Jump to content
Claris Engage 2025 - March 25-26 Austin Texas ×

All password can view by "Passware Kit"

Henry

By Henry
in Security Concepts

 Share

This topic is 7746 days old. Please don't post here. Open a new topic instead.

Recommended Posts

Henry Community Regular

Henry

Posted
Posted

Hi there, i found a site "www.lostpassword.com" which contain a program that allow user to view the password of a file. The program can view the password of many type of system, like winzip, lotus123, filemaker, access,...

I have download the demo version of filemaker call "Filemaker Key". It really works and display out all the password insite a file. For example, a file "test.fp5" contain 5 password incluse a master password. With using the filemaker key, it can display out all the 5 password. It is a big security issue if a user use this program to check the master password and then use the master password to log into the system and do some changes or view the secret data.

So, how to solve this?

Regards,

Henry

CobaltSky Veteran

CobaltSky

Posted
Posted

Hello Henry,

Actually, the thread Lee has referred to was a discussion of the use of text editors to retrieve code from scripts and not deal directly with FileMaker's built in passwords and what to do about hacking tools such as FileMaker Key.

However there are a number of techniques that can be used to ensure that users (and/or hackers) can't retrieve the master password and use it in the ways you describe.

Formost among these techniques is the use of the Developer Tool which comes as a part of FMD - and which can be used to strip developer access from a file before it is distributed to users (so even if they get hold of the master password, it won't give them access to layouts or scripts etc)

Other solutions include password shielding and editing - such as can be achieved with tools like Password Administrator from New Millennium Communications.

And last but not least, it may be worth considering implementing a custom login system, so that even if users manage to retrieve the FM passwords using hacker tools, there is a further 'line of defence' to protect the solution data.

Henry Community Regular

Henry

Posted
  • Author
Posted

CobaltSky said:

Formost among these techniques is the use of the Developer Tool which comes as a part of FMD - and which can be used to strip developer access from a file before it is distributed to users (so even if they get hold of the master password, it won't give them access to layouts or scripts etc)

If using fmd tool, i know it is a way to prevent modification of database, but after that we also can't change the system if we need to upgrade.

CobaltSky said:

Other solutions include password shielding and editing - such as can be achieved with tools like Password Administrator from New Millennium Communications.

If that a plugin for filemaker? If i use this, is that can cover the problem and even the hacker also can't using another file to create a relationship to our own file.

CobaltSky said:

And last but not least, it may be worth considering implementing a custom login system, so that even if users manage to retrieve the FM passwords using hacker tools, there is a further 'line of defence' to protect the solution data.

I also have think about it, but i want to do a login system, i must think a solution to prevent the hacker use another file and create a relationship to our own file and also prevent they use the perform script[Exteer:abc.fp5] technique to run my script. it also can't let user change/add value list. Is that got any examply about this solution?

Regards

Henry

CobaltSky Veteran

CobaltSky

Posted
Posted

Henry said:If using fmd tool, i know it is a way to prevent modification of database, but after that we also can't change the system if we need to upgrade.

Hello Henry,

The solution is very simple. Keep a copy of your files prior to stripping developer access and use those copies to make changes.

Then strip developer access again from the revised versions (again keeping a copy) when you want to roll out an update.

Nothing will ever be perfect, but I think you will find that this goes a good way to addressing your concerns. wink.gif

Henry Community Regular

Henry

Posted
  • Author
Posted

Hi Ray, did you mean every time i want to update or make changes, then i must import all the old database into my latest version.If like this even the customer only want to adding another new field, then i need to transfer all the database into the latest version and install to their computer.

And is that possible have the risk of record missing during the process of importing data?

Regards,

Henry

CobaltSky Veteran

CobaltSky

Posted
Posted

Hi Henry,

If by 'all the old database' you mean the file in which the change has occurred, then yes, that is exactly what I meant.

First you make it sound onerous - and then you seem to be implying that it is risky. In my experience it is neither.

The whole import procedure can be scripted to occur automatically, usually in a mattter of minutes (less if the file is orf moderate size). And although I have done this literally many thousands of times, I have yet to 'lose' a record. If it is set up correctly, you won't either. wink.gif

This topic is 7746 days old. Please don't post here. Open a new topic instead.

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now
 Share
Go to topic listing
×
×
  • Create New...

Important Information

By using this site, you agree to our Terms of Use.

  I accept