OneDrive to store documents in the cloud and improve sharing while keeping your database lean and mean. Be sure to check out the full article: https://dbservices.com/articles/filemaker-onedrive-integration/ Includes free sample database and tutorial video dbservices.com

We at Geist Interactive have released a new podcast (well new in the last eight weeks): The Context Podcast. Our podcast is focused on higher-level discussions of the FileMaker platform. We discuss (and embrace) innovation and technology inside and outside of FileMaker. We talk with guests from all around the community about their thoughts on whatever topic is on deck. We also try to ask the guest their thoughts on the context of certain techniques we use in our projects. So far we've released the following episodes: All About the Context: @Todd Geist and @Jeremy B All About join::table: with the folks from join::table (the titles get a bit better from this point forward) FileMaker Milestones and Person Connections: @Todd Geist @Wim Decorte The Security Talk: @Josh Ormond The Context of JavaScript and its Future: Carson Lind A Talk with Women Innovating Together FMPerception and FMComparsion with @Dave Ramsey What do Users Care About with @bigtom Check these out. Subscribe to the podcast on Apple Podcasts or wherever you get your podcasts. And we'd appreciate a review. Let us know how it sounds and what you think of the discssions and guests and host. FINALLY: If you are interested in joining us for an episode and talk about something you're doing in FileMaker, let @Jeremy B know here or at [email protected]

Hi all, Today I'm happy to announce the release of Elemental for FileMaker. This is a free fully unlocked solution containing some cool user interface and design stuff that I hope you find useful and can incorporate into your own solutions. You can grab a copy now at https://www.elemental-fm.com In Elementals first version you'll find the following: Avatars Over 20 API integrations with avatar generators. These are uniquely generated based on a name you provide so you are guaranteed almost a unique avatar in each instance. Great if you want to add a bit of imagery to your contact lists or any other lists of records. Heaps of customisation and options to choose from. Integration is simple, just copy and paste the relevant script into your own solution and hook it up to your own container field where you want the image to be stored. Placeholders Much like avatars, placeholders are dummy image services of various types where you can auto generate a placeholder image. This is great if you need some sample imagery for things like products or inventory, or to indicate the desired size of an image to be inserted. Icons Need an SVG icon for your button bar? We have over 7,000 icons to choose from, all have been modified and are FileMaker ready. Animations Animations add a bit of life to your FileMaker solution. We have both GIF and SVG animations (using SMIL). GIF is for all around compatibility, and SVG's are if your computer can handle it (most macs can, windows maybe!) Really cool if you want to show something while a script is running to keep the user entertained, sometimes it's the small things that make a difference to user experience. Gradients Browse over 300 different gradient swatches to get inspired and use the colors provided to build your own in FileMaker. Other cool stuff The solution is unlocked so you can explore the layouts and find out how it all works. You might also uncover some hidden gems in there such as html5 color pickers, double range sliders and SVG to PNG conversion all without plugins I really hope you enjoy elemental and find something useful in it which you can use in your own solutions you build. Elemental will always remain free but if you would like to say thank you with a donation then you can do so on the website. This helps to ensure continued development of elemental in future.

WidgetStudio makes it easy to use, design and share powerful interface widgets, like calendars, gauges, charts, and timers. Pick from the constantly growing set of included widgets or build your own. Freely share them with your customers or friends. The post Announcing WidgetStudio – FileMaker WebViewer Widgets appeared first on Geist Interactive. View the full article

The FileMaker Web Viewer Bridge raises our interaction between FileMaker and JavaScript to the next level. Let’s take a high-level view of this framework. Working with the web viewer, stage one In all the work I’ve done so far with JavaScript and FileMaker, I’ve followed one setup. The JavaScript libraries, functions, the CSS, and the […] The post The FileMaker Web Viewer Bridge appeared first on Geist Interactive. View the full article

The face of computing and data access has changed enormously over the past decade. In an always-on, connect-from-anywhere, mobile-device-driven world, the network perimeter has disappeared. With that disappearance has come a variety of new security and business process challenges to the Confidentiality, Integrity, Availability, and Resilience of organization digital assets. Coupled with growing regulatory strictures, business reputation management requirements, and customer or client trust, modern day information management challenges have multiplied. Verification of authenticity of users who seek to access these assets is now the major information security challenge. Federated Identity Management is one of the most important concepts in modern Information Security Services. What is it, and how do developers and administrators implement it? What problems does it solve? How does it relate to the FileMaker Platform? A new White Paper discusses this and the related concept of Zero Trust Security, something very important to the future of the FileMaker Platform in my view. You can download the White Paper here: https://fmforums.com/files/file/105-federated-identity-management-zero-trust-and-the-filemaker-platform/ Steven H. Blackwell Platinum Member Emeritus, FileMaker Business Alliance

The new FileMaker default fields feature in the latest release of the platform makes our development that much easier. Let's consider their effective use. The post Common Questions: FileMaker Default Fields appeared first on Geist Interactive. View the full article

Acknowledgement: As always a huge thank you to Bruce Robertson, for inventing virtual list, and for many other contributions to the FM community over the years. Introduction As a follow up to my recent “Virtual List on Steroids” presentations at DIG-FM and dotFMP, today I want to take a fresh look at using JSON arrays […] View the full article

Editor is THE rich-text editing tool for FileMaker. It is familiar for users and flexible for developers. Editor provides a full-suite of text-formatting tools for writing projects such as notes and blog posts. The formatting is saved, and can be retrieved for further editing. Editor is the best way to provide formatted text for FileMaker. The post Editor: The Rich-Text Editor Add-On For FileMaker appeared first on Geist Interactive. View the full article

Last week, the Adatasol FileMaker Podcast, hosted by Dan Weiss of Adatasol interviewed Todd. He spoke about Geist Interactive: our history, where we are, and things we love. The post Todd Geist on the Adatasol Podcast appeared first on Geist Interactive. View the full article

The FileMaker Script Debugger is powerful. Its features are often overlooked. In this post we examine the buttons that control stepping through a script. The post Like a Boss: Using the Script Debugger to its Full Potential appeared first on Geist Interactive. View the full article

Steven Blackwell almost always starts a phone call with "greetings and salutations" and often ends with another famous quote, "keep the faith". I've never asked what he means but I'm pretty sure it's not religious. Steven Blackwell loves the FileMaker platform and he likes other people who feel the same as he does. Keeping the faith is just trusting in the FileMaker platform. I'm also pretty sure he didn't start using this quote when he started developing FileMaker solutions. It's just how he sees everything in life. When he believes in something, he gives it his all. I appreciate that about him so much. But, let me introduce you to him first since you may not know him as well as I do. View the full article

This month at the Atlanta FileMaker Developers Group meeting we covered some topics we learned about at DevCon this year. View the full article

