So, what's wrong with this system...

[kennedy]

Don Wieland kindly gives out a user password system at:

http://www.dwdataconcepts.com/dwdctips.htm

Looks pretty good so far. So what are the weaknesses of this system?

What are its vulnerabilities? Why should I NOT use it?

Do others use similar approaches?

Thanks!

[Kurt Knippel]

In thier new book, Chris Moyer and Bob Bowers cover the basics of building a user login system complete with privledge assignment and checking.

Definately worth a look.

[Kurt Knippel]

Don's systems seems OK, although quite simple.

I used concepts from Chris and Bob system, as well as my own knowledge and created a system which uses quite a few files, but is pretty secure and could be implemented on an enterprise-wide basis with quite a bit of variation of security.

Basically there are 3 core files: LogIn, _UserPriv, and _LauncherPriv. The LogIn file is what the user interracts with and enteres thier username and password. _UserPriv validates the users and returns thier access level. _LauncherPriv validates the access level and runs another launcher with the specific Filemaker Security level built into it.

You then need another launcher file for each Filemaker Password/Security Level.

A further Privledges file would specify specific functionality privledges for each user.

It was a little complicated to setup, but very powerful and pretty easy to manage.

[The Bridge]

I think Don's system needs work. I gained full access to the Users file with a one-step script in another file.

I imagine that this limitation could be overcome by some sort of security check within each of the Users file's scripts, i.e. prevent them from being run if called from a file that is not Menu.

[Kesh]

Which book would this be?

[kennedy]

Which book would this be?

Advanced FileMaker Pro 5.5, Chris Moyer and Bob Bowers, ISBN 1-55622-859-7

[Kesh]

Thanks! Now I wonder how long it'll be before Advanced Filemaker 6 books come out.

[kennedy]

Okay, so you smart guys broke into Don's system easily. And thus, I took the advice and got the Moyer/Bowers book, learned their system (and why Don's failed), and basically incorporated it, with some small adaptations and fixes, into my relational template. Wanted to point to that from this thread, for those that find this thread looking for a security solution.

So, now I ask the same question, but for a different system...

What's wrong with the security system in the relational template that I just posted to the Sample Files forum?? Can you smart guys crack it (without having access to the physical files)??

Thanks!