Jump to content

OlgerDiekstra

Members
  • Content Count

    299
  • Joined

  • Last visited

  • Days Won

    10

OlgerDiekstra last won the day on October 5

OlgerDiekstra had the most liked content!

Community Reputation

18 Good

About OlgerDiekstra

  • Rank
    member

Profile Information

  • Title
    FileMaker Developer
  • Gender
    Male
  • Location
    Gold Coast, Australia

Contact Methods

  • Website URL
    www.kaizentu.com.au

FileMaker Experience

  • Skill Level
    Intermediate
  • FM Application
    16 Advanced

Platform Environment

  • OS Platform
    Windows
  • OS Version
    7

FileMaker Partner

  • Certification
    15

Recent Profile Visitors

7,808 profile views
  1. OlgerDiekstra

    Filemaker interacting with Photo Software

    What is getting slow? FileMaker? Picasa? Editing? NAS? There are plenty of apps out there (ie Photoshop, The Gimp, Affinity Photo, ...) that can do all the editing you want. But without knowing what sort of editing is done (light edit I would assume considering Picasa was good enough), it's hard to make a recommendation. How would the editing software need to interact with FileMaker? Or are they just taking photos, cropping them and uploading some into FileMaker? That could easily be done using iPads, FileMaker can do that natively and store images in containers straight from the camera. For just cropping and other light edits, Irfanview, XNView, Paint.net might be suitable.
  2. Always work off a backup. So make a copy of the inventory DB and use that to import your other files. You can open both files and copy tables from one to another. If you have multiple tables in some databases, then your relationships won't come across I don't believe. Also pay attention to how you import from one to another. Generally custom functions first, then tables, and finally layouts and scripts. Scripts can reference layouts, and layouts can use scripts, but checking scripts is easier than checking layouts for missing script references. Then restore any relationships, and import data.
  3. There's a script command to close FileMaker, which will close all files: "exit application". You can run that as part of a "OnLastWindowClose" script. I think you'll find having just one DB work much better if you start to develop something for FM Go. It's much easier to extract stuff form one DB than it is from 11. You'll be creating an entire new database for Go if you want to take some info offline. Generally, layouts for desktops will not work on mobile devices. Developing for touch devices is very different than for a desktop.
  4. I'm hoping this will be of help to someone. In my environment I use CWP to receive SMS status updates from our SMS gateway, allow customers to opt out of SMS marketing messages, and receive Balance requests from customer via SMS. I use two small PHP scripts, one for handling the SMS status messages and one for receiving customer requests (Opt-out or Balance). The problem I've encountered (and not fixed yet) is that sometimes the link between CWP and the FileMaker DB goes south. The php scripts can detect this, but the submitting party (all these requests come from our SMS gateway) can't alert me that there is a problem. So, in order to detect whether the entire path from php/CWP to the DB works correctly, I created a little php script that tells me whether things are working or not. <?php require_once ('FileMaker.php'); $fm = new FileMaker(); $fm->setProperty('database', 'Your Database'); $fm->setProperty('hostspec', 'http://localhost'); $fm->setProperty('username', 'user'); $fm->setProperty('password', 'password'); $script = $fm->newPerformScriptCommand('Valid Layout', 'Valid Script'); $result = $script->execute(); if (FileMaker::isError($result)) { http_response_code(404); echo "ERROR"; } else { http_response_code(200); echo "OK"; } //print("<pre>".print_r($result,true)."</pre>"); ?> The above script (provided you have set the correct database name, user and password, as well as specified a valid layout and script to call, and the specified user has access to both layout and script) will return 'OK' or 'ERROR' in the browser and set the http status code to either 200 (success) or 404 (cannot find). This means that the entire path (php/CWP FileMaker/DB/script) is tested and works if 200 is returned. This script can be expanded (ie in my case I want to test status messages can be delivered, opt-out and balance sms's can be received) to only return OK 200 if all tests succeed. This can then be used with a tool such as http://statuscake.com to monitor the result of the script and alert via SMS or email when the result is 404. StatusCake has both free and paid subscriptions and monitors from several datacenters around the world. The free subscription has limitations, but the above setup works just fine.
  5. It's struck me previously odd that your book database consists out of 11 files. Can't they all go into one database? It would (probably) make things a lot easier. Or is this a database that has been migrated from a (pre) FM7 multifile to FM13 and then to FM17? I started briefly with FM12, then worked with FM13 for the first few years. The scripting environment has evolved over the last versions, but not significantly changed. The Script Editor UI has changed a bit, since v13, with the biggest difference probably that the script steps have moved to the right, and the left now has a list of scripts, but that change is (imho) for the better and streamlines development. But the scripting hasn't changed significantly. So this remark has me puzzled.
  6. FMv17 changed the 'Perform Script' command slightly and allows you to specify the name of the script via a calculation (which can also be a variable). In the 'Perform Script' command you can also specify another database file in which the script can be found. That should work in your case. Note that you will need to create a data source to this database for it to work. You'll need to create a static script (ie 'RunScript') in the inventory DB that is always invoked and pass the script to run as a parameter. Then in 'RunScript' you take that parameter and pass it to a 'Perform Script command by naming the script name (not from a list).
  7. OlgerDiekstra