If you’re a dev, you are a power user. Below are 7 digital tools that are indispensable, and not necessarily for coding. I don’t know if they share any common characteristics, except that when I don’t have access to them, I grunt in frustration. Nanny / LeechBlock / WasteNoTime Distraction is a huge productivity killer. For me, it’s the #1 issue in ‘getting things done’. I’m an info junkie and I have low self control. Me, making a living at a computer, is like being a recovering alcoholic and working at a bar. Except I’m not Sam Malone. I’m not even close. Buying a box of cookies and just ‘not eating’ them doesn’t work. What does work is not buying those cookies in the first place. That’s harder to do when working in a cookies factory. I love to read about a wide range of topics…current events, personal finance, urban planning. So, I’ve got to lock myself away from Facebook, reddit, twitter, washingtonpost.com, wsj, vox, 538, slatestarcodex, Mr Money Mustache, Bogleheads…well, you get the idea. But having access to those during work hours is majorly counterproductive. The solution? Browser add ons. I use one on each of my three browsers (Chrome, Firefox, Safari). These little utilities block access to sites of my choosing during certain hours. Very configurable, they lock away the liquor until it’s after hours. JumpCut JumpCut is handy little utility keeps track of your clipboard history. It ‘buffers’ your clips, keeping a history of up to 99 items that you can access and paste. Say I want to copy and paste four separate items, pieces of code, from a website to a Data Viewer. By default, that process is: copy, navigate to the Data Viewer, paste, navigate back to the website, repeat 3 more times. With JumpCut, it’s copy, copy, copy, copy, navigate to the Data Viewer, paste, paste, paste, paste. It’s one of those things you *have* to try. I’ve configured JumpCut so cmd-shift-V brings up the clipboard popover, then arrow keys move through my history. I use this shortcut at least 10 times every hour, every single day. Boomerang Boomerang is an app that integrates with Gmail and does two very cool and very different things: schedule emails and bounce emails back. Scheduling e-mails is great. I use it in two situations. If I’m emailing at 2 in the morning and I want to reply to client, but I don’t want to look like an workaholic nutjob. I use Boomerang to actually send the e-mail at 7:30am instead, looking like an industrious, early rising professional. The other situation deals with that feeling when as you hit ‘send’ and you think ‘Oh, crud, that wasn’t right’. Gmail has a great ‘Undo’ feature. Start with that. But the max time is 30 seconds. If I’m sending an email and I’m not sure if my choices around tone or content are the best, but I need to move on, I will schedule to send it in 30 minutes, allowing me to ‘let go’ but leaving open the option of revisiting it if I realize I should have rewritten. Your smile when you use boomerang Bouncing e-mails back is super helpful. I’m a fan of Merlin Mann’s Inbox Zero. I use my inbox as a To Do list. If it’s in there, I need to deal with it. *For the record, at the moment my inbox has 12 emails, and I never let it get above 50. Some tasks, however, need to come back on my to do list. For example, I’ve got to get credentials from a client in order to work on their solution. I’ve emailed them but got an autoresponse that they’re away for 3 days. I don’t want that task sitting on my to do list, because I’m waiting on someone else. So I set the email to “Boomerang” in 4 days. The email will leave my inbox and pop up again in 4 days if I don’t already receive a response from the client. Brilliant! MonkeyBread Solutions MBS has produced the Amazonian rainforest of FileMaker plug-ins. With over 4,500 different functions, it’s an entire ecosystem, packed to the brim with medicinal plants. It’s well worth the $149 price. More awesomely, there’s two incredibly useful developer tools built into the free demo version: The ability to search scripts and the ability to search the relationship graph. Install it, you won’t know how you lived without it. LastPass or any password manager If you’re not using a password manager, you’re being unprofessional. LastPass is the one I use. I haven’t tried KeePass or OnePass or any of the others, I’m sure they’re fine. Pick one and use it. Use a super secure master password (try the Correct Battery Horse Staple method with some of your own modifications), then let your encrypted password store of choice do the rest. I’ve got about 600 entries in my LastPass account, so “the rest” covers a lot ground. I don’t use the un-encrypted EverNote, no I use LastPass. With it I: Generate random 16+ character passwords. Updated all my sites so I’m not using the same P455w0rD on each. Create random 6 letter pronounceable passwords to use as the answers to security questions. Store credit card numbers, including the CVV code. Store configuration details for FM Servers. Attach a copy of SSL files to my client’s ‘note’. Store the VIN of my car. Store the make and model of my lawnmower. Mint.com Like most of humanity, financial security is important to me. One of the cornerstones to financial understanding is creating a budget. Whether you think budgets are prescriptive or descriptive, you should see where your money is going. Mint collates all your financial data in one place and allows you to assign income and expenses to categories you define. I have been using Mint since 2007. I check it at least twice a week, sometimes more. f.lux The human brain is a complex organ. There’s growing evidence that using a screen before bed can interfere with sleep, in large part because the screen emits blue light. f.lux adjusts the color temperature of your screen based on the time of day so that at night, your screen shifts red, encouraging better sleep. Now, you shouldn’t be using a screen in bed, but if you’re using it at night, use f.lux. I recommend all of these tools without reservation. Not that they’re perfect by any means, but they are indispensable. View the full article

