Visible passwords HELP!!

[Dan-A]

Hi,

What can I do to stop this....

I purchase a secureFM plug-in; use it in my open script to lock/remove

all menus....ALL is good so far.

I opened (by mistake) an FM file with a word processor and what do i see!!!

I can read my entire SecureFM registration code & password!!!

Anybody with Wordpad can see it and use it in their

solution or to unlock mine, easy way to get free secureFM plug-in.

Thanks for any advice you can give.

(i am using FM Pro 5.5v2)

--Dan

[Lee Smith]

So why aren't you complaining to SecureFM "New Millenium" about this?

[CobaltSky]

Hi dan,

A solution:

1. Create a global text field called gCodeLock.

2. Create several calculation fields with formulae along the lines of:

Case(gCodeLock = "%DR@L#330NCP_#", "fragment of your plug-in activation code here")

3. Set up your activation script to place the string %DR@L#330NCP_# into gCodeLock, then retrieve the halves (or quarters or whatever you choose) of the activation code from the calc fields, assemble them in the correct order and pass them to the plug-in.

4. Have your script then immediately delete the contents of gCodeLock.

Folk with text editors will then have a *much* harder time tracking down your codes.

[Dan-A]

Thanks Ray,

I will break it up into pieces.

I thought i had messed-up/forgotten a vital piece somewhere!!

Lee, I did e-mail SecureFM, if you want i will post the reply

(when i get one) on this thread.

They will probably say it's an FM issue.

That's what they said when i told them the plug-in did not work with

french configurations --> you have to go into the "string builder" and

modify the resulting string to match the list separator of

the system you are on.

(only for the plug-in, the rest of FM seems to deal with semi-colon or comma quite well)

Thanks again

--Dan

[Lee Smith]

Hi Ray,

Nice tip, makes me wonder why:

1) Something called SecureFM really isn't (out of the box)

2) Why this tip isn't included with the product in the first place.

Hi Dan,

Glad you did think of NMCI first. You would be surprised of how many do think to write the develop first.

Yes, please do post any response by NMCI, as it might be useful to other users of their product.

Lee

[Dan-A]

Lee,

to add to your last post....

Out of the box SecureFM suggest NOT to put registration

codes & passwords in any type of field, they say it should be hard coded

into the solution scripts.

I will post the tech support reply on this forum.

--Dan

[Dan-A]

Here it is the reply from tech support...

Hi Dan,

You understand the basic issues. There are different levels of security you can work with.

As you probably know, FileMaker Pro is a very open environment, making it a wonderful environment to develop and modify files, but making tight security difficult to achieve.

You can easily create basic security by not storing registration data in fields that appear in a user-accessible layout. For many solutions, putting the registration data in a script step is sufficient.

It is true, though, that a knowledgeable user can open FileMaker files in a text editor to reveal script step contents and, thus, the registration data. This is only a problem, however, if users have direct access to the files. So long as the files are stored on a secure server -- as is recommended for any software that requires strict security -- they are safe from snooping with a text editor.

If, however, your files will not be stored on a secure server but you still want to protect your registration data, then the next best option is to use an encryption plug-in with your files, as well. The Troi Coding plug-in (available at http://www.troi.com) or Crypto Toolbox (sorry, I don't have the URL right at hand) both allow you to encrypt your file data, including registration data, making it meaningless to anyone attempting to view the files in a text editor.

So bottom line for me, thank you Ray for your tip.

I don't plan on purchasing another plug-in just yet!!