    Downloading / monitoring logs

    If someone is capable of uploading a plugin, then yes, it could be 'game over'. But how would someone upload a plugin? For clarities sake, when I talk about hacking, I assume this hacker has no normal access to systems, and tries to gain access through vulnerabilities or (common) misconfigurations. For someone to install a plugin, they would either need remote access to the server through RDP or similar (IT responsibility to restrict that), drop it in the correct folder through a share on the C: drive (again IT responsibility to ensure the C: drive doesn't get shared more than it should (I wouldn't even enable the admin share, but that breaks some stuff), or through the admin console. In all cases strong passwords and (network) security will mitigate those options. Monitoring network will enhance visibility of what goes on. The only other option would be physical access, which can easily be prevented with a locked room. Granted, a lot of this is moot when the offender is a (disgruntled) employee with admin access. But even that can be mitigated. Good security (especially nowadays) is mandatory anyway. My network is guarded by Meraki kit (router, switches, and AP's). They all talk to one another. They have a great dashboard that gives me plenty of power to ensure my network stays save. Meraki security devices have Snort capabilities that investigate traffic back and forth in realtime, it scans for virusses/malware in traffic that passes through its ports. In addition, I have Observable Networks installed, that silently monitors my network and has now built a very accurate baseline of network traffic. I've had a few alerts of someone poking at my network. The thing with Observable Networks is that it alerts you almost immediately and empowers you to take action before they even get a chance to get a foot in the door. Noone in my network is an administrator on their machine. I won't allow it. AV is up to date. Backups are made nightly of every important file, multiple times, 'offline' as well (offline being in the cloud). All fully automated. Regularly checked of course. That mitigates the chances of something happening on my network. And if something does happen, at least I've got a decent chance of recovering unscathed. It's not that I don't need the option, it's that I don't really see the need for it. And maybe FileMaker is of the same opinion where there are so many ways to protect your systems, that sandboxing doesn't really solve anything. But I am not opposed to the idea. Ow, that's not a real hack. Someone stuffed up maybe, but reading through the thread someone just panicked, called it a hack and then started looking at what happened. Maybe it was a hack, who knows, the OP never returned to finish the thread. Looking at MS, Apple, name any vendor, I'd say yes, that's how things generally go. And not just tech companies. Takata has been in the news of late, making dodgy airbags. Apparently, profit was worth a few lives. If companies can get away with it, some will certainly try. That doesn't mean I approve of it, far from it, but unfortunately that is the world we live in. I think FileMaker can be regarded as a good company/citizen, although I have no proof to show for that. But even then, they have to look at desired features and determine which will have the biggest impact, not just for their profit margins, but also for their developers and customers. By all means, suggest it as a feature. Who knows, they may not have considered it.
  8. OlgerDiekstra

