By Jim Gill
I have a very old script (fmp 10?) that creates User Accounts and assigns Privilege Sets. The users are then able to Login via WebDirect (primarily). The Add Account function is used with the following parameters:
Add Account [ Account Name: _Parent Data::Parent1_Email_TrimAndRemoveReturns; Password: _Parent Data::
Parent1_WebPassword; Privilege Set: Web_User ]
[ Expire password ]
The Password is temporary (for first login only) that is randomly generated via Custom Function. Users are required to change their password on first login.
The account is created but for some reason the user cannot Login via Webdirect or Client (Invalid Account/Password). I checked the privilege sets and they all check out. I can manually change the password form the Security Console and require a new password - and everything works as expected. Again this script worked for years - we typically only create accounts in the fall - so if there has been a major security update or some other new requirement that would throw a wrench in the works - well, hoping you all can help me out.
Thank you in advance!
By Joost Miltenburg
I added security to limit the DataAPI user from accessing certain records, with the limited option. I tested this while running these files on my HD no server. Worked like a charm. After moving the files to FMServer the DataAPI account can access all record in the table all of a sudden.
Any thoughts as to why this is happening?
Hi - I'm developing a business solution to be hosted on FM Server. It will be hosted on Soliant Cloud. This is my first time developing for Server. I read Steven and Wim's whitepaper on FM 16 security, which was very helpful.
In the past, when I've created upgrades to my solution, I've imported data from the previous version into the new one. Each update is a modified version of the previous file.
I read about the benefits of using File Access Protection. My solution is a single file solution so I can basically exclude any other file having access - except I'm not sure what impact that will have on import from previous versions. I assume both files will have the same ID - but not sure if that means that FM will see the older version as trusted or not.
Our institution is now requiring PHI-containing databases to log not just modifications to records, but to log every access/viewing of any record. They want to be able to respond to the question "Who has looked at my medical record, even with no change to the record?".
I am not aware how to achieve this with FM, do any of the add-on programs have such features?
I am facing the forced elimination of a critical database, built over 15 yrs, if this cannot be achieved.
Thanks for any suggestions.
We are working on a process for passing certain info nuggets out of a solution (FMP 13) in an encrypted method.
For various reasons a version upgrade isn't feasible. So the plan is to encrypt the nuggets, then pass them into a format for transport.
Currently, we're using Applescript to pass the particular fields into an AES-256-CBC encryption process in a calculated Applescript step, as follows :
The problems which concern me here:
1. The password is "traveling" into Terminal in plaintext. Is there a way this can be viewed during the process (a 'ps' or some other method)??
2. Is there a better method to accomplish this without running as an echo?
I've tried various flavors of this process (successful encryption & transport, etc), but am most concerned about the potential vulnerability from within OSX.. I've run various flavors, then attempted to grep for any of the password strings in log files and Library/Application Support/ folders, but haven't found anything...
Is this an unfounded issue, or should I be going a different direction?