Jump to content

Steven H. Blackwell

Moderators
  • Content count

    5,007
  • Joined

  • Last visited

  • Days Won

    36

Steven H. Blackwell last won the day on December 24 2017

Steven H. Blackwell had the most liked content!

Community Reputation

104 Excellent

2 Followers

About Steven H. Blackwell

  • Rank
    Humble Servant
  • Birthday January 1

Profile Information

  • Gender
    Not Telling

FileMaker Experience

  • Skill Level
    Expert
  • FM Application
    16 Advanced

Platform Environment

  • OS Platform
    Windows
  • OS Version
    Windows 7 Pro

FileMaker Partner

  • Membership
    FIleMaker Platinum Member

Recent Profile Visitors

The recent visitors block is disabled and is not being shown to other users.

  1. Steven H. Blackwell

    What Is Account Lockout?

    The new version of the FileMaker Platform contains a new feature called Account Lockout. This feature’s purpose is to help thwart brute force attacks against hosted files. Such attacks try a large number of passwords against an Account in an attempt to gain access to the file. Here are a few key points about this new feature: v It works for files hosted on FileMaker® Server 17 only. It does not work for files hosted on earlier versions of FileMaker Server or for stand-alone files. v It works against internal FileMaker Accounts only. Externally authenticated Accounts, including those using oAuth, have their own rules regarding failed attempts. v Any version of FileMaker Pro that can access the files on the Server can trigger this feature. It does not have to be a FileMaker® Pro 17 Advanced client. For a detailed description of this new feature, complete with illustrations, you can download the attached PDF. Steven H. Blackwell Platinum Member Emeritus, FileMaker Business Alliance WhatIsAccountLockout_v1R.pdf.zip
  2. Version 1.0.0

    121 downloads

    Extensive discussion of new methods for administering FileMaker Server. Jointly authored with Wim Decorte.

    Free

  3. View File FileMaker® Server 17: Admin Console, Admin CLI, And Admin API Extensive discussion of new methods for administering FileMaker Server. Joint authored with Wim Decorte. Submitter Steven H. Blackwell Submitted 05/15/2018 Category White Papers  
  4. View File FileMaker® Server 17: Server Monitoring Functionality Discussion of new processes for monitoring FileMaker Server. Jointly authored with Wim Decorte. Submitter Steven H. Blackwell Submitted 05/15/2018 Category White Papers  
  5. Version 1.0.0

    72 downloads

    Discussion of new processes for monitoring FileMaker Server. Jointly authored with Wim Decorte.

    Free

  6. View File FileMaker® Server 17 And SSL Certificates: Configuration And Use Information about new SSL processes and options. Jointly authored with Wim Decorte. Submitter Steven H. Blackwell Submitted 05/15/2018 Category White Papers  
  7. Version 1.0.0

    139 downloads

    Information about new SSL processes and options. Jointly authored with Wim Decorte.

    Free

  8. The Women of FileMaker organization is sponsoring a Pause On Error FileMaker Conference May 7th-8th in New Orleans. More information at the website: https://www.pauseonerror.com/ Steven H. Blackwell
  9. Steven H. Blackwell

    Network Sharing won't share.

    OK, there is some confusion here about how all this works. First, I would recommend that you use FileMaker Server to host your file, rather than try to access it peer-to-peer as you are trying to do here. The error message you are receiving is the result of processes designed to protect your file. if you want to employ peer-to-peer, open the FileMaker file on the machine where it physically resides. Then, from elsewhere on the network, launch FileMaker Pro and go to the hosts dialog. Your file should be visible there. Clicking on the link will launch the file on the guest machine. Port 5003 likely needs to be open on all machines. Steven H. Blackwell Platinum Member Emeritus, FileMaker Business Alliance
  10. Steven H. Blackwell

    Hacking concerns of startup scripts?

    "Are you saying that OnOpenTriggers can be bypassed by someone whose privilege set is authorized to only execute scripts, who has no authorization to edit layouts, edit value lists, or edit (or view) scripts?" Yes, that is correct. It may vary, as you suggested, from situation to situation. This is one of the reasons we advise people not to employ such scripts for "security" purposes. As previously noted, as we have gone from version to successive version over the past 13 3/4 years, FIleMaker, Inc. has worked to close a number of the potential attack vectors, including external file manipulation and use of external API's. Remember also, please, that the script itself has nothing to do really with gaining access to the file. If someone obtains credentials for an Account, that person can access the file. In most instances accessing the file with trigger the OnOpen script. But we cannot 100% guarantee that in every instance that this will occur. In fact, we can state the opposite; in some instances it can be possible to by-pass the firing of the script. And circumstances will vary version by version. I realize this is not the answer you wanted to hear. However, it is the best information I can provide you about this topic. Steven H. Blackwell
  11. Steven H. Blackwell

    Hacking concerns of startup scripts?

    In my view, we need to restate the question here as well as to examine the underlying premise: • The OnOpen script presumably exists for some purpose related to the design of the database system, to the business processes it manages, or to both. • The larger question is what would happen to either if the file were opened and the OnOpen script did not run. An Attacker can bypass an OnOpen script in any of several ways. Other design considerations in the file will influence the selection of some of these. Peer to peer hosting, even with EAR, is not optimal, but it will work. EAR has little impact in this situation; however, it is good to have it. So the base question is whether you have protected the file against unauthorized manipulation in such a way that it could be opened without triggering the OnOpen script. Developers typically invoke such protection by use of fine-grained privileges in specific Privilege Sets particularly as they relate to scripts, by extremely judicious use of layout-based script triggers, and by employment of File Access Protection. As we have moved to later and later versions of the products, FileMaker, Inc. has provided additional controls to prevent External API's such as Active X and AppleEvents from serving as conduits for manipulation of files that could result in their opening without triggering an OnOpen script. You can read more about that here: https://fmforums.com/blogs/entry/1738-behavior-change-api-privileges-in-version-16/ as well as following the references in that BLOG post to earlier ones here on FM Forums. Respectfully, Steven H. Blackwell Partner Member Emeritus, FileMaker Business Alliance
  12. Steven H. Blackwell

    Files are not opening from another server

    A file hosted by one FileMaker Server can read a file hosted on a second FileMaker Server provided that External File References in the first file are properly defined, that correct ports are open on the second server, and that permissions allow the connection. Not sure what the issue here is, but check those items first. Steven H. Blackwell Platinum Member Emeritus, FIleMaker Business Alliance
  13. Steven H. Blackwell

    Control what scripts can be invoked using fmp protocol

    Starting in FileMaker® Pro 16, users cannot call scripts using FMPURL unless and until their Privilege Set is explicitly set to allow them to do so. Look in the Extended Privileges section. Steven H. Blackwell
  14. Just to be sure here: You are entering the Account Name and Password here for the Admin Console, not for teh databse itself. Correct? Steven H. Blackwell
  15. Steven H. Blackwell

    DevCon 2018

    Outstanding venue. Plus it's close to the DFW Airport, and not waaaaaayyyyyy off in downtown Dallas area. Steven H. Blackwell Platinum Member Emeritus, FileMaker Business Alliance
×

Important Information

By using this site, you agree to our Terms of Use.