    Downloading / monitoring logs

    Local System account most definitely has network access. My FMS runs with the local system account. Whenever I need access to the NAS though, I check whether drives are mapped or whether the local system account is logged on to the NAS. I use BE to check if I have access to the NAS. Then I use BE to log on to the NAS if I have to, invoking the 'Net Use' command. Once logged in, that session remains active until the server is rebooted. I have the option to either map a drive (via BE or using a batchfile that's invoked via BE, I also run maintenance scripts on the NAS triggered by FM, so that I can pass parameters back and forth), or just use a UNC. MacOS and Windows are very different beasts. OSX was originally based on BSD and still carries a lot of similarities to Linux/Unix platforms. Windows bears no resembles to any of those. Security in nix based platforms was part of the original design, Windows security is much more an after thought than by design, the first implementations of UAC we're horrible, and even now it's still not as good as on nix platforms. The UAC concept is good, but the implementation on Linux based platforms (I don't use unix platforms so can't comment much on current OS's) is still way better. Virtualization of systems is not just useful in DMZ scenarios. With todays hardware and virtualization technologies, it's trivial to run a pair of virtual hosts (VMWare, or other technologies, I use ESX and VirtualBox extensively), run a pair of DC's on both, then have your FMS running on either and other virtual systems as needed on just two physical servers. If one dies, non-essential systems can be paused, and all critical systems fail over to the remaining host. Users need know nothing. That gives IT the time to repair or replace the failing host. Hardware upgrades are much easier as there's no downtime required. Just add another host, migrate VMs across and done. Resource utilization is much better on virtualised systems, you need less cooling, power, space. There's a lot of benefits to virtualizing internal systems. And you can easily isolate a server and limit access to other systems. Just because the FMS is running as a local system account, doesn't mean it has unlimited access to other systems. Far from it. I don't see how that's significant. If you have physical access to a system its usually game over anyway. Can you see the EAR password once you have full admin access? If the database is not encrypted at rest, you don't need full admin access, just copy the database. If it does use EAR, and you can't get the password through the admin console, what's the point? The DB is still encrypted. Even if the DB doesn't use EAR, you would still need passwords to get to the data. Granted, without EAR you might be able to discover those passwords in the DB, if you know where to look, though I don't think FileMaker makes it easy for you. Just because you can compromise a system means nothing if you can't do something with it. As a developer you need to ensure the server is setup in such a way to ensure its secure and as tamper proof as can be. That goes for the server setup as well as the database. IT needs to ensure that the developer can do everything he/she needs to on the FM server. They can restrict (using all sorts of tools) what you can and can't do, even as an admin. You don't necessarily need to log on to the FMS as admin to access the console, you can use a restricted user or access the console remotely. IT can use tools such as Cisco Observable Networks to keep an eye on what's happening on the network, the right network kit (ie Cisco Meraki) will also make their lives a lot easier, and with the right AV protection on desktops and servers and system management tools (ie SCCM or Meraki System Manager), they can keep on top of things very well. I am both a developer and IT Manager. While sandboxing would certainly be good to have as an option, I don't think it's a high priority. This might change if FM servers are compromised more frequently, but I haven't heard of any instance where that was the case. And if servers aren't compromised then security is good enough. Or maybe there's just not a high interest in the hacking community to compromise FileMaker systems.
  9. OlgerDiekstra

    Downloading / monitoring logs

    On a cloud based system (ie AWS) I'd agree. There's usually very little point to having OS access, as there's not much to do anyway (ie, connecting to internal systems would only be possible via a VPN or such and incur a lot of latency which makes access to local system from the local client more beneficial). However, on a local server, access to the OS has many benefits, and sandboxing would definitely get in the way more than not. One way local IT can protect themselves is by virtualizing the FM server and only using a dedicated FM server that the dev can tinker on. IT also has the option of restricting the FMS user to what they can do and access. The FM user doesn't have to be an admin user, so it's up to IT to set things up to their liking.
  10. OlgerDiekstra

    Downloading / monitoring logs

    If server side scripts were sandboxed, that would severely limit what you could do. Plugins like BE for instance can access network drives from the server (which I use extensively) and that wouldn't work any more. In fact, I would have to resort to less secure methods. For instance, I allow users to upload pdf documents to the server which are then stored on a NAS. Only the server needs access to those documents. If scripts were sandboxed, I have a challenge with remote users that are not on the same network as they would need to access the NAS remotely in order to drop files there. And that's just one example. There's no doubt a whole range of functionality that will stop working if scripts (on the server) were sandboxed.
  11. OlgerDiekstra

    Random Question

    Ah, you may not, but MacFileman, or rather 'They', as in MacFileman's client, may well believe that it is, and they may be right. But even if they're not, they will still have to travel the path until they come to the conclusion that it is not. We don't know a lot of things, and more often than not, we never will know everything. But that's how life works. But you are right that we need to provoke and stimulate the thinking process.
  12. OlgerDiekstra

    Random Question

    MacFileman's comments: The database is over the course of 20 or so town in a county in NJ. Doing so would a remove an entire town from the list. So we wanted to randomize the removal. So to prevent a town with, say, only 2 addresses listed not being included in the random list, the approach of creating a random list of addresses per town would ensure every town has at least a few addresses included. So throughout the thread, another requirement became apparent. Every town must be included. Huh, so you did. 😄
  13. OlgerDiekstra

    Random Question

    Then the safest way to get a random 40.000 is to do it per town. Otherwise you run the risk of excluding towns of which you only have a few addresses. Create totals of addresses in each town, then turn those totals into a percentage of the total addresses, and next calculate how many addresses each town should get based on that percentage out of 40.000. Then you create a random list for each town which should ensure you have addresses from every town. This topic https://community.filemaker.com/thread/79123 discusses how to randomly remove records from a found set until you have the amount you need. Caution, this may not be very quick.
  14. OlgerDiekstra

    Plugins on AWS/FmCloud for FmGo.

    Run Get(InstalledFMPlugins) on the server using a PSOS script and exit the script with the results so that you can check it on the desktop/ipad. You can also run BE_Version in a PSOS script and pipe the result back to the calling script to check BE is installed, working and the correct version.
  15. OlgerDiekstra

    Import Excel Hyperlink to Filemaker

    This article might help: https://howtouseexcel.net/how-to-extract-a-url-from-a-hyperlink-on-excel
×

Important Information

By using this site, you agree to our Terms of Use.