Jump to content

Secure LOGON template


Singlequanta
 Share

This topic is 6482 days old. Please don't post here. Open a new topic instead.

Recommended Posts

Heres a cut down version of our secure logon system. I've modified one of Filemaker 5.x's generic templates to work with the solution. This is a rudamentary implementation but gives you an idea of how it works.

Username: steve

Password: secret

or

Username: guest

Password: guest

Oh... you will need Troi's Dialog Plugin http://www.troi.com for the solution to work. The use of this plugin can be removed but I was too lazy to do it for this demonstration.

Cheers!

Version: v7.x

Platform: Windows XP

signon.zip

Link to comment
Share on other sites

Unfortunately it's not very secure. I have uploaded a copy of the files that includes another file "ShowAccounts.fp5" which includes a portal to your SignOn.fp5 file and displays a list of all usernames and their passwords. Once someone has a list of usernames and passwords, it's pretty easy to log in.

HackedVersion.zip

Link to comment
Share on other sites

No. There should be a file called ShowAccounts.fp5 in my attachment (check the attachment to my message, not yours).

Vaughan is right. There's not much point developing your own custom login any more. FM7 handles it all.

If you still need to distribute FM5 and FM6 solutions and you want a custom login system, then you really should get the Moyer and Bowers book. It discusses the various pitfalls.

Link to comment
Share on other sites

Very confused now wink.gif

Bob thats great and certainly raises an eyebrow! I guess I'm puzzled because the signon file I included was supposed to be "permanently locked" to prevent anyone from either accessing it or creating new relationships to it.

How did ya do it? And do you think that encryptinng the password would be any use? Thanks greatly for your feedback.

Link to comment
Share on other sites

I just posted a security demo file i the FileMaker Pro Samples forum, and I've removed the attachment from this post. That keeps things a bit neater.

Link to comment
Share on other sites

Thanks Bob;

Have you had much opportunity to work the FM7 and it's user accounts? How do you rate it? I'd appreciate a brief thumbs-up/thumbs-down from you.

I'll go research that book and grab a copy. Like yourself we too will still have to live with FM6 for a while. I am still not shocked when I come across FM3 solutions that have been in place for eons.

Thanks again for your input.

Link to comment
Share on other sites

Hi singlequanta,

My only exposure to FM7 is what I've read so far. I'm still running on Mac OS9. I have an antique installation of OSX 10.0.1, or something like that. I have to go pick up a copy of Panther, I guess, and start playing. So, I'll defer to Vaughan and OAM for the FM7 accounts and privileges expertise. the point is that FM7 now handles all this directly, so it should be fundamentally more secure than an old style custom login system.

I'll send you an email describing the method I used to hack into your login system. Although it's not really secret knowledge, there's no point in making the method any more public than necessary.

Link to comment
Share on other sites

  • 2 weeks later...

"If you still need to distribute FM5 and FM6 solutions and you want a custom login system, then you really should get the Moyer and Bowers book. It discusses the various pitfalls. "

With much respect to Chris and Bob, it doesn't begin to cover the issues or the insecurities or how to fix them. Maybe take a look at:

www.FMP-Power.com/MW_2004_FileMaker Security.pdf

Any system relying on "looping pauses", layouts used as "dialogs", data entered into log-on files, "library keys", relationbships to validate authentication, etc. arefuindamentally conceptually flawed and usually crack open in something less than 60 seconds.

Use FileMaker Pro 7 security; it was designed to deal with these issues.

Steven

Steven

Link to comment
Share on other sites

  • 3 weeks later...

just a lille not on FM7, I have it now on all my systems and I really like the user accounts setup and funtions. You can really customize it and if you have multiple files but set the same user name and password, it will auto-logon to those files too. I don't know if FM6 did that, but it sure does it in 7! Just my 2.6 Yen!

Link to comment
Share on other sites

This topic is 6482 days old. Please don't post here. Open a new topic instead.

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now
 Share

×
×
  • Create New...

Important Information

By using this site, you agree to our Terms of Use.