<sigh> Changing passwords on multiple files

[HazMatt]

FileMaker's shortsightedness makes me mad sometimes.

I've got 30 relational databases. All use FileMaker's built-in password support. Changing passwords is a very inconvenient process for solutions with more than one database. The problem compounds when each user is given a unique password.

I know there is at least one 3rd party plug-in solution that is supposed to handle this well, but I'm (or my company is) cheap. Plus I want to hold FileMaker accountable for this, as a large amount of FileMaker solutions are multi-database.

So

[SteveB]

FMI doesn't really care about fixing existing problems...witness the crap they've released in the last 2 years.

I don't have your problem, but have you considered using Allow User Abort(Off)?

[Anatoli]

I give up. I've reported many bugs and shortcomings to FMI and none was fixed. FMI even doesn

[HazMatt]

Well, I've submited my "Feature suggestion" via their website, like I'm sure many others have done. ::grumble grumble::

Anyway, I actually tried sticking the Allow User Abort(Off) right before the Change Password step, and all it does is suppress the "Change Password has been cancelled. Do you wish to continue with this script?" I also tried an If Status(CurrentMessageChoice) = 2 statement like I have before, but hitting Cancel on the Change Password box is ignored.

I'm not seeing any reliable built-in method of password management.

[SteveB]

You also need Set Error Capture(On), as this will intercept and stop any FM generated messages. I ususally put this and Allow User Abort at the top of most scripts.

[Anatoli]

Go for the New Millennium Dialog Magic. It will help you to manage passwords.

We are using that plugin with another great one -- Simple Dialog from www.24u.cz.

We build security system, where FM built in security is used for Group security and not for user.

Users are login into user database and then NM DM is opening all FM files with group password, which is non-visible for users.

Users can change their password and administrators can allocate user to any group.

[kennedy]

You can see the solution I chose in my Starter Template in the Sample Files forum... I built my own user/password system such that it is a proper *single* database and such that I can get reliable user names when recording audit trails. It was largely adopted from a textbook solution... so you can even get the accompanying textbook-quality explanation of the system.

[Anatoli]

Is it protected by FileMaker Security as well?

[kennedy]

Is my solution protected by FileMaker Security as well? Yes... though the normal user won't see it.

Basically you default through FileMaker Security to the normal user password that has most everything turned off... and then I explicitly provide everything I want you to have, gated by my security system. By holding option as you open the DB, you can put in the only other FileMaker password... the master password, to enable all the built in menus and such.

[Anatoli]

So you have something like "try default password" and only 2 groups.

We consider that as security risk and we are not using "try default password", only in first, login file which will invoke the authorization. So even if users can get hold of data files, they will not open at all.

Furthermore we can have 4-10 different groups of users. But that is possible only with New Millennium Dialog Magic.

[kennedy]

Yes, 2 groups and it trys the default. And yes, you're right, it should only try the default on the Begin file. However, I think the posted database actually tries it on them all... though they all just close themselves unless they are being opened by the Begin file.

Security-wise, if users get hold of the data files, the data is there's for the taking... period... default password or not.

As for the database logic/design, that would be protected either way... yes, any user can "open" my relational DB, but they will only get to the login layout at which they can do nothing but try to login... the other files (the ones with content) won't open until a proper user name and password has been entered.

My user system does not implement groups, per se; rather it implements individual Privileges. But you can think of Privileges as groups, where users can be in as many different groups as you want... where each group is independent of the other groups. But if you just want groups, you can implement them using Privileges.

[HazMatt]

Sorry I haven't been in