I'd like to see Status(CurrentPassword)

[HazMatt]

Hey all,

I'm working with a multi-user database and use individual passwords for each person. This not only allows micro-management of user access to certain fields and whatnot, it also allows me to customize the user experience, such as auto-entering their personal user initials, phone extensions, email addresses, etc.

I very much like this user customizable system, but I have to rely on the Status(CurrentGroups) function for my relationship to my Users.fp5 database. Because I don't have "groups" in the traditional sense of the word (each "group" is really a user name), it would make a lot more sense to me if I could simply find out the password that the person typed in, like Status(CurrentPassword).

Is there another way of determining this, or is this function slated for a future version of FileMaker? (We're running version 5.0)

[keshalyi]

Well... that's an interesting question. Really, there isn't. But, to be honest, using the built in filemaker loogin system to give users their individual identities is not, in my estimation, your most efficient solution. If you want to be able to manipulate your users names, passwords, etc, I would build your own login and authentication system. This, I'm sure has been covered by much smarter people than me, but to make a long story short, you just make a table of usernames, passwords, and permissions. There is a good treatment of this in 'Advanced Filemaker Pro 5.5" by Chriis Moyers and Bob Bowers, and besides that, I'm sure there are example files out there you could nose around.

[Tom England]

Does anyone have an example file that they could post for my perusal??

[LiveOak]

You might want to search for one of Steven Blackwell's posts on security. He posts as "Old Advance Man". He has strong opinions about using password systems outside of the one built into FM. These systems seriously compromise security by providing many more opportunities for a file to be hacked.

-bd

[ssfire]

Here

[Anatoli]

This has the disadvantage that users are trying sometimes hide their true identity and changing that User Name.

We are currently implementing foolproof system with combination of both -- FM internal security and login database.

For that we need plugin Dialog Magic. The license is cheap for larger company; I think $7 per user in quantity 100 users.

We will have login database with user login, password and user name and expiration date.

With Dialog Magic we will log user to FM databases, set his/hers identity in User Name and write that to global field. User will never know the FM password or group.

If user will try to disable the plugin, or change User Name it will be discovered in next script operation and FM will quit.

All important fields will be with autotracking, keeping previous changes in log field.

I cannot think of any other way to design more secure system.

[kennedy]

I'd like to be able to turn off the ability to set a custom user name. Alternatively, Status(CurrentSystemUserName) would work. Without that, it seems the best option is indeed to use Groups as the original note suggested. Its fairly easy and secure... though having to repeat the same groups/passwords in every file of a multi-file database is rather unpleasant. Other than that, are there any deficiencies with this approach?

I haven't found the posts mentioned that explain the security holes of setting up your own password system. If someone can point to a thread, that would be great.

Also, I'll renew the request for a pointer to a good example file of a home-grown password file. I'd love to take a look and understand the deficiencies so that I can more easily evaluate which mechanism would work better for me.

I am struggling with this very issue right now... I have this great Audit Trail mechanism (thanks to another thread), but it is next to useless since anybody can claim to be anyone else.

Thanks.

[Anatoli]

RE: I have this great Audit Trail mechanism (thanks to another thread), but it is next to useless since anybody can claim to be anyone else.

Not in system I just described above...

[kennedy]

After searching into the wee hours of the morning, I finally found an example system:

http://www.dwdataconcepts.com/dwdctips.htm