murray Posted December 17, 2003 Posted December 17, 2003 Is there a way to secure scripts from being imported or run from an external file? I have a script that resets a counter that will limit the number of times a demo file can be used. I think I'm going to have to beef up the general security according to other posts I've read but I must say I was surprised to find I could import and/or run a script which I thought was inaccessible when using my file, simply by creating a new blank file, creating a script to run an external script and bingo! - it reset. I have tried to get around it by having a Status(CurrentGroups) identifier in the script to match the access level of the admin user which has helped from the point of view that the external file can't run it without the right password, but I'm still wondering if there is a way to stop external scripts from being run this way - does anyone have any good ideas? BTW, my file has a "no password" option as a default to allow basic functions and I'd like to keep it like this, rather than force a password to be entered. Cheers, Murray.
BobWeaver Posted December 17, 2003 Posted December 17, 2003 Your script can check for the users group access by using the Status(CurrentGroups) function. To do this you will have to assign one or more groups to the different passwords. Then you can set up your script in this fashion: If [PatternCount(Status(CurrentGroups),"GrandPoohbah")]
murray Posted December 18, 2003 Author Posted December 18, 2003 Thanks Bob, That is exactly what I ended up doing but it did scare me a little to realise how easy it was to access the script - it would be a big job to secure every script in a solution that way. I hoped that there would be a more universal protection mechanism to apply. I have been reading your input into some of the other security threads and the whole issue of security in Filemaker makes a newbie like me wonder how far it is worth going. As was pointed out, the effort that an unskilled hacker would have to go to to break in might deter them and it will always be difficult to stop the determined ones anyway. I'm judging my captive audience and thinking that they have better things to worry about than getting my little solution for nothing, and their bosses hopefully will feel the same in a "million dollar a day" turnover industry. Thanks again. Oh, by the way, are you aware of any simple (read "very simple") examples of password encryption explained in words of one syllable or less? I have downloaded but not yet looked at your one-way hash files but will do so over the next few days. Cheers, Murray
Steven H. Blackwell Posted December 21, 2003 Posted December 21, 2003 There are many ways to cause a script in any open file to run outside the parameters of that file. You have discovered just one. You can create a challenge script that has the conditions you want to have met. Then you can call that script as a subscript from any other one you choose when you want the challenge invoked. I need also to tell you that the "counter" likely can be reset by means other than the script as well. Finally, unless you are curious about the concept generally, don't spend time working through whatever hashing example you've downloaded. FileMaker Pro 6 does not use one way hashes. Finally take a look at the security page on my web site for some links to some useful FMI materials. http://www.FMP-Power.com
BobWeaver Posted January 1, 2004 Posted January 1, 2004 I think the one way hash example Murray referred to is the example I posted in the samples forum. It's a custom login example using one-way hash rather than stored passwords. It avoids the weakness of hackers examining the file to find stored passwords, but there remain some of the other problems that are typical of custom login systems.
Recommended Posts
This topic is 7631 days old. Please don't post here. Open a new topic instead.
Create an account or sign in to comment
You need to be a member in order to leave a comment
Create an account
Sign up for a new account in our community. It's easy!
Register a new accountSign in
Already have an account? Sign in here.
Sign In Now