Looking for instructions for Windows? Click here! Let’s Encrypt is a non-profit certificate authority with the mission of spreading the SSL love across the internet. Though they’re not officially supported, we can use Let’s Encrypt to get free SSL certificates to use with FileMaker Server. We will use a Bash script and a LaunchDaemon to retrieve and automatically renew SSL certificates through Let’s Encrypt to make sure our connections to FileMaker Server are secure. With this, there’s no reason anyone should have an invalid SSL certificate on their FileMaker Server deployment! Requirements: FileMaker Server deployed on a Mac server – Tested with OSX 10.11 but may work with other versions. The “FileMaker Database Server Website” page must be reachable through the public internet using a web browser at the address you wish to get an SSL certificate for, such as http://myserver.mycompany.com. This means opening or forwarding port 80 in your router, firewall, or security groups. We use the Let’s Encrypt HTTP verification challenge, so we must make sure that Let’s Encrypt is able to reach our FileMaker server through HTTP. Warning: FileMaker does not list Let’s Encrypt as a supported SSL vendor and usually alerts the community that non-supported SSL vendors’ certificates won’t be able to be validated by FileMaker Pro and Go. I believe we’ve solved this issue with this solution. We’ve had no problems with validating these SSL certificates with FileMaker Pro 13-16 but of course can’t make any guarantees. FileMaker Go 15/16 also seem to validate everything correctly, though FileMaker Go 14 can’t connect. Please post in the comments section below if you have any issues using these SSL certificates. This is an experimental script and procedure. Please proceed with the use of this Bash script and Let’s Encrypt SSL certificates at your own risk. Here’s a summary of what we’re going to need to do: Install Homebrew Install Certbot Edit the GetSSL.sh file Run the Bash script Change the FileMaker Server SSL Connections settings Set up a schedule to renew the SSL certificate 1. Download the GetSSL.sh Bash script First, you’ll need a copy of the GetSSL Bash script. Download the file using the link below and save it on your server where you’ll want to get the SSL certificate. Warning: This is an experimental script and procedure, and SSL certificates from Let’s Encrypt are not officially supported by FileMaker, Inc. Please download and use this script with the understanding that it comes with no guarantees or warranties, and that you are doing so at your own risk. Blue Feather, Let’s Encrypt, nor anyone else are responsible for what happens to your server or systems when using this script. Download the GetSSL Bash script 2. Install Homebrew Homebrew is a package manager for Mac. It’s used to install tools and applications for your system. You can read more about Homebrew at the Homebrew website. We’re going to follow the instrucitions on there to install Homebrew on our Mac server. Run the following command in Terminal: /usr/bin/ruby -e "$(curl -fsSL https://raw.githubusercontent.com/Homebrew/install/master/install)" 3. Edit the GetSSL.sh file The script file needs to be edited so that it know the address you wish to get an SSL certificate for. Open the script in a text editor like TextEdit, TextWrangler, Sublime Text, or through Terminal using an editor like Vim. Change the address, email address, and (if necessary) the FileMaker Server install path variables to reflect your server’s information and your contact information. Let’s Encrypt will use this contact information to reach out to you if there is a problem with the SSL certificate that they have issued to you. 4. Run the Bash Script WARNING: Running this Bash script will safely restart your FileMaker Server service, abruptly disconnecting any active users. Make sure that nobody is connected to your server before you run this script. With Certbot installed, we’re now ready to run the Bash script. Make sure nobody is connected or using your FileMaker server and then run the GetSSL.sh Bash script by navigating to the directory you have it copied to in your Terminal window and entering: sudo ./GetSSL.sh A bunch of text will scroll by in the Terminal window as the script requests, fetches, and installs your SSL certificate. Your FileMaker Server service will then be stopped and started again automatically. Your SSL certificate should now be installed! Go to your FileMaker Server admin console to make sure you’re seeing the new SSL certificate. You may need to close and re-open your browser if you had the page open already. 5. Change the FileMaker Server SSL Connections settings The SSL certificate is installed, but we want to force FileMaker Pro and Go clients to connect securely to our server. Log in to your newly secured FileMaker Server admin console. Select the Database Server options from the list on the left and then the Security tab at the top of the page. Check the “Use SSL for database connections” option (as well as “Use SSL for progressive downloading” if you would like) to force FileMaker Pro and Go clients to use a secure connection when connecting to this server. Save your changes and then restart your whole FileMaker Server machine or just the FileMaker Server background service. Your FileMaker Pro clients should now show the green lock icon when logging in to this server, indicating that the connection is secure. 8. Set up a schedule to renew the SSL certificate SSL Certificates from Let’s Encrypt are only valid for 90 days and must be renewed before that time. Let’s Encrypt does this purposefully to encourage automation and increase security. In that spirit, we should set up an automatic renewal for our SSL certificates so that we don’t need to manually re-run this every couple of months. This process is similar to setting up a scheduled script in FileMaker Server. Move the GetSSL.sh file to a relatively permanent location on your server. An example place for this might be /usr/local/bin/. You’ll need to create a LaunchDaemon schedule to run the script at the dates and times you want to do it. A LaunchDaemon will run your scheduled program or task at the dates and times, or at the interval, that you specify. These certificates are good for 90 days at a time, and the Certbot tool we’re using will only renew them once they’re at least 30 days out from renewal. You will want to create a .plist file to schedule this in a way which makes the most sense for you. You can have it run once per week, for example, and it will renew your certificate when it becomes eligible for renewal (It will still restart your FM Server at your scheduled time, even if there isn’t a new certificate – I’d like to update this in the future to only restart if there’s a new certificate.). You can use the example .plist file available at the download link below. You can download and edit this example file to run your GetSSL.sh script at the location you stored it at and on the days you want. This example one is scheduled to run once per week, on Saturdays at 6:21 pm. You can read more about writing your own LaunchDaemons from the Apple Developer site. Download example .plist As an alternative, there’s a great app called Lingon X which give you a really nice GUI for creating, editing, and installing LaunchDaemons. A demo is available, and a single-user license is $9.99, which may be worthwhile as it makes creating and scheduling LaunchDaemons very easy. Once you’ve finished setting your schedule, place your .plist file in /Library/LaunchDaemons/. With your LaunchDaemon installed you can tell your server to start the schedule by ( substituting your .plist file name and then ) running : sudo launchctl load /Library/LaunchDaeomns/my-script.plist Done! That’s all that you need to do! Your script should run automatically at your scheduled time to renew your SSL certificate with Let’s Encrypt. Do a test to make sure that it’s all working properly, that it gets a new certificate for you, and that your FileMaker Server service restarts after it has retrieved the certificate. If there is an issue, you may want to run the script manually in PowerShell or debug with the PowerShell ISE to locate any issues. Keep in mind that your FileMaker Server service will be restarted after getting the new SSL certificate, so be sure to schedule it for a time when people will not be active in your system. This is an early version of this script and there is quite surely room for improvement. Please let me know if you have any suggestions or run into any issues using this scripting. Let’s make the FileMaker community a secure one! View the full article

Got Rentals? Finally, the Ultimate Rental-Tracking Software Solution for the Equipment Rental Industry! Pre-made? Custom? Or SaaS? It’s a never-ending battle of pros and cons when trying to find apps that will make your rental business run smoother while giving you the best bang for the buck. Pre-made? Tempting. It costs less up front but choosing this one-size-fits-all solution may leave you addled with useless features and not enough functionality. Custom? Seems costly but will definitely meet your needs. With SaaS (software-as-a-service), you remain at the mercy of your vendor for feature upgrades, and as fees add up over the years you may find you could have paid for a custom-fit solution instead! Luckily, when it comes to rental business software applications, there’s another way … eXcelisys has released a new eX-File, the eX-RentalTracker — a FileMaker Pro jump-start solution for the equipment rental industry. The app tracks inventory, bookings, returns, customer contacts, invoices and payments and includes an availability calendar. Because the basics are already there, customization is quick and easy. The eX-RentalTracker is the best of both worlds, offering clients a software solution that’s part ready-made and part custom. “After working with multiple customers constructing tailor-made rental tracking solutions for their businesses, we decided to build a jump-start solution for the masses,” said Doug West, eXcelisys VP for product development. “The eX-RentalTracker comes pre-built with many of the standard features our rental business clients have been requesting.” The eX-RentalTracker is for rental businesses who’ve found out-of-the-box software solutions too clunky and custom-built systems too expensive. The eX-RentalTracker can be used on a desktop PC (Mac/Windows) with certain task-based functions available on iPads. See the eX-RentalTracker in Action Today Businesses interested in the eX-RentalTracker can request a FREE demo copyvia the eXcelisys website. After receiving the eX-RentalTracker demo, you can tool around in the app to see how easy and intuitive it is to use. You won’t need a tutorial to figure out how the eX-RentalTracker works because the tabbed interface makes navigation a cinch. Check out the “home” screen, which includes “Quick Tasks” tabs that provide rapid access to the tasks most frequently used in rental app solutions. The eX-RentalTracker simplifies daily processes. Features include: Kitting (allows multiple items to be packaged in a single rental kit) Barcodes/handheld scanners (for quick check-out/check-in) Instant invoicing (no more entering long strings of product numbers) Equipment tracking (prompts users to select the condition of returned items at check-in so broken inventory doesn’t get placed back on the shelf) Availability calendar prevents overbooking. The “Quick Tasks” tabs on the home page offer quick access to many everyday tasks, such as adding a customer, a product, a PO, a vendor or an order. Track the history of each item — know where it’s been and the condition in which it was returned. eX-File FileMaker Pro Templates Save Tons of Time & Money eXcelisys has been designing jump-start FileMaker Pro template solutions since 2004 when the first edition of the FileMaker Pro BizTracker was released. Since then, the BizTracker (for sales-driven businesses) has evolved into a full lineup of eX-File solutions, including the eX-TruckingTracker (which tracks trips, mileage, and expenses) and the eX-EvalTracker (used to archive employee performance). The eX-BizTracker has been a popular and steady jumping-off point for countless eXcelisys customers requesting software development. Ever proactive, eXcelisys developers modified the tried-and-true eX-BizTracker to create the eX-RentalTracker by adding features and functionality common to and frequently requested in the rental industry. Recently, Birnn Chocolates of Vermont contracted with eXcelisys for a biz-tracking solution. After four generations and 101 years in business, Birnn Chocolates was ready to join the 21st century with a software upgrade to smooth daily operations. Owner Mel Fields had been using a hodgepodge of paper record-keeping, Excel spreadsheets and Google documents to keep the truffles flowing. Fields needed an up-to-date system to manage the production process, ensure order fulfillment and track the ingredients and finished goods for FDA compliance. Instead of starting from scratch — like he does with his truffles — Fields started the process using the eX-BizTracker as a foundation for his business solution. During his hands-on experience with the eX-BizTracker demo, Fields discovered that many of the features he needed were already built into the software. “Being able to demo was essential for being able to pull the trigger and make the decision,” said Fields. Utilizing the pre-built mock-up allowed Fields to zero in quickly on modifications needed to make the software fit his unique business needs. Fields is still awaiting his software solution as eXcelisys developers finish tweaking the eX-BizTracker build. Fields is certain he’s getting a great deal. “We spent some hours taking away features, but in the grand scheme of things, I’m quite sure we got a lot more for the money by starting with BizTracker.” Like Birnn Chocolates, Cinema Camera Rentals recently came to eXcelisys seeking a custom inventory management app and used the eXcelisys BizTracker5 as the foundational template. “This approach helped me the most from a time standpoint,” said Cinema Camera rental manager Matt Stemmley. “Instead of dedicating the energy to figure out how I wanted the system to be laid out, I instead hit the ground running on envisioning functionality.” Stemmley advises business owners to take advantage of the eX-RentalTracker. “Future customers of eXcelisys in any sort of rental capacity will ideally be able to start with the eX-RentalTracker base and add features as they see fit.” Stemmley says he “highly recommends” the eX-RentalTracker to anyone considering a rental app based on the FileMaker Pro platform. “In my opinion, it will save them countless hours that could be dedicated to other areas of design and functionality.” Demo the eX-RentalTracker today. Like Birnn Chocolates, discover how pre-built FileMaker Pro templates can sweeten the deal in the search for the right and perfect software solution for your equipment rental business. To request the eX-RentalTracker demo, click here. To read about the Cinema Camera rental-tracking solution, click here. To read about another eXcelisys-built rental-tracking solution, click here.

