Jump to content
Sign in to follow this  
wedgeman

Applescript with encryption via terminal

Recommended Posts

We are working on a process for passing certain info nuggets out of a solution (FMP 13) in an encrypted method.

For various reasons a version upgrade isn't feasible. So the plan is to encrypt the nuggets, then pass them into a format for transport.

Currently, we're using Applescript to pass the particular fields into an AES-256-CBC encryption process in a calculated Applescript step, as follows :

 

Quote

"property targetCell: \"table::field1\" ¶
do shell script \"echo " & field1 & field2 & field3 &" encryptionsaltbit | openssl aes-256-cbc -k thisismypassword -base64\" ¶
copy result to cell targetCell of current record"

 

The problems which concern me here:

1. The password is "traveling" into Terminal in plaintext.   Is there a way this can be viewed during the process (a 'ps' or some other method)??

2. Is there a better method to accomplish this without running as an echo?

 

I've tried various flavors of this process (successful encryption & transport, etc), but am most concerned about the potential vulnerability from within OSX.. I've run various flavors, then attempted to grep for any of the password strings in log files and Library/Application Support/ folders, but haven't found anything...

Is this an unfounded issue, or should I be going a different direction?

Share this post


Link to post
Share on other sites

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.
Note: Your post will require moderator approval before it will be visible.

Guest
Reply to this topic...

×   Pasted as rich text.   Paste as plain text instead

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

Sign in to follow this  

  • Similar Content

    • By Asu
      Hello, the following is the essence of a problem I need to resolve. The code is AppleScript 
      display dialog "Hello \"world\" "  This code needs to run in FMP18 as a calculated applescript.

      I tried:
      Perform AppleScript [display dialog \"Hello "world" \"] 
      Perform AppleScript [display dialog \"Hello \""world"\" \"]
      Perform AppleScript [display dialog \"Hello "\"world"\" \"]
      Perform AppleScript [display dialog \"Hello \""world\"" \"]
      and other permutations of 1 backslash and 2 quotation marks cause the calculation to be unsavable b/o error.
      Perform AppleScript [display dialog \"Hello \"world\" \"] results in "A identifier can’t go after this “"”." -- after the calculation is saved. (Yes, "A identifier")
      Perform AppleScript [display dialog \"Hello \"\"world\"\" \"] results in A “"” can’t go after this “"”. -- after the calculation is saved
      and an error message of -2740.
      Can anyone help me please?
       

    • By ericire
      Hi
      An example of bcrypt password hash with scriptmaster
      bcrypt.fmp12
    • By Joost Miltenburg
      Hi All,
      I added security to limit the DataAPI user from accessing certain records, with the limited option. I tested this while running these files on my HD no server. Worked like a charm. After moving the files to FMServer the DataAPI account can access all record in the table all of a sudden.
      Any thoughts as to why this is happening?
      Kind regards,
      Joost
    • By Nico Kobes
      When I take a backup file from the server where all the databases are encrypted (EAR) the encryption password does not work. The password is the right one because it opens the server databases.
      I copied the file to my own computer and try to open it with filemaker 17 and the password doen not work. Also tried to open the file on our test filemaker server 17 and also the password does not work.
      Can anyone explain why this does not work?
    • By MSPJ
      Hi - I'm developing a business solution to be hosted on FM Server.  It will be hosted on Soliant Cloud.  This is my first time developing for Server.  I read Steven and Wim's whitepaper on FM 16 security, which was very helpful.
      In the past, when I've created upgrades to my solution, I've imported data from the previous version into the new one. Each update is a modified version of the previous file. 
      I read about the benefits of using File Access Protection. My solution is a single file solution so I can basically exclude any other file having access - except I'm not sure what impact that will have on import from previous versions.  I assume both files will have the same ID - but not sure if that means that FM will see the older version as trusted or not. 
      Thanks!
×
×
  • Create New...

Important Information

By using this site, you agree to our Terms of Use.