hide password

[AndreasBoehmer]

Each one of my registered users can chose a username and password themselves. They are two normal fields in FMP and the whole security works fine. However, the way it is set up at the moment, I can simply open the database and see all their passwords. I don't really feel good about that, seeing that a lot of people use the same password for all their accounts and emails, etc. Also, I am afraid that somebody else might have a look at the database (the server is standing in a room that is sort of accessible to a few people).

Is there a way to replace the password-characters in FMP with the famous asterisks? So that nobody can see them, even with full access-rights to the database?

[Jeff Spall]

Hi,

I have a really dumb workaround for this:

The password field has to be on the layout that is accessed from the web, but it doesn't have to be visible in Filemaker. You can just make it very small type white-on-white or hide it behind a coloured box.

Only you would know it was there.

I guess there's no way to make a field completely unreadable, because it would show up as plain text anyway as soon as you exported the records.

regards, Jeff

[Keith M. Davie]

I have a really neat solution for this. It involves running a script. That means it involves a workaround to the single-thread problem. Anyhow, the user registers their name and password once. Through a script the record which is created by the web is deleted - nothing left to see. In the process the client's personal information is removed to a remote db file. A unique id is established which is used for all further reference in another file which is web companion accessible.

When the client re-enters the site, they then go through a confirmation process (name and password) which is done through a script. Whoops, more workaround required. But the most sensitive information is never accessible through the web or the db files serving the web.

[DykstrL]

The easiest way I know to hide the passwords is to change the font for the password field to Zapf Dingbats or Webdings. You won't get "***", but the passwords won't be readable - you'll just get cryptic symbols.

[Kurt Knippel]

The problem with any symbol based font is that although you cannot immediately tell that the password is "12345", it is pretty easy to figure out that it is that string of characters fron the "!@#$%" symbols used .

Using a font that is only made up of a single symbol, such as the standard "*****", it is impossible to tell the difference between any characters.

[BobWeaver]

If you want the ultimate security, you don't actually store the password at all. You create a one-way hash function and store the hash of the password. Then, when the user tries to log in, he enters his password into a global field. Filemaker calculates the hash value on the global field and compares it with the stored hash value. If they are the same, then log the user in. If not, then as Anne Robinson would say, "goodbye."

For anyone not familiar with one-way hash functions, they are functions which produce a seemingly random (but repeatable) number from some input (the password in this case). They are designed so that you cannot determine the original input from the output (hence the "one-way"). The hash function has to generate a large enough output (say 128 bits or 16 characters) that there is negligible chance of someone randomly entering a password that would produce a matching hash.

Anyone with full access to the files could change the user's password, but could not derive a user's existing password.

[AndreasBoehmer]

Thanks for all the ideas (and sorry it took me a while to check this post). The Hash sounds pretty good. How would I go about to do that? Wouldn't know how to write the function...?