Protecting FileMaker Platform Business Solutions FileMaker Platform developers and FileMaker Server Administrators, as well as business data owners, need to take a variety of steps to protect the Confidentiality, Integrity, Availability, and Resilience (CIAR) of their FileMaker Platform Business Solutions. Threat Agents of many varieties seek to exploit vulnerabilities that might exist in those solutions to compromise them, to steal data, to alter data, or to destroy data. This FileMaker Security BLOG article will describe four key steps that developers and administrators can take to protect their files. Before listing those however, I want to describe an important caveat about such an approach to FileMaker platform security. Security is never a case of “One and Done.” It is not a check list of things to do to files, and then they are and will remain secure. Business circumstances change. We discover new vulnerabilities. Threat Agents perfect new attacks, some possibly exploiting so-called Zero Day vulnerabilities. Security is an on-going process in a constant state of flux. Maintaining security for business solutions requires constant monitoring and evaluation. All that said, however, here are four important considerations. All employ tools that the FileMaker platform already gives us to help protect our files. First. Use Granular Access Privileges. The FileMaker security schema allows for very specific privileges as well as for very broad ones. For best protection and control, set the privileges and permissions for each Privilege Set very carefully. For each business role, give the users in that role all the privileges they need for them to accomplish their business requirements. But do not give them any added privileges. This is called the Rule of Least Privileges, and it is fundamental to having correct security for your files. This process may take a bit of work, and it requires you to know and to understand what users are supposed to be doing—and not doing—in the file. To do this you also need to know what permissions are on and which are off by default in each Privilege Set. When a developer creates a new Privilege Set in a file, most privileges bits are off or at their most restrictive settings by default. This is a correct and is a consistent behavior with the Rule of Lest privileges. One of the things a developer wants to achieve in working with the security schema is to prevent an otherwise authorized user from escalating his or her privileges and gaining a level of access above the prescribed one. To that end, developers should most likely avoid in almost all situations the use of the two default subordinate level Privilege Sets: [Data Entry Only] and [Read-Only Access]. Both these contain privileges in excess of what their names suggest. If you plan to use them, carefully review the actual privileges they grant to see if those are consistent with your security model. Second. Invoke Encryption at Rest (EAR) on your files. This is a particularly important step; likewise, EAR offers particularly good protection, provided you use a strong encryption password. FileMaker Pro will tell you the strength of the password: Weak, Moderate, or Strong. If someone gains access to a copy of your files by any of several attack vectors, EAR prevents their forcing the file open or employing any of the so-called “password crackers” on them. Unauthorized possession of copies of files, including backup copies, is a particularly strong attack vector. It is also an attack vector that Threat Agents frequently employ. Third. Use File Access Protection to block manipulation of your files by other FileMaker Pro files you do not control. File Access Protection prevents unauthorized persons from pointing their files at yours and extracting, viewing, or manipulating information. An important part of effective file protection is understanding how external Application Program Interfaces (API’s) can access your FileMaker Pro business solutions and then how to control that access. This includes layout access, file metadata, and the business logic found in scripts. [You can read more about this topic here: http://fmforums.com/blogs/entry/1535-the-filemaker-platform-api’s-are-your-friends-right/] Some of these elements respond to fine-grain permission controls in the Privilege Set. Others do not; hence, developers should utilize File Access Protection. Additionally it can assist in preventing users who are otherwise authorized a particular level of permissions from escalating those permissions and privileges in the file. Escalation of privileges is a key vulnerability we must try to prevent in all instances. Fourth. Utilize Encryption in Transit to protect you data while they are in motion between FileMaker Server and a variety of FileMaker Platform clients such as WebDirect™, FileMaker GO, and FileMaker Pro. This is particularly important when users are accessing FileMaker Platform Business Solutions by public Wi-Fi networks such as those found in coffee shops, hotels, conference centers, malls, airports, and similar venues. For that matter it is also important when the only access is across a Local Area Network (LAN) behind a closed firewall. Just one single rogue wireless access point on that LAN can compromise it. Additionally anyone with access to the LAN could also intercept data in transit. Encryption in Transit also helps verify the identity of the FileMaker Server and helps prevent man-in-the-middle attacks where a Threat Agent could impersonate your FileMaker Server. I have described four FileMaker Platform security tools that developers and administrators can use to protect FileMaker Platform business solutions: Granular Access Privileges Encryption at Rest File Access Protection Encryption in Transit I have attached a schematic that can serve as a reminder about these features. Remember when using these, that security is dynamic and on-going. It is never a “One and Done” scenario. The FileMaker Platform provides these tools. A number of people have done a very considerable amount of work over the years to add these to the FileMaker Platform. I strongly recommend their use.

