Jump to content


  • Posts

  • Joined

  • Last visited

Profile Information

  • Slogan
    10+yrs user
  • Title
  • Industry
  • Gender
  • Location
    SE USA
  • Interests
    FMPA 9 - 16
    FMGO 14-16
    FMS 9 - 16

    Linux, Windows, Mac integrations.

FileMaker Experience

  • Skill Level
  • FM Application
    16 Advanced

Platform Environment

  • OS Platform
  • OS Version

FileMaker Partner

  • Certification
    Not Certified

Recent Profile Visitors

The recent visitors block is disabled and is not being shown to other users.

wedgeman's Achievements


Enthusiast (6/14)

  • First Post
  • Collaborator
  • Conversation Starter
  • Week One Done
  • One Month Later

Recent Badges



  1. We've actually purchased dozens previously. Items shipped in retail package fall under the First Use laws, and as such are able to be resold legally. Filemaker has provided us guidelines on second-hand purchase of such packages, which we follow. The situation for us is that most of the non-profits can't afford new systems, and are running very old hardware (circa 2006-2008), so they're running OSX 10.6-10.8, which puts us in needing FMP12-14....
  2. We are working with a medical non-profit working in Latin America, running on much older hardware. Seeking older individual or group/site license seats of FMP & FMS 13, 14, or 15. We need a bunch. We could buy site license seats, or simple 1-off licenses.
  3. Perfect.. Is there a mechanism whereby people (hackers) would be able to arbitrarily read scripts being implemented, and bypass them during the process, thereby circumventing particular auto-loading scripts? If so, how are you able to prevent this or mitigate it? In my particular situation, the need is to make sure that a series of scripts are performed to ensure the licensing model completes. Based on your recommendation, the file is set to open to a particular layout which has no data, no buttons, scripts, or portals (ie., a dead/static page). THAT page has an OnLoad trigger which in turn handles licensing, serial checks, etc (everything the script was doing on the OnFirstWindowOpen), but if the script is bypassed, it now goes to the blank/dead page with no opportunities to go anywhere.
  4. This brings up an interesting dilemma.. This particular solution has a licensing model which runs on a script (check certain things, if/then, etc).. it functions based upon privilege set (ie., if Get(privilegesetname>xyz) go layout XYZ, else go to Layout FGH).. Additionally (and more importantly), there is a non layout-accessible table which covers licensing, applies certificates, etc - which determines whether or not this particular serial# is validated for an active license. Lower level users aren't allowed to see those particular layouts (restricted by privilegeset name), but the greater question in my mind is HOW to implement this licensing structure? If OnFirstWindowOpen can be bypassed or circumvented, how does the collective typically handle such things? We have to manage licensing somehow, and had assumed that a script in the openning process would suffice for this. Is there another point in time where a forced script would be less vulnerable?
  5. @Steven H. Blackwell many thanks for the thoughts. However, this leaves me questioning the validity of using OnOpenTrigger scripts at all. Are you saying that OnOpenTriggers can be bypassed by someone whose privilege set is authorized to only execute scripts, who has no authorization to edit layouts, edit value lists, or edit (or view) scripts? I know there are a million caveats, numerous weak points, and a thousand ways a db can be left vulnerable.. IF properly implemented, can a db be set up such that OnOpenTrigger script is not vulnerable to being bypassed/hacked? If so, how? Obviously this is an open-ended question, but assuring security is always open-ended, it seems..
  6. Many thanks. just wanted to make sure there's not a loophole in there to be used. I can't understand why people would NOT use the built-in accounts/privilege sets, etc. I wouldn't conceive of developing a database without them...
  7. We are working on a process for passing certain info nuggets out of a solution (FMP 13) in an encrypted method. For various reasons a version upgrade isn't feasible. So the plan is to encrypt the nuggets, then pass them into a format for transport. Currently, we're using Applescript to pass the particular fields into an AES-256-CBC encryption process in a calculated Applescript step, as follows : The problems which concern me here: 1. The password is "traveling" into Terminal in plaintext. Is there a way this can be viewed during the process (a 'ps' or some other method)?? 2. Is there a better method to accomplish this without running as an echo? I've tried various flavors of this process (successful encryption & transport, etc), but am most concerned about the potential vulnerability from within OSX.. I've run various flavors, then attempted to grep for any of the password strings in log files and Library/Application Support/ folders, but haven't found anything... Is this an unfounded issue, or should I be going a different direction?
  8. I've been searching for some clear answers on db vulnerability, specifically related to scripting. We have a particular solution running in FMP13, with EAR. This is a peer-shared file design, which has hundreds of installations in peer-shared environments. User access accounts have been severely limited in released versions (no admin, no [full access]), limited menus, etc.. Users are heavily striated by account privilege set. I've read bits here & there mentioning that initial opening scripts (onwindowopen, etc) at startup are particularly vulnerable, but haven't found anything definitive. 1. is an opening script trigger a legitimate security flaw?? We use it to determine layout paths, check/confirm licensing, etc, so if it is 'hackable', what alternate option is there? 2. I noticed that even attempting to bypass script triggers, the system requires a full access name/password.. BUT it also displays the name of the particular script (seems like a point of weakness to me)... Is there a way to prevent this?
