Jump to content

Peter Wagemans

Members
  • Content Count

    67
  • Joined

  • Last visited

  • Days Won

    1

Peter Wagemans last won the day on August 9 2018

Peter Wagemans had the most liked content!

Community Reputation

2 Neutral

About Peter Wagemans

  • Rank
    just passing through

Profile Information

  • Title
    developer
  • Gender
    Male
  • Location
    Belgium

Contact Methods

  • Website URL
    http://www.lesterius.com/

FileMaker Experience

  • Skill Level
    Expert
  • FM Application
    17

Platform Environment

  • OS Platform
    X-Platform
  • OS Version
    High Mojave 11

FileMaker Partner

  • Membership
    FileMaker TechNet
    FileMaker Business Alliance
    FIleMaker Platinum Member

Recent Profile Visitors

The recent visitors block is disabled and is not being shown to other users.

  1. I have put this project aside. I think it works well enough for smaller setups. Those with more servers should maybe consider a commercial product. WB was written in Xojo, and requires an MBS plug-in license. For those who are serious about continuing work on this, let me and/or Claus know in a PM. I think I will transfer my code to Claus and let him decide on all this. I am a full time FileMaker developer and should not engage into too many side projects, I learned from this in the past. A centralised service where all FileMaker Servers push information to, is one way to do things, but a model where JSON can be used to pull information and send commands using that same API, is a zero deployment one, and seems to have become the better way to do things. This was not yet available when we started the project. Of course not all features of WB are supported already by the Admin API, but this is a good reason for asking FileMaker about it. FileMaker is going for subscription based hosting, maybe the server will evolve more quickly when they get first hand experience with the problems encountered when hosting a lot of servers.
  2. This really triggered my curiosity and I fired up my old win7 VM where I still have a 5 version. Even there, I could not find any graphical interface (using the tab bar on top of the window) that would give me a way to set tab stops for text fields (vs text boxes). So... I clearly misremembered that this was an option before. This is from the html file the OP refers to (this is from the 12 help): Well... that settles it 🙂
  3. Thanks for the tip. My point is, that it used to be possible to put a field on the layout, and, still in layout mode, assign tab stops to that field, not using the info panel, but using the tab ruler above. As the OP indicates: Indeed, this thread started about a field, not a text box with merge fields. I understand the issue can get a bit confusing ... 🙂 You indicate that i am getting off topic, but I was just comparing the workarounds.
  4. Exactly my point. Merge fields are a pain to use with tab stops, because their name is most of the time way to long, and this interferes with a wysiwyg experience. I last experienced even that the little trick to make the text font really small between the brackets, is not working anymore.
  5. Thanks for this question Xochi. Even if this topic is 4 years old. I am missing that possibility as well, and before reading thi posts, I thought I was misremembering how things used to work. . In the end I abandonded using tab stops and used fields, because this is very hard to make and maintain if you do not see what you are doing. Since I am currently working on a list layout, this multiplies the number of objects on the layout by 7. Which is not a good thing.
  6. But FileMaker can always solve bugs from the distant past, I don’t mind...☺️
  7. Ok, got it. My notification email kept linking back to this thread, that was split in the mean time, and there was nothing to see...:-)
  8. Uh. It seems to be part ( a few posts at the end ) of this thread are gone. Did something go wrong with the forum server? @Ocean West? Not really a big problem, just mentioning.
  9. Thanks for offering an alternative. I am sure you are trying to be helpful. But this thread is about trying to solve a big shortcoming in using QuickFind, and not about alternatives. FileMaker should work on removing the product bugs, and I wouldn't mind getting no new features for a few releases, just bug fixes. FIleMaker should work on things that should work, but aren't, or only "half". And watch for inconsistencies, and make them consistent. We are always trying to get around them, and this gives birth to alternative ways of doing things, while they should have worked correctly to begin with. Of course this would be a problem for marketing, and this is not the way the world turns today. The next version of FIleMaker will have a ton of new features with oooos and aaaaas and a lot of unsolved bugs.
  10. The hack could be done with a server side plug-in. I don't want to put words in your mouth, but you seems to be pointing out that when someone malicious has access to such plug-ins running on a server it's "game over". Which is exactly my point. Let's agree to disagree on the priority. If you don't need the option, it's logical that it has no priority for you. Now you have. Must we conclude now that if servers are comprised, securety is not good enough? How frequent do you have in mind? I know an effort has been done since 2010 to increase security. So this is not completely fair of me, I admit. But do we have to have a few sucessfully compromised servers before the obvious security holes are plugged? Your last sentence is very correct. If the hacking community would have an interest, we would be screwed already.
  11. There is something I would like to add to your remark. A standard installation of FileMaker Server on Windows sets the service to be executed by the system account, which is the default for every service on Windows. When you set the user to another account though, the FileMaker installer refuses to install if that user does not have administrative privileges. You need that alternative account, if you want to have network access, since the system account does not have network access, and you cannot grant this either. So I presume you are currently running the service under an alternative user account, in order to access your NAS. I wonder WHY FIleMaker enforces the service to run under a administrative account. It does not do that on macOS. So... I had to explain this first, before reacting to you last paragraph. It is indeed possible to restrict the FMS user, and things seems to run fine, after you remove the fmserver account from the admin group. But I'm not sure this will cause misbehaviour somewhere later down the line. On Windows. Because the installer does not like it. I would like to pursue this further and ask the question to FileMaker Inc. If this would run without problems, this would be already a great first step in the sandboxing process, and the fmserver account used during server side OS calls would not be able to attack the rest of the OS in such a direct way, while still being able to access networked drives. It would still be able though to read and even write every file in the FileMaker Server folder. We recently had a 45 minute "hacking" session during .fmp in Berlin, where we quickly found out which file to modify in order to get full admin console access. This is very ugly. IT could restrict access to some files to read-only, though, but that would require a lot of knowledge about the inner workings of FileMaker Server, and I do not think they would be able to plug every security hole. Yes. But that is also the purpose of sandboxing. But not always. And I think virtualising does not add any benefit, except for what e.g. ESX offers to isolate the VM into a DMZ, and have snapshots in case things go south. It's also a matter of responsabilities. I do not want to have full access to a FileMaker Server, even when the IT people who are managing that server are ... my collegues. They do not have the full access password to the development, and I do not have full access to the FileMaker Server. And this is the way it should be. It would be a great setup for a (limited access) development server, but not for a production one. But then again, you can run a VM dev server on your own machine as well. I think it also depends on who your customer, and what the entire setup is. As I mentioned before, it should be an option, and whoever is responsible should be able to choose to do things the hard - and secure way, or not. If you are the big boss over everything, including development and IT, that is a big difference with a corporate setup. Coming back to my original question: I would really like to monitor those extra logs. Indeed, the only way to do so, is to make use of the unsecure setup FileMaker Server has to today, and use a server side plug-in to manipulate those logs so I can start monitoring them. I presume FileMaker is well aware of these issues, so I think it's not worth it to invest time into some monitoring tool, that would probably cease to work when they close things up. I hope that log monitoring makes it way back again into the admin console.
  12. True, there would be a whole bunch of nice things you cannot do anymore (the way you do them). But there would also a number of very awful things an attacker wouldn't be able to do either. You could do what you mention in another way. I is possible to share the Documents folder, even over a firewall. You can also install other software on the server that synchronises files to the sandboxed folder. If you have full access to the FileMaker Server machine, there are other ways to do things. Maybe not always, but it might surprise you how many things can be done. On the other hand, consider this situation: A developer is working on a solution, which is hosted on a FileMaker Server. This is a contractor, and is not supposed to have access to the operating system in any way, this should only be possible by the IT people of the company. The current situation allows the developer to use the server side plug-ins ( that he requires for the development ) to gain access to parts of the OS that should be restricted to him. This is no imaginary situation. I have multiple setups like that - and I am the contractor...:-) At least, lowering security to allow for the current situation should be an option, off by default. If you really know what the consequences are, it is then your call of judgement to allow that.
  13. Thanks for the reply Honza. Pity you are not really offering a tested solution, but you did manage to squeeze in two links to your site. So this at least this works for you 😊 that makes one of us. It is kinda creepy to hear that the only way this is going to work, is not supposed to work. Server side scripts should be sandboxed and they clearly are not.
  14. Because I write a lot of server side scripts and often using custom WPE urls, one of the most annoying things in FileMaker Server 17 is that it is now impossible to monitor the logs from the admin console. I always have to download them. I found an alternative way to monitor them, by using FTP. With some nifty perl scripts, I can now even tail the Event.log and Access.log. It's a whole other story for the other logs, like the wpe.log, the Stats.log... It is just impossible to download those over FTP. Earlier I already noticed they don't play nice with FSEvents on the Mac either. Has anyone here created a good solution to monitor those files, given that: I have only access to the FileMaker Server using FTP (Implicit SSL) and the admin console, no SSH, RDP or other management tools. I do have the possibility to install plug-ins on the server. Maybe some of you created some server side script that is able to monitor those files. Or you have some other solution.
  15. I am really getting fed up with the SSL connection. Xojo’s MySQL community plug-in is not supporting it very well, and is not maintained as I would like. Itis also inconstent in it’s behaviour in cross platform development. I would like to leave it as it is now, and hope that Xojo will support it better in future release of their IDE. For now I will put a comment on tab that things are “experimental”. Encrypting the data ourselves seems to be a good idea instead. The interface to configure that woul be simple: provide a password to encrypt, and one to decrypt. Switch these on the FileMaker side. Maybe some options to encrypt only fmsadmin traffic, and not the logs, so less critical things can remain readable.
×
×
  • Create New...

Important Information

By using this site, you agree to our Terms of Use.