REST (Representational state transfer) has quickly become the de facto standard for communication between services and apps. Before it, came SOAP and XMLRPC, but the two buzzwords you’ll hear over and over these days are REST and JSON. When it comes to FileMaker, you’ve always been able to do super basic REST with the Insert from URL script step. Later down the road, FileMaker added in support for the POST method of service interaction with the httpspost:// url scheme. While the basics are always nice to have, you can’t do much beyond access public services with what FileMaker provides natively. If you’re ever going to work with a truly powerful API such as those offered by YouTube, FaceBook, Twitter, Google Apps and Vimeo, then you have to use something a bit more powerful. Fortunately, for FileMaker developers, we have a number of possibilities. One of those options is the freely available BaseElements plugin. The plugin can access pretty much access any web service and will allow you to perform the full suite of possible interactions. It uses the very popular cURL library behind the scenes and with a little bit of knowledge, you’ll be interacting with web services in no time. If you have the need for integrating true REST client functionality within a FileMaker solution, then you’ll be glad you watched this video! Click the title or link to this article to view the video. View the full article

The FileMaker Platform API’s Are Your Friends, Right? The FileMaker Platform supports integration with a variety of Application Programming Interfaces (API’s), and it has done so for a very long time. These API’s allow FileMaker Platform developers to integrate their solutions with other technologies and applications. This is an incredibly useful capability; indeed, from both technological and business-process standpoints, it is essential. Many FileMaker developers are not aware, however, that these API’s have the capability to access customer or client solutions in unexpected ways and to extract or insert data, to manipulate business processes developers embedded into these solutions, and to compromise the integrity of these solutions. Correctly configured and appropriately granular Privilege Sets can control many of these behaviors. But developers must first understand what those behaviors are and then how to control them. This FileMaker Security BLOG entry will identify a number of these API’s, will describe their use as attack vectors, and will point out some specific issues with several of the API’s. My hope and intent is to equip FileMaker Platform developers with the knowledge necessary to recognize these issues and to address them. The FileMaker Platform utilizes a number of API’s: Apple Events Active X WebDirect™ XML PHP Execute SQL xdbc (ODBC and JDBC) Plug-Ins FMPURL FileMaker Pro External File References and Data Sources Many developers may be surprised by my including the FileMaker Pro application itself in the list of API’s. Yet, through use of its powerful capabilities to access data in other files and to trigger business-level processes such as scripts, the application is, in fact, an API to itself. This has significant impact from the security standpoint when the capability is misused and when one FileMaker Pro file functions as an attack vector on another FileMaker Pro file. There are five significant actions an external API can undertake to perform on a FileMaker Pro file. Not every API can perform all these tasks; however, each can perform at least one of them. What are those actions? Read and extract data Write data Read and extract metadata Manipulate the User Interface Trigger FileMaker Scripts What are some of the types of attacks these API’s can facilitate? And, more importantly, how can developers ameliorate the adverse impact of such attacks and perhaps prevent them in the first instance? One category of attack centers on manipulation of the User Interface to send the attacker to a layout in the file the developer never intended to have exposed. This is one of the inherent dangers that so-called “Developer” layouts present. Unless a layout enjoys access protection in the Privilege Set attached to the active Account, the Attacker can navigate to it and observe anything shown on it. Another category of attack deals with reading and extracting data from a table. Some API’s can perform this task and even write out the data to another application such as Excel or Microsoft Word. In other instances, an attack can cause an export of data from a file. Still another category of attack involves the triggering of scripts in a manner developers did not anticipate or intend. Generally speaking, if a script is either modifiable or (more commonly) executable to the active Account’s Privilege Set, then the Attacker can invoke the script. Developers must carefully consider the conditions under which a script runs. Scripts that re-log into the solution with elevated privileges without a credentials challenge are especially attractive targets for attackers. The script does not have to appear in the Scripts menu or be attached to an object on a layout to be vulnerable to such an attack. Its mere existence in the file in an unprotected state is sufficient to render it vulnerable. Some API’s can extract metadata from a file. Some metadata, such as a list of items in a value list, might also reveal data at the table level. Additionally, the metadata item might be a list of the Layout names in a file. An attacker could use this information to attempt navigation to a particular layout such as the “Developer” layout previously mentioned. Similarly, metadata might reveal a list of Script names; this could facilitate an attack on a selected script. There are three API’s that cause particular concern because of their breadth and relative ease of use. These three are Apple Events, the FMPURL process, and FileMaker Pro files themselves. The Apple Events Suite has an extensive set of commands that can read and write data, read metadata, manipulate the UI, and trigger scripts. In addition, they can work outside the normal constraints found on layouts in a file. http://thefmkb.com/5671 The FMPURL process (that is described at https://www.filemaker.com/help/14/fmp/en/html/sharing_data.17.6.html can open a file and run a script in it. If the file is already open, then the script will still run. A FileMaker Pro file can also read and write data in another FileMaker Pro file. That is a commonly used process. But such files can also run scripts, manipulate the UI, extract data, and extract metadata from other files. If the target files are not protected, they are vulnerable to these type actions. This is a more subtle process than might first be observed. A number of Privilege Set bits apply only to the file in which they are defined; they may work differently when called externally from another FileMaker Pro file. So, how can a FileMaker Platform developer address these issues and protect a FileMaker Platform solution? There are several key steps developers should take: Invoke File Access Protection. This prevents unauthorized references by external rogue files an attacker might create. FileMaker, Inc. introduced this feature to the Platform in version 11. At that time I authored a White Paper fully describing this feature. The White Paper can be found at the following location: http://www.fmpug.com/resources/security_schema_changes_filemaker_11 Tightly define Privilege Sets so as to block access to elements that need protecting. Items marked as «No Access» do not respond to External API calls as a general rule. Take steps to prevent automatic access to files without credentials. In most instances developers should prevent auto-opening of files, especially at higher levels of privilege. Once opened, such files can become vulnerable to attacks using the API’s. They can also be used to attack other FileMaker Pro files. I discussed some aspects of this two years ago in a post on this BLOG Do not enable any API’s not needed in a file. This includes such items as XML, PHP, and xdbc. Strictly speaking, WebDirect™ perhaps is not actually an API; however, developers should not enable it either if it is not needed. In this BLOG post, I have enumerated a number of FileMaker Platform External API’s and described how a Threat Agent (Attacker) might use them as a vector to compromise FileMaker Platform solutions. I have also enumerated some specific attacks. And I have provided several recommendations for protecting the files and lessening the likelihood of a successful attack. Steven H. Blackwell

No Access? Watch the preview video here. ProtectingFileMakerFiles_Pre.mp4 Attachment Size Secure FileMaker.pdf 1.07 MB By Matt Petrowsky There's nothing more heart wrenching than when you first realize that something horribly wrong has just happened. It's such a distinct feeling that we all know what I'm talking about. Just imagine being at the airport and you've got your laptop bag just beside you. After going through security, you feel like you're ready to have a relaxing flight. As you turn to grab your bag, you suddenly realize it's gone! Jumping up, you scan around and see absolutely no evidence of anything having happened. Nothing. I can't even type those words without having the feeling come over me. The same thing applies to a server administrator when they realize their server has been breached. Yet, it's our job to do our best to learn what we can about protecting our data. Well, this video has a lot of the critical information you need to know about protecting your FileMaker files. No matter where you are in the learning curve about building a FileMaker system, the information in this video is must know type of knowledge. Tags: Security View the full article