  9. thanks! that helped. Actually, i found out that "commit record" is triggering it for whatever reason. Don't know why.. if I "commit" it won't allow me to then 'go to object xx".... go figure... but it works now... thanks!
  10. I know in Server (server admin app) there was an easy way to look at users by types (I am currently only running FMPS's in versions 9~12, and 14, so am a bit ignorant of options on newer servers). Is there any function set to replicate this for users on a peer network? We have a licensed product, and need to restrict access by user count (ie., no more than 1 count of shared FMP app, or 1 share and 1 FM Go app, etc), based on license level, etc. Currently, we use Get ( MultiUserState ) to determine whether it's being peer-shared or on host system, and we use forked script paths to deal with devices based on that. but it doesn't fix the issue. UserCount is nice, but gives only a total number of users, not any level of division by user type. I'd really like to get a set of results such as: Total users : 11 FM Go users: 2 FMP users: 9 I didn't see any additional method for acquiring a total number of connections divided by type... I suppose a script could be managed whereby every device connected added its own 'id' by Get( Device) integer into a couple of fields, and then a calculation could be tallied from those various fields. Is there any better/more clean method for accomplishing that? I didn't want to go that route, as random disconnects (or network issues) could well result in count errors. A "Get(UserDetails)" function would be kinda handy, to push back a total summary of current users delimited by types..
  11. Not sure if this is the best neighborhood for the question, but it is tied to network/db security. What method is used to best determine how a user is logged in? Is Get(MultiUserState) the best method for determination of who/how someone is accessing a locally shared (peer-shared) database? For licensing purposes, we run several authorization scripts during login, and it is helpful to know how the access is working.
  12. Am a bit lost on what (I think) should be a quite simple script: Field 1 has a value list on layout. Field 2 is a general text field for typed data entry.. My goal is to use Field 1 to trigger/manage a script which does severla things, but then leaves the mouse/selector inserted into Field 2, for ease of use... So... When I select an item in that value list, an OnObjectExit triggered script: sets a variable from that, then clears that field inserts a calculated value (based on the variable created) in another field. Then it SHOULD "go to Field 2"... as in, after the script is done, the cursor should be inserted into Field 2 with a blinking cursor... My problem is, this isn't working. the first two parts are working flawlessly - it creates and acts on variables, as it should.. But it refuses to 'go to field' (or "go to object", if i try it that way).. What's happening instead is this: the script runs, but the selector/mouse jumps on forward to the next object (if that object is in a tab order), or (if NOT in a tab order), it goes nowhere (it operates the script, but dies before setting mouse to the field or object)..... I also tried OnObjectModify and OnObjectSave.... No dice on either.....The mouse simply refuses to "go to field".... additionally, i tried triggering ANOTHER script (which works on its own) - - simply "go to field 2".. but even that doesn't work.. thoughts? My guess is that the script (as an OnObjectExit trigger) runs, then FMP assumes that after the script ends, the next object should be selected (rather than ending wherever I told it to end)... anybody?
  13. well apparently everybody went easy! am curious as to what you found.. i've got a project which is going to require something of this nature...
  14. I've got 2 tables in an invoicing scheme: a primary table1, and table 2. Table 1 (invoice) shows a portal into which (Table 2) Invoice Item records are created, and which show in a portal field in the current layout (Table1).. On the layout (Table1), i'm showing a summary field (which totals all invoice items in Table2). IT maintains the correct amounts and updates, but does not automatically update every time a change is made in Table 2. Say for example if i change qty or change amount in one of the items in the portal, the summary field doesn't automaticallyupdate in my current layout. in order to force an update, I have to force the window to refresh. is there a way around this, so that windows refresh automatically when the remote table is touched? I've tried an "update" button, (tied to "refresh window"), but that doesn't seem to do it... the only thing that seems to work is clicking around on the page (forcing an eventual commit). .... I'm lost. is there a way to force a timed update?
  15. ok... seems to me that if some calculations work perfectly in one view but a almost identical calculation does NOT work in that view, that's a bug. I'd be hard pressed to term it a 'feature', especially if it was fixed in a later version.
  • Create New...

Important Information

By using this site, you agree to our Terms of Use.