New Paradigms In FileMaker Platform Security October 19th 2015 Traditionally, the framework for Information Security management has focused on activities designed to preserve the Confidentiality, Integrity, and Availability (CIA) of digital assets, and, on occasion, of physical IT infrastructure assets. That focus must now shift; in fact, it is already shifting. By way of a brief review, CIA focuses on three elements: Confidentiality focuses on preventing unauthorized access to data and viewing of those data; Integrity focuses on assuring that data cannot be manipulated or altered by unauthorized processes; and, Availability focuses on assuring that data are present and ready for use, and not purposefully or inadvertently destroyed or otherwise made inaccessible. When a breach occurs, it creates an adverse impact on the People, Assets, Operations, and Reputation of the organization that suffered the breach. There are four levels of adverse impact: Limited, Serious, Severe, and Catastrophic. This traditional approach to Information Security concentrated a lot of attention on the physical infrastructure of networks, servers, files, firewalls, and similar items. The underlying theory here is that protecting the digital asset mandates blocking attackers from entering the network infrastructure. That is still a legitimate and valid concern and requirement. But it is no longer sufficient just to block access. We must now shift and expand our focus to other elements. FileMaker developers and FileMaker Server Administrators have two core security missions now. The first is to guard the data themselves at the data level; the second is to provide for Resilience of systems after they are attacked and likely are breached. So, in addition to the traditional–and still useful—CIA, we now have CIAR. Ponemon Institute, the renown security analytics company, offers an excellent definition of Resilience as an organization’s: “…capacity…to maintain…[its] core purpose and integrity in the face of cyberattacks.” Such an approach presumes that cyberattacks directed towards FileMaker hosted systems will occur, and that such attacks likely will succeed. In the face of these attacks, organizations deploying the FileMaker Platform must be able to continue to operate at something highly resembling normal levels. They must also, as a condition precedent to that requirement, be able to have restored their system and quickly to have detected and recognized an attack when it first occurs. An organization’s success in all these ventures will vary depending on the type and the severity of the breach and to an even greater extent on the level of its preparedness. —Causes of Breaches in FileMaker Platform Systems— There are four major causes of breaches in FileMaker Platform systems: 1. Vulnerabilities in the software. FileMaker, Inc. works on these and reports fixes from time to time. See http://thefmkb.com/13585 2. Misconfiguration of the software, especially FileMaker Server, but the other products as well. 3. Failure by developers to use the security tools provided in the products, especially Encryption at Rest (EAR), File Access Protection, finely-grained Privilege Sets, Encryption in Transit, and strong passwords. 4. Invention by developers of their own artificial (ersatz) “security” systems. These contrivances detract from actual security and weaken it. This includes such practices as “scripted security” processes, artificial authentication systems, storage of passwords in data elements, use of On-Open scripts to enforce privilege management, equating User Interface elements with actual security, and similar practices. —How To Promote Preservation of CIAR— How then do we promote Confidentiality, Integrity, Availability, and Resilience of FileMaker Platform systems? Here are seven core elements we can use to promote CIAR. 1. Realize that when a cyberattack occurs, it is the Strength of the Defender, not the Strength of the Attacker, that likely will determine the outcome. These attacks will occur; breaches will ensue as a result. How an organization survives a breach, particularly a serious or greater level breach, will determine how, and whether, it is able to continue in operation. 2. Focus on the data; they are the critical element. We must try to protect the data at the data level so as to deny the Attacker the fruits of the attack. This includes the hosted files and all backup copies. 3. Employ Encryption at Rest (EAR) with a strong Encryption Password. The “strength-ometer” in FileMaker Pro Advanced provides a clue as to the strength of the Encryption Password. If an Attacker exfiltrates digital assets from the network or the server, strong encryption goes a long way to preserving the Confidentiality of these data. 4. Properly use the tools that FileMaker, Inc. has introduced into the Platform, as previously noted. In addition to EAR, this includes File Access Protection and finely-grained Privilege Sets. The former inhibits and blocks unauthorized access from external files into the protected file. The latter, the finely-grained Privilege Sets, control behavior of everything from the User Interface, to scripts, to value lists, to file meta-data. Additionally it can inhibit, although not totally restrict, unauthorized access to a file from external API’s such as Apple Events, Active X, FMPURL, XML, and PHP. 5. Avoid ersatz contrivances. I have, over the past 15 or so years, seen literally hundreds and hundreds of these systems. All have introduced vulnerabilities not otherwise present. All provide rich attack vectors to compromise all or part of FileMaker Pro files. And they also impart a false sense of security and confidence that the files have adequate protection. 6. Thoroughly understand at a deep, hands-on level how the entire Family of Products actually works when it comes to security behaviors. Understand the vulnerabilities present in the Platform. Understand what additional vulnerabilities you introduce by failing to use the tools provided. Understand the vulnerabilities you also introduce by using artificial contrivances. Finally, follow Best Practices. These are there for a reason. Furthermore, they usually have become Best Practices because of some incident that led to the compromise of CIAR. 7. And finally, develop a Security Incident Response Plan. When the attack is underway, when the damage is already done, it is too late, and a particularly inopportune time, to try to craft a response. Think through these items in advance; try to develop specific scenarios for response. These will not be perfect nor totally predictable. As Admiral William F. Halsey remarked, “No battle plan survives its first encounter with the enemy fleet.” There are consequences flowing from failures to preserve CIAR of FileMaker Platform systems. There are regulatory strictures and penalties particularly in the health care, financial services, and education markets. There can be criminal and civil liabilities for data breaches resulting in losses and exposures. Certainly there is damage to organizational reputation and damage to customer or client relationships. And finally, there can be business stoppages caused by breaches and loses. Confidentiality, Integrity, Availability, and Resilience of FileMaker Platform assets are important. Developers and Administrators can meet these requirements through judicious use of the tools FileMaker, Inc. provides, through a thorough and hands-on understanding of how the products work, and, through avoidance of artificial, ersatz “security” contrivances. In the coming weeks and months and on into 2016, I will be exploring and reporting on these items related to CIAR. Steven H. Blackwell

I don't blog much - but I wanted to say i really enjoyed my second visit to dotFMP.com in Berlin a few weeks ago ( first week of June). It was a fantastic collection of brilliant talent! and very kindred souls, that I have had the pleasure of visiting. The start to the conference in Berlin was the oldest beer garden in east Berlin - and well when in Berlin Was a great way to start a conference. Here is an audio recording of a impromptu podcast I did with Egbert or @pixi the conference organizer. It was a fantastic program and encourage everyone to come next year June 2-4 in 2016 Point you browser to dotfmp.com or on twitter @dotfmp for the latest updates.

It's been quite a while since FileMaker introduced a new layout part, but with FileMaker 14 we have one. Known as the Navigation part, on the surface it may appear similar to it's cousin the header. However the more you delve into its properties the cooler it gets. In this article we explain the properties of the Navigation part and why it rocks! Click here to check out the full article…

The new Script Workspace allows you to add script steps simply by typing them directly into a script. It will attempt to auto-complete your entry and find matching script steps. With a little practice and habit you can easily learn the best shortcuts to use to save you the most time when it comes to finding the specific step you want to add. In this article we provide a demo file that gives you a number of variations of shortcuts you can use for every script step, as well as going into detail as to how the auto-complete works. Click here to read the full article…

The biggest feature overhaul in FileMaker 14 is that to the scripting area, now known as the script workspace. This is the biggest scripting change in years and with it comes a number of areas where you can gain in efficiency when writing scripts. In this article we document all of the areas of the script workspace and list as many features as we can find. Click here to read the full article at FileMaker Weetbicks

FileMaker 14 is here! To celebrate, FileMaker Weetbicks has written 14 articles all about FileMaker 14. Over the next few weeks we will be releasing these articles to the community. We cover all the cool new features (and some hacks!) and take things further as we usually like to do Stay tuned! Click here to read the full article…

How do you turn a File in a container into interactive content? If the contents was inserted using "Insert File" then in the past your only option has been to export and re-import it as an interactive stream such as image, pdf or audio/video. In this article we introduce an elegantly simple single step method to turn all of your old File based containers into beautiful interactive machines in an instant! Click here to check out the full article!

FileMaker 13 has been with us for a few weeks now and with it comes a new set of gotchas. I thought I would share a couple of things to watch out for when producing printed (pdf) reports (one of which was introduced in 12). In FileMaker 12 in the Layout Setup dialog we were... Source

Disclaimer: This article contains speculative and experimental techniques that are in the proof-of-concept stage. Use at your own risk and test thoroughly. Earlier this month I had the honor and the privilege to do a presentation on the topic of Radical Separation at the PauseOnError un-conference in Portland, Oregon, which included a demo file resembling this [...] <a href="http://www.filemakerhacks.com/?p=7380">Source</a>

Recently I received a dual-technique FileMaker 12 demo from Eden Morris. Here’s what he had to say about technique #1: In the Relationships Graph I show the use of colored labels to indicate where record creation, cascade deletes, and sorted relationships. Looking at the graph it easily shows that I can create customers from a [...] Source

FileMaker 12 and SuperContainer: A comparison Of all of the new features in the recently released FileMaker 12, one of the most significant is the inclusion of enhanced container fields with managed storage. These enhanced container fields offer users a simple solution to store container assets outside of the database file in order to avoid increasing the size of the database file itself. Solving this issue was the driving force behind the development of 360Works' SuperContainer, a server application that leverages FileMaker's Web Viewer to manage digital assets from your FileMaker interface. In this article we'll compare the unique features of both FileMaker Enhanced Container Fields and SuperContainer so that you can make an informed decision for your solution. FileMaker and SuperContainer BOTH offer Small files sizes- Both FM 12 and SuperContainer allow you to manage assets without increasing the size of your FileMaker file. This ensures that your file is still fast, clean, and portable. Thumbnail generation- Both FileMaker 12 and SuperContainer can generate network-efficient thumbnails. This means that for image files, the container fields will generate a thumbnail of the image, while interactive files, like .mp3 or .mov, have the option of immediate streaming playback. This can help to optimize database speed as the images and files are progressively streamed to users from the server, rather than waiting for the entire file to download. Note that when using SSL encryption, only SuperContainer supports streaming - FileMaker Server does not. Also note that for thumbnail generation of PDF files, SuperContainer must be deployed on a Mac OS X sever. Interactive content- Both FileMaker 12 and SuperContainer can store static and interactive media, allowing you to read through the pages of a PDF document, playback audio or video files, or view thumbnails of image files - all from within the container field. Easily move, copy, or upload existing files- Both FileMaker 12 and SuperContainer allow users to easily manage their assets, giving the ability to move files to new directories, copy files to new locations, and easily upload existing container field contents. User interface control- FileMaker 12 and SuperContainer both give you control over the look and feel of your layout objects, including displaying titles, metadata, playback functions, upload, download, or delete functions, and thumbnail size. Drag and drop- FileMaker 12 and SuperContainer both allow users to drag and drop files into fields FileMaker 12 Unique Features Encrypted File Storage- FileMaker's enhanced containers offer enhanced security settings for assets stored externally using the Secure Storage option. This encrypts files (AES-128) to be readable only by FileMaker Pro and distributes the files across numerous subdirectories within your base directory. SuperContainer only offers encryption during transfer, not in a stored state. Upload from FileMaker Go- While both FileMaker 12 and SuperContainer work well for read-only mode in FileMaker Go, only FileMaker 12 container fields support uploading from the camera or photo library in FileMaker Go. Single user support- FileMaker 12 runs well in single user mode. SuperContainer requires the application to be installed and running on a server computer. SuperContainer Unique Features Store files anywhere- SuperContainer allows you to easily set a base directory where your files will be stored. This can be located anywhere on the computer where SuperContainer is running, or even on a network storage volume. FileMaker Server 12 always stores files inside the FileMaker Server data directory (FileMaker Pro, not running in Server, allows you to set any base directory). Deploy on any computer- SuperContainer can be deployed either on the same computer as FileMaker Server, or on a separate dedicated storage server. With FileMaker 12, all files must be stored on the same computer as FileMaker Server. Web File Uploads- SuperContainer allows users to easily upload files from their web browser, either by clicking an 'upload' button or by dragging and dropping files into their web browser. FileMaker 12 container fields are read-only on the web. Encryption during transmission- SuperContainer offers SSL encryption when transferring files. FileMaker can optionally SSL encrypt while transferring files, but that requires all database content to also be SSL encrypted, and causes streaming support to be disabled. Browser access- SuperContainer supports access to content from the web, independent of FileMaker web publishing. Since SuperContainer paths are just URLs, users can easily view assets in a web browser, and it is easy to use them in any web site. SuperContainer URLs can also be emailed and transferred separately from FileMaker record data. PHP or Java compatibility- Only SuperContainer offers PHP and Java APIs for easy integration with non-FileMaker systems. Compatible with legacy systems- SuperContainer is compatible with FileMaker 8.5 - 11. Meanwhile, enhanced containers are only available in FileMaker 12, and advanced features like streaming audio and video files requires FileMaker Server 12. SuperContainer is available for purchase at 360works.com/supercontainer. The Workgroup License ($195) includes a single server deployment for up to 10 users, while the Enterprise License ($695) allows a single server deployment and unlimited users plus support for FileMaker Server scheduled scripts and web publishing. About 360Works Located in metro Atlanta, 360Works, a FileMaker Platinum Business Alliance member, has been providing FileMaker-based solutions for 15 years. The company is a leading developer of both shrink-wrapped and custom database design solutions for clients such as NASA, Pixar, US Marines, Make-A-Wish foundation and others. The company is credited for its forward-thinking solutions, dedication and unparalleled client service. The Staff, 360Works [email protected] (866) 662-9185

Gas, Liquid, or Solid: Drive On --By— Steven H. Blackwell January 3rd 2012 Happy New Year to FileMaker developers and users around the world. We have a lot of work to do in the FileMaker World in 2012, and I am eager to get started. A very key element and requirement for the reliable and safe deployment of FileMaker Pro files is, of course, FileMaker Server. And, of all the components of a FileMaker Server deployment, none is more important, I would assert, than the quality of the hard disk drive subsystem on the server machine. In 2011 we saw a lot of discussion about Solid State Drives (SSD’s) and their use with FileMaker Server. Almost all this discussion focused on the benefits of using these drives in lieu of the more traditional block I/O hard disk drives (HDD’s). Very little attention was paid to some important nuances that should inform any decision to use SSD’s. These drives are becoming more and more prevalent, and they can offer significant advantages. However, we need a fuller picture of them. I hope this BLOG post will engender some discussion in the community about SSD’s and their use in FileMaker Server machines. An important concept of any engineering process is to focus on stress points and potential failures. Civil engineers building a bridge do this; electrical engineers designing and constructing transformers and power grids do the same. And as developers and IT Administrators dealing with FileMaker Server hardware, we must also consider stress and failure points. In this BLOG posting, I want to highlight several considerations you should be aware of when contemplating the use of SSD’s. SSD’s are not new devices. Their origins are in the 1950’s era. The first modern type SSD appeared 35 years ago this year. Comparing SSD’s with the traditional HHD’s can be difficult. In the late Spring of 2011 the Storage Networking Industry Association (SNIA) released two sets of specifications that can be used to measure SSD performance. Traditionally HDD benchmarks have tended to focus on aspects of those drives that are weak, particularly rotational latency and seek time. Since SSD’s don’t spin or seek, by comparison they seem superior to HDD’s. But the equation isn’t that simple. SSD’s slow down after initial use once data have been written to them. The drive’s processor begins to move data around in the read-modify-erase-write cycle. The availability of free programmable blocks significantly impacts SSD write performance. Fewer blocks translate to diminished performance levels. Once the drive has data of any significant amounts, the NAND[1] flash memory at the drive’s core requires that old data be marked for deletion and then actually deleted in the “garbage collection” process. A further refinement of this behavior has been described:[2] SSDs have challenges with mixed reads and writes, and their performance may degrade over time. SSD testing must start from the (in use) full disk, as the new and empty (fresh out of the box) disk may have much better write performance than it would show after only weeks of use. [emphasis supplied] SSD reliability and longevity are also influenced considerably by a process known as Write Amplification. This process has been described[3] as: …an undesirable phenomenon associated with flash memory and solid-state drives (SSDs). Because flash memory must be erased before it can be rewritten, the process to perform these operations results in moving (or rewriting) user data and metadata more than once. This multiplying effect increases the number of writes required over the life of the SSD which shortens the time it can reliably operate. All of which raises another interesting item. NAND flash memory cannot be overwritten. This can cause problems for software encryption programs. The encryption program cannot effectively deal with the data marked for deletion. Hardware based encryption programs do not have this problem. SSD’s offer one instance of “…you get what you pay for…” at least in one respect. Entry grade and lower cost SSD’s have write speeds significantly lower than their read speeds. This is different than traditional HHD’s where read and write speeds are more nearly equal to one another; write is only marginally slower than read. Higher performing–and thus more expensive–SSD’s have a more balanced read and write speed comparison. FileMaker Server, even in a modestly busy environment, does a lot of read and write between disk and cache as it sends data, receives data, encrypts data, and resolves calculations between client workstations and the server. Thus FileMaker Pro developers and IT Administrators will want to consider the read-write characteristics of SSD’s very carefully when selecting server hardware. Developers and Administrators must also consider the Operating System running the server when selecting HHD or SSD type drives. Versions of Windows OS prior to Windows 7 are optimized for HHD’s, not SSD’s. Windows 7 is optimized for both SSD’s and HHD’s, and the OS operates differently if it detects the presence of a SSD, including disabling disk fragmentation. Windows Server 2008R2 supports SSD’s as well. Macintosh OS X 10.6.8 and 10.7 also support SSD’s. All of these very modern OS support the TRIM function as well, a feature needed to reduce garbage collection of data the OS has already determined to be no longer valid. This saves unnecessary wear and tear on the SSD. These documents were a principal resource for preparing this BLOG entry, and I recommend a further reading: http://en.wikipedia....lid-state_drive http://www.macworld....ssdtesting.html http://en.wikipedia....e_amplification Benchmarking Enterprise SSD’s http://www.stec-inc....rprise_SSDs.pdf Notes: [1] Not AND (NAND) electronic logic gate. http://wiki.answers....t_is_NAND_flash [2] Benchmarking Enterprise SSD’s http://www.stec-inc....rprise_SSDs.pdf and see also http://en.wikipedia....lid-state_drive at Page 1. [3] Write Amplification. http://en.wikipedia....e_amplification

Welcome to the first posting to my new FileMaker Security blog. From time to time, I’ll be discussing issues of significance and importance related to FileMaker Pro and FileMaker Server security. In all these discussions I will keep foremost the concept that security is supposed to be focused on the preservation of the Confidentiality, Integrity, and Availability (CIA) of digital assets, and sometime of physical ones. This first posting will focus on issues related to cloud computing security for FileMaker Pro. The cloud is all the rage these days. Yet despite that high level of interest, cloud computing, especially in the FileMaker world, is poorly understood and confused with other elements to which it has no real relationship. Gartner has estimated that some 60% of organizations are currently actively considering cloud computing. These organizations are eager to take advantage of the elasticity, scalability, and cost benefits that cloud computing offers. Despite these benefits and despite the interest in cloud computing that organizations express, there are some serious caveats and reservations about taking an organization’s information assets and putting them into the cloud. If a data owner wants to employ the cloud, it must make serious efforts to guarantee trust, security, and control in cloud environments. Otherwise, its digital assets are at serious risk for having their Confidentiality, Integrity, and Availability breached. At the 2010 RSA Security Conference in San Francisco, Phil Dunkleberger, President of PGP Computing, a leading information security industry company, offered the prescient and discerning observation that despite all the advantages the cloud might be able to offer, people are not flocking to the cloud and likely will not be doing so. Why? They don’t trust the cloud, he said. And there is good reason for their not trusting it. FileMaker Pro solution developers and IT personnel administering FileMaker servers hosting those solutions need to take special care to be aware of these items. First, and foremost, there is no real “cloud computing” to speak of in the FileMaker world. Merely having remote hosting of FileMaker Pro databases on virtual or physical servers offered by some service provider somewhere outside the organization’s work locations does not, by any means, constitute Software as a Service (SaaS), Hardware as a Service (HaaS), or Platform as a Service (PaaS). SaaS, HaaS, and PaaS are the core elements of cloud computing. Notwithstanding this however, there are any number of lessons and strictures drawn from cloud computing that can be applied to remote hosting of FileMaker databases. There are a variety of core questions for the owners of FileMaker Pro databases to ask about remote hosting, starting with “Why do you want to do this?” Usual answers include such elements as lack of organization expertise about FileMaker Server administration and configuration and desire to provide 24/7 monitoring of the servers. Good answers perhaps, but organizations may want to ask what other reasons they have for wanting remote hosting. And then they also will want to ask whether the risks associated both with the cloud and with remote hosting outweigh the benefits provided. So here are a few core questions owners and administrators of FileMaker Pro databases may want to ask. There has been a lot of information in recent months published in various White Papers and Podcasts and offered at the 2011 RSA Security Conference about these concerns. Interested readers may want to explore these resources further, inasmuch as this is by no means a comprehensive list. 1. How are data protected, isolated, and shared? Whether you have trade secrets or commercial processes, or confidential organizational information about finances, customers/clients, or your own personnel information stored in your database, how are you going to protect these data once they go to a remote location. Not only that, but how are you going to assure data availability and integrity as well? 2. How will you address the loss of perimeter based controls present in the local enterprise? Remote sites likely will bypass organization security policies and procedures your organization has in place. 3. How will you address the challenges of multiple users’ sharing of common resources? These multi-tenancy issues can be especially difficult. How do you assure that some other organization that is also using the same provider or the same server hardware as you are isn’t able to access or to view your data? In other words, how safe is a multi-tenancy arrangement? How are the risks of using it going to be managed? 4. Who has responsibility for compliance with regulatory and statutory items related to any customer/client/member data that are stored in the database? Generally, such responsibility remains with organization that owns the data. It cannot for the most part be transferred to the provider. Significantly, if there is a breach, who bears responsibility and liability? Whose insurance covers this liability, partially or (not likely) fully? 5. What are the applicable laws governing access to the data housed at the remote site? These likely will vary according to the jurisdiction where the data actually are housed. Those laws in different jurisdictions will not be the same necessarily as are the laws where the organization itself operates or where it is legally registered and/or incorporated. 6. As the owner of the data, do you know what the scope of the protection is for the data that the provider is obligated to provide? What conditions govern the use and disclosure of data? And presuming such provider safeguards are identified or promised (even contractually), how does the owner of the data monitor the provider’s safeguards? And if shortcomings are detected, what is the responsibility of the provider to undertake any remedial action identified through such an audit process? 7. Who bears the cost of dealing with any breaches currently estimated at $204 per record? 8. Finally, if the arrangement with the remote provider collapses (for any number of reasons), how does the owner of the data terminate its relationship with provider and recover all its data and all its backups, and leave no copies of the data behind at the remote hosting site? As a practical matter most providers will not have protections in place, and that increases the liability of the owners of the data. And so, despite the benefits of both cloud computing and remote hosting, data owners need to ask themselves whether a variety of risks associated both with the cloud and with remote hosting outweigh the benefits provided. They will want to ask how to guarantee and maintain trust, security, and control in these environments. I look forward to further discussion of these items in the FileMaker community. Steven H